From 25b6756d4f7a64f4dd211fa4491407f9cd6e190e Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 8 Jul 2020 18:09:04 +0200
Subject: [PATCH] improved documentation for the PinPermission enum

---
 src/ctap/pin_protocol_v1.rs | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/ctap/pin_protocol_v1.rs b/src/ctap/pin_protocol_v1.rs
index 8523daf..8b186c0 100644
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -149,6 +149,7 @@ fn check_and_store_new_pin(
 // TODO remove when all variants are used
 #[allow(dead_code)]
 pub enum PinPermission {
+    // All variants should use integers with a single bit set.
     MakeCredential = 0x01,
     GetAssertion = 0x02,
     CredentialManagement = 0x04,
@@ -157,13 +158,6 @@ pub enum PinPermission {
     AuthenticatorConfiguration = 0x20,
 }
 
-#[cfg(feature = "with_ctap2_1")]
-impl PinPermission {
-    pub fn check(self, stored_bits: u8) -> bool {
-        self as u8 & stored_bits != 0
-    }
-}
-
 pub struct PinProtocolV1 {
     key_agreement_key: crypto::ecdh::SecKey,
     pin_uv_auth_token: [u8; PIN_TOKEN_LENGTH],
@@ -592,7 +586,8 @@ impl PinProtocolV1 {
 
     #[cfg(feature = "with_ctap2_1")]
     pub fn has_permission(&self, permission: PinPermission) -> Result<(), Ctap2StatusCode> {
-        if permission.check(self.permissions) {
+        // Relies on the fact that all permissions are represented by powers of two.
+        if permission as u8 & self.permissions != 0 {
             Ok(())
         } else {
             Err(Ctap2StatusCode::CTAP2_ERR_PIN_AUTH_INVALID)