From 4dbbf016bdebe4b91ba2fb0d505175f8ff18de77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Fri, 24 May 2024 17:17:50 +0200
Subject: [PATCH] Enure that all pins are properly deleted with factory-reset

---
 src/core_api.rs          | 2 +-
 src/trussed_auth_impl.rs | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/core_api.rs b/src/core_api.rs
index 873b192..eb283cc 100644
--- a/src/core_api.rs
+++ b/src/core_api.rs
@@ -85,7 +85,7 @@ struct WrappedKeyData {
 }
 
 bitflags! {
-    pub struct ItemsToDelete: u8 {
+    pub(crate) struct ItemsToDelete: u8 {
         const KEYS = 0b00000001;
         const PINS = 0b00000010;
     }
diff --git a/src/trussed_auth_impl.rs b/src/trussed_auth_impl.rs
index 693c0c7..42ef550 100644
--- a/src/trussed_auth_impl.rs
+++ b/src/trussed_auth_impl.rs
@@ -436,9 +436,16 @@ impl<Twi: I2CForT1, D: DelayUs<u32>> ExtensionImpl<trussed_auth::AuthExtension>
                 Ok(reply::DeletePin {}.into())
             }
             AuthRequest::DeleteAllPins(request::DeleteAllPins) => {
+                use crate::core_api::ItemsToDelete;
                 let fs = &mut fs(resources, core_ctx);
+                // Satisfy the borrow checker
+                // The `once` trick makes it loose the information that drop is a noop :/
+                drop(global_fs);
 
                 delete_all_pins(fs, self.metadata_location, &mut self.se)?;
+
+                // Ensure that any remaining PIN for the application is also deleted
+                self.delete_all_items(ItemsToDelete::PINS, &[], ns)?;
                 Ok(reply::DeleteAllPins.into())
             }
             AuthRequest::PinRetries(request) => {