From c5d5ab12ab8ca6b9889550f050b859b76fa4bdd7 Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin.krahl@ireas.org>
Date: Thu, 3 Jan 2019 23:48:22 +0000
Subject: Update documentation and test for factory_reset

Contrary to my previous beliefs, build_aes_key has to be called even
after a factory reset using the Nitrokey API.  This patch updates the
documentation and the unit tests based on this insight.
---
 src/device.rs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/device.rs b/src/device.rs
index aaf6283..78d0d82 100644
--- a/src/device.rs
+++ b/src/device.rs
@@ -515,6 +515,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
     ///
     /// This commands performs a factory reset on the smart card (like the factory reset via `gpg
     /// --card-edit`) and then clears the flash memory (password safe, one-time passwords etc.).
+    /// After a factory reset, [`build_aes_key`][] has to be called before the password safe or the
+    /// encrypted volume can be used.
     ///
     /// # Errors
     ///
@@ -536,6 +538,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
     /// #     Ok(())
     /// # }
     /// ```
+    ///
+    /// [`build_aes_key`]: #method.build_aes_key
     fn factory_reset(&self, admin_pin: &str) -> Result<(), CommandError> {
         let admin_pin_string = get_cstring(admin_pin)?;
         unsafe { get_command_result(nitrokey_sys::NK_factory_reset(admin_pin_string.as_ptr())) }
@@ -544,8 +548,9 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
     /// Builds a new AES key on the Nitrokey.
     ///
     /// The AES key is used to encrypt the password safe and the encrypted volume.  You may need
-    /// to call this method after a factory reset using `gpg --card-edit`.  You can also use it to
-    /// destory the data stored in the password safe or on the encrypted volume.
+    /// to call this method after a factory reset, either using [`factory_reset`][] or using `gpg
+    /// --card-edit`.  You can also use it to destory the data stored in the password safe or on
+    /// the encrypted volume.
     ///
     /// # Errors
     ///
@@ -567,6 +572,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
     /// #     Ok(())
     /// # }
     /// ```
+    ///
+    /// [`factory_reset`]: #method.factory_reset
     fn build_aes_key(&self, admin_pin: &str) -> Result<(), CommandError> {
         let admin_pin_string = get_cstring(admin_pin)?;
         unsafe { get_command_result(nitrokey_sys::NK_build_aes_key(admin_pin_string.as_ptr())) }
-- 
cgit v1.2.1