Use trussed-auth

[sosthene-nitrokey]

The changes look good to me. But as far as I see, init_pins is only called if there is no valid state. Couldn’t this lead to problems when upgrading from an older version?

I added pin deletion to the factory reset. What do you see that would go wrong?

[robin-nitrokey]

I think the path I saw was: Suppose you initialized the state with an old opcard version and stored the PINs in the FS. Now you update to this version. There are no PINs in trussed-auth, but there is a valid state. Factory reset is only allowed if a) verified as admin or b) if the admin PIN is locked. a) is not possible without a PIN, and b) was not possible because the retries would default to 3 if the PIN is not set. This should be fixed now.

[robin-nitrokey]

I added pin deletion to the factory reset.

Shouldn’t it reset the PINs to the defaults?

[sosthene-nitrokey]

On factory reset, the state and pins are deleted.

On state load, if no state is present the pins are set to their default values.