Merge branch 'master' into mingxguo-fuzzing-mvp

2020-09-29 17:53:28 +00:00
parent f79a659e69 1001584e77
commit 45e743fcd9
26 changed files with 269 additions and 61 deletions
--- a/.github/workflows/cargo_clippy.yml
+++ b/.github/workflows/cargo_clippy.yml
@@ -0,0 +1,32 @@
 ---
 name: Cargo Clippy
 on:
  push:
  pull_request:
    types: [opened, synchronize, reopened]
 jobs:
  cargo_clippy:
    runs-on: ubuntu-18.04
    steps:
      - uses: actions/checkout@v2
        with:
          submodules: "true"
      - uses: actions-rs/toolchain@v1
        with:
          target: thumbv7em-none-eabi
          components: clippy
      - uses: actions/setup-python@v1
        with:
          python-version: 3.7
      - name: Install Python dependencies
        run: python -m pip install --upgrade pip setuptools wheel
      - name: Set up OpenSK
        run: ./setup.sh
      - uses: actions-rs/clippy-check@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          args: --all-targets --features std
      - name: Deny Clippy warnings
        run: cargo clippy --all-targets --features std -- -A clippy::new_without_default -D warnings
--- a/.github/workflows/cargo_fmt.yml
+++ b/.github/workflows/cargo_fmt.yml
@@ -62,6 +62,12 @@ jobs:
          command: fmt
          args: --manifest-path libraries/crypto/Cargo.toml --all -- --check
      - name: Cargo format libraries/persistent_store
        uses: actions-rs/cargo@v1
        with:
          command: fmt
          args: --manifest-path libraries/persistent_store/Cargo.toml --all -- --check
      - name: Cargo format tools/heapviz
        uses: actions-rs/cargo@v1
        with:
--- a/.github/workflows/persistent_store_test.yml
+++ b/.github/workflows/persistent_store_test.yml
@@ -0,0 +1,26 @@
 ---
 name: Persistent store tests
 on:
  push:
    paths:
      - 'libraries/peristent_store/**'
  pull_request:
    types: [opened, synchronize, reopened]
 jobs:
  persistent_store_test:
    runs-on: ubuntu-18.04
    steps:
      - uses: actions/checkout@v2
      - name: Unit testing of Persistent store library (release mode)
        uses: actions-rs/cargo@v1
        with:
          command: test
          args: --manifest-path libraries/persistent_store/Cargo.toml --release --features std
      - name: Unit testing of Persistent store library (debug mode)
        uses: actions-rs/cargo@v1
        with:
          command: test
          args: --manifest-path libraries/persistent_store/Cargo.toml --features std
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,13 @@
 bin/
 target/
 Cargo.lock
 # Local installation of elf2tab.
 /elf2tab/
 # Prevent people from commiting sensitive files.
-crypto_data/
+/crypto_data/
 # Temporary files.
-reproducible/binaries.sha256sum
+/reproducible/binaries.sha256sum
-reproducible/elf2tab.txt
+/reproducible/elf2tab.txt
-reproducible/reproduced.tar
+/reproducible/reproduced.tar
--- a/deploy.py
+++ b/deploy.py
@@ -404,8 +404,8 @@ class OpenSKInstaller:
    assert self.args.application
    info("Generating Tock TAB file for application/example {}".format(
        self.args.application))
-    elf2tab_ver = self.checked_command_output(["bin/elf2tab",
+    elf2tab_ver = self.checked_command_output(
-                                               "--version"]).split(
+        ["elf2tab/bin/elf2tab", "--version"]).split(
            "\n", maxsplit=1)[0]
    if elf2tab_ver != "elf2tab 0.6.0":
      error(
@@ -415,7 +415,7 @@ class OpenSKInstaller:
    tab_filename = os.path.join(self.tab_folder,
                                "{}.tab".format(self.args.application))
    elf2tab_args = [
-        "bin/elf2tab", "--deterministic", "--package-name",
+        "elf2tab/bin/elf2tab", "--deterministic", "--package-name",
        self.args.application, "-o", tab_filename
    ]
    if self.args.verbose_build:
--- a/examples/console_test.rs
+++ b/examples/console_test.rs
@@ -23,8 +23,8 @@ fn main() {
    let mut buf = [0; BUFFER_SIZE];
    loop {
        for i in 1..buf.len() {
-            for j in 0..i {
+            for byte in buf.iter_mut().take(i) {
-                buf[j] = b'0' + ((i % 10) as u8);
+                *byte = b'0' + ((i % 10) as u8);
            }
            buf[i] = b'\n';
            Console::write_unbuffered(&mut buf[..(i + 1)]);
--- a/examples/crypto_bench.rs
+++ b/examples/crypto_bench.rs
@@ -151,7 +151,7 @@ fn main() {
 fn bench<F>(console: &mut Console, timer: &Timer, title: &str, mut f: F)
 where
-    F: FnMut() -> (),
+    F: FnMut(),
 {
    writeln!(console, "****************************************").unwrap();
    writeln!(console, "Benchmarking: {}", title).unwrap();
--- a/libraries/crypto/src/ec/int256.rs
+++ b/libraries/crypto/src/ec/int256.rs
@@ -554,6 +554,7 @@ impl Add for &Int256 {
    type Output = (Int256, Digit);
    // Returns sum and carry (0 or 1).
    #[allow(clippy::suspicious_arithmetic_impl)]
    fn add(self, other: &Int256) -> (Int256, Digit) {
        let mut digits = [0; NDIGITS];
        let mut carry: DoubleDigit = 0;
@@ -570,6 +571,7 @@ impl Add for &Int256 {
 impl AddAssign<&Int256> for Int256 {
    // Adds to self, ignoring carry.
    #[allow(clippy::suspicious_op_assign_impl)]
    fn add_assign(&mut self, other: &Int256) {
        let mut carry: DoubleDigit = 0;
        for i in 0..NDIGITS {
@@ -584,6 +586,7 @@ impl Add<Digit> for &Int256 {
    type Output = (Int256, Digit);
    // Returns sum and carry (0 or 1).
    #[allow(clippy::suspicious_arithmetic_impl)]
    fn add(self, digit: Digit) -> (Int256, Digit) {
        let mut digits = [0; NDIGITS];
        let mut carry = digit as DoubleDigit;
@@ -603,6 +606,7 @@ impl Sub for &Int256 {
    type Output = (Int256, Digit);
    // Returns difference and borrow (0 or -1).
    #[allow(clippy::suspicious_arithmetic_impl)]
    fn sub(self, other: &Int256) -> (Int256, Digit) {
        let mut digits = [0; NDIGITS];
        let mut borrow: SignedDoubleDigit = 0;
@@ -620,6 +624,7 @@ impl Sub for &Int256 {
 impl SubAssign<&Int256> for Int256 {
    // Substract from self, ignoring carry.
    #[allow(clippy::suspicious_op_assign_impl)]
    fn sub_assign(&mut self, other: &Int256) {
        let mut borrow: SignedDoubleDigit = 0;
        for i in 0..NDIGITS {
--- a/libraries/persistent_store/Cargo.toml
+++ b/libraries/persistent_store/Cargo.toml
@@ -0,0 +1,11 @@
 [package]
 name = "persistent_store"
 version = "0.1.0"
 authors = ["Julien Cretin <cretin@google.com>"]
 license = "Apache-2.0"
 edition = "2018"
 [dependencies]
 [features]
 std = []
--- a/libraries/persistent_store/src/lib.rs
+++ b/libraries/persistent_store/src/lib.rs
@@ -0,0 +1,19 @@
 // Copyright 2019-2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 #![cfg_attr(not(feature = "std"), no_std)]
 mod storage;
 pub use self::storage::{Storage, StorageError, StorageIndex, StorageResult};
--- a/libraries/persistent_store/src/storage.rs
+++ b/libraries/persistent_store/src/storage.rs
@@ -0,0 +1,95 @@
 // Copyright 2019-2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 /// Represents a byte position in a storage.
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct StorageIndex {
    pub page: usize,
    pub byte: usize,
 }
 /// Represents a possible storage error.
 #[derive(Debug, PartialEq, Eq)]
 pub enum StorageError {
    /// Arguments are not correctly aligned.
    NotAligned,
    /// Arguments are out of bounds.
    OutOfBounds,
    /// Implementation-specific error.
    CustomError,
 }
 pub type StorageResult<T> = Result<T, StorageError>;
 /// Abstracts a flash storage.
 pub trait Storage {
    /// The size of a word in bytes.
    fn word_size(&self) -> usize;
    /// The size of a page in bytes.
    fn page_size(&self) -> usize;
    /// The number of pages in the storage.
    fn num_pages(&self) -> usize;
    /// Maximum number of times a word can be written between page erasures.
    fn max_word_writes(&self) -> usize;
    /// Maximum number of times a page can be erased.
    fn max_page_erases(&self) -> usize;
    /// Reads a byte slice from the storage.
    ///
    /// The `index` must designate `length` bytes in the storage.
    fn read_slice(&self, index: StorageIndex, length: usize) -> StorageResult<&[u8]>;
    /// Writes a word slice to the storage.
    ///
    /// The following pre-conditions must hold:
    /// - The `index` must designate `value.len()` bytes in the storage.
    /// - Both `index` and `value.len()` must be word-aligned.
    /// - The written words should not have been written too many times since last page erasure.
    fn write_slice(&mut self, index: StorageIndex, value: &[u8]) -> StorageResult<()>;
    /// Erases a page of the storage.
    ///
    /// The `page` must be in the storage.
    fn erase_page(&mut self, page: usize) -> StorageResult<()>;
 }
 impl StorageIndex {
    /// Whether a slice fits in a storage page.
    fn is_valid(self, length: usize, storage: &impl Storage) -> bool {
        let page_size = storage.page_size();
        self.page < storage.num_pages() && length <= page_size && self.byte <= page_size - length
    }
    /// Returns the range of a valid slice.
    ///
    /// The range starts at `self` with `length` bytes.
    pub fn range(
        self,
        length: usize,
        storage: &impl Storage,
    ) -> StorageResult<core::ops::Range<usize>> {
        if self.is_valid(length, storage) {
            let start = self.page * storage.page_size() + self.byte;
            Ok(start..start + length)
        } else {
            Err(StorageError::OutOfBounds)
        }
    }
 }
--- a/reproducible/reference_binaries_macos-10.15.sha256sum
+++ b/reproducible/reference_binaries_macos-10.15.sha256sum
@@ -1,9 +1,9 @@
 dd5920dfb172d9371b29d019b6a37fae1a995bf9d814000944d9ef36bad31513	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
-e1b147fefa75befe6f280e8aec41fa62b02e5c01bb1c940736b1903b597afe13	target/nrf52840dk_merged.hex
+8868f4fa542d9dd9c88abfbd84b4527bcd2f4b9ae16caf3098a3d5e73eae0067	target/nrf52840dk_merged.hex
 e4acfa602a5cc5d7c61d465f873918e8e0858628d0e5f8e0db26a7b7dd0b94d4	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
-99b69a33320a4c5218b9e5084f2ad56957e04465dbbb53b0ab1051a176ba73a0	target/nrf52840_dongle_merged.hex
+c162cfdd219306940f919716a4f53d053b0bcfed2963f8787e1098a5163ae704	target/nrf52840_dongle_merged.hex
 c0ace9f13ef3fd18c576a735ae23b3956bf8dd346f20c6217086e748d6bad8a2	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
-3bde950d855ffa68eb334033388b292e98cdbf97993a57eca4524de101166f8b	target/nrf52840_dongle_dfu_merged.hex
+c1e79ad3aa2c9566c13c5469a389195a3814839b815253ffc4f5325329496b26	target/nrf52840_dongle_dfu_merged.hex
 06a38a0d6d356145467a73c765e28a945878f663664016f888393207097bfe10	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
-f3ed663311204ac709ed05dfb3d09ff283c3df7dbc5480ad3ec050523b0a2ed2	target/nrf52840_mdk_dfu_merged.hex
+d0b23e0dd0c349ded966fb5563a5a65c3935710d1741ade0ae7d9e06a176f442	target/nrf52840_mdk_dfu_merged.hex
-a2ee6798d20da62ed2c3ea7164620253d4b2319a3ed2f2dbc2973c1a5dd838a9	target/tab/ctap2.tab
+aacf3873a90bf93f0c51ccc85d0c03642d078865d16c4aeb0b805d1f6865e6ba	target/tab/ctap2.tab
--- a/reproducible/reference_binaries_ubuntu-18.04.sha256sum
+++ b/reproducible/reference_binaries_ubuntu-18.04.sha256sum
@@ -1,9 +1,9 @@
 2426ee9a6c75e325537818081d45445d95468a4c0a77feacdc6133d7d9aa227a	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
-0038c7256f2bb8406364ca2deb8b228363e524a076263e23625fa2a3b4b35df6	target/nrf52840dk_merged.hex
+c8507168c7e81d388641177c17c917b7473c8fe27849678cc7e558c64b33e9f5	target/nrf52840dk_merged.hex
 c53d1e1db72df25950fa6d28699a2d38757def0dcbeb0d09d2366481cf0149a6	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
-183365121eab69bb15746e7907bb0d66b9cc766d26a6a0dab301583c4bb8c4c3	target/nrf52840_dongle_merged.hex
+103888792b1b81a50e16746f1e2e2bee7cc01599881c464b56d9d7f6ae856c3e	target/nrf52840_dongle_merged.hex
 233b5ba4459523759e3171cee83cdb3a383bbe65727c8ece64dfe5321d6ebe34	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
-95be6da19f67a9a85e83d97bdaaf5f062c82da00b9a767dd0bc49eaa2c74bb26	target/nrf52840_dongle_dfu_merged.hex
+ca1847ac82a3b3498f79918746f5662863033a0c69300d669e466701f485e3d9	target/nrf52840_dongle_dfu_merged.hex
 1baaf518a74c6077cb936d9cf178b6dd0232e7562fa56174886b05b77886cc32	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
-39c94b1dd8e65438d481835663c4ec2cda99311011031403c9244ed5095230c7	target/nrf52840_mdk_dfu_merged.hex
+97f89caa930fde44193d16e3f396584de6044ca4c46092c7275b5b44b9eed774	target/nrf52840_mdk_dfu_merged.hex
-b02eb9439df1f8a3c21eb29f39c3b72c0f709b05a4e8a968441e73678cfb55df	target/tab/ctap2.tab
+7e05f90206506e78aa9eec0b1495bf3548d7a0446722c1f40b3a84f674d2ca0e	target/tab/ctap2.tab
--- a/reproducible/reference_elf2tab_macos-10.15.txt
+++ b/reproducible/reference_elf2tab_macos-10.15.txt
@@ -6,8 +6,8 @@ Min RAM size from segments in ELF: 20 bytes
 Number of writeable flash regions: 0
  Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187280 (0x2db90) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes.
-  Adding .stack section. Offset: 187408 (0x2dc10). Length: 16384 (0x4000) bytes.
+  Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
               version:        2        0x2
@@ -30,8 +30,8 @@ Min RAM size from segments in ELF: 20 bytes
 Number of writeable flash regions: 0
  Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187280 (0x2db90) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes.
-  Adding .stack section. Offset: 187408 (0x2dc10). Length: 16384 (0x4000) bytes.
+  Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
               version:        2        0x2
@@ -54,8 +54,8 @@ Min RAM size from segments in ELF: 20 bytes
 Number of writeable flash regions: 0
  Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187280 (0x2db90) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes.
-  Adding .stack section. Offset: 187408 (0x2dc10). Length: 16384 (0x4000) bytes.
+  Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
               version:        2        0x2
@@ -78,8 +78,8 @@ Min RAM size from segments in ELF: 20 bytes
 Number of writeable flash regions: 0
  Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187280 (0x2db90) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes.
-  Adding .stack section. Offset: 187408 (0x2dc10). Length: 16384 (0x4000) bytes.
+  Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
               version:        2        0x2
--- a/reproducible/reference_elf2tab_ubuntu-18.04.txt
+++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt
@@ -6,8 +6,8 @@ Min RAM size from segments in ELF: 20 bytes
 Number of writeable flash regions: 0
  Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187264 (0x2db80) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes.
-  Adding .stack section. Offset: 187392 (0x2dc00). Length: 16384 (0x4000) bytes.
+  Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
               version:        2        0x2
@@ -30,8 +30,8 @@ Min RAM size from segments in ELF: 20 bytes
 Number of writeable flash regions: 0
  Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187264 (0x2db80) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes.
-  Adding .stack section. Offset: 187392 (0x2dc00). Length: 16384 (0x4000) bytes.
+  Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
               version:        2        0x2
@@ -54,8 +54,8 @@ Min RAM size from segments in ELF: 20 bytes
 Number of writeable flash regions: 0
  Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187264 (0x2db80) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes.
-  Adding .stack section. Offset: 187392 (0x2dc00). Length: 16384 (0x4000) bytes.
+  Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
               version:        2        0x2
@@ -78,8 +78,8 @@ Min RAM size from segments in ELF: 20 bytes
 Number of writeable flash regions: 0
  Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187264 (0x2db80) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 187008 (0x2da80) bytes.
-  Adding .stack section. Offset: 187392 (0x2dc00). Length: 16384 (0x4000) bytes.
+  Adding .stack section. Offset: 187136 (0x2db00). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
               version:        2        0x2
--- a/reset.sh
+++ b/reset.sh
@@ -26,7 +26,7 @@ while
      # Reset the submodules
      git submodule foreach 'git reset --hard && git clean -fxd'
      # Reset also the main repository
-      git reset --hard && git clean -fxd
+      git reset --hard && git clean -fxd --exclude elf2tab
      set +x
      echo "DONE."
--- a/run_desktop_tests.sh
+++ b/run_desktop_tests.sh
@@ -23,10 +23,16 @@ cd ../..
 cd libraries/crypto
 cargo fmt --all -- --check
 cd ../..
 cd libraries/persistent_store
 cargo fmt --all -- --check
 cd ../..
 cd tools/heapviz
 cargo fmt --all -- --check
 cd ../..
 echo "Running Clippy lints..."
 cargo clippy --all-targets --features std -- -A clippy::new_without_default -D warnings
 echo "Building sha256sum tool..."
 cargo build --manifest-path third_party/tock/tools/sha256sum/Cargo.toml
 echo "Checking that heapviz tool builds properly..."
@@ -84,6 +90,9 @@ then
  cd libraries/crypto
  RUSTFLAGS='-C target-feature=+aes' cargo test --release --features std,derive_debug
  cd ../..
  cd libraries/persistent_store
  cargo test --release --features std
  cd ../..
  cargo test --release --features std
  echo "Running unit tests on the desktop (debug mode)..."
@@ -93,6 +102,9 @@ then
  cd libraries/crypto
  RUSTFLAGS='-C target-feature=+aes' cargo test --features std,derive_debug
  cd ../..
  cd libraries/persistent_store
  cargo test --features std
  cd ../..
  cargo test --features std
  echo "Running unit tests on the desktop (release mode + CTAP1)..."
--- a/setup.sh
+++ b/setup.sh
@@ -42,4 +42,5 @@ pip3 install --user --upgrade 'tockloader==1.5' six intelhex
 rustup target add thumbv7em-none-eabi
 # Install dependency to create applications.
-cargo install elf2tab --version 0.6.0 --root .
+mkdir -p elf2tab
 cargo install elf2tab --version 0.6.0 --root elf2tab/
--- a/src/ctap/command.rs
+++ b/src/ctap/command.rs
@@ -322,10 +322,7 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
        let pin_protocol = extract_unsigned(ok_or_missing(pin_protocol)?)?;
        let sub_command = ClientPinSubCommand::try_from(ok_or_missing(sub_command)?)?;
-        let key_agreement = key_agreement
+        let key_agreement = key_agreement.map(extract_map).transpose()?.map(CoseKey);
            .map(extract_map)
            .transpose()?
            .map(|x| CoseKey(x));
        let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
        let new_pin_enc = new_pin_enc.map(extract_byte_string).transpose()?;
        let pin_hash_enc = pin_hash_enc.map(extract_byte_string).transpose()?;
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -1252,7 +1252,7 @@ mod test {
        let mut rng = ThreadRng256 {};
        let sk = crypto::ecdh::SecKey::gensk(&mut rng);
        let pk = sk.genpk();
-        let cose_key = CoseKey::from(pk.clone());
+        let cose_key = CoseKey::from(pk);
        let cbor_extensions = cbor_map! {
            "hmac-secret" => cbor_map! {
                1 => cbor::Value::Map(cose_key.0.clone()),
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -694,7 +694,7 @@ where
            key_id: credential.credential_id.clone(),
            transports: None, // You can set USB as a hint here.
        };
-        let user = if (flags & UV_FLAG != 0) && (credential.user_handle.len() > 0) {
+        let user = if (flags & UV_FLAG != 0) && !credential.user_handle.is_empty() {
            Some(PublicKeyCredentialUserEntity {
                user_id: credential.user_handle.clone(),
                user_name: None,
--- a/src/ctap/pin_protocol_v1.rs
+++ b/src/ctap/pin_protocol_v1.rs
@@ -777,7 +777,7 @@ mod test {
    #[test]
    fn test_process_get_pin_retries() {
        let mut rng = ThreadRng256 {};
-        let mut persistent_store = PersistentStore::new(&mut rng);
+        let persistent_store = PersistentStore::new(&mut rng);
        let pin_protocol_v1 = PinProtocolV1::new(&mut rng);
        let expected_response = Ok(AuthenticatorClientPinResponse {
            key_agreement: None,
@@ -785,7 +785,7 @@ mod test {
            retries: Some(persistent_store.pin_retries().unwrap() as u64),
        });
        assert_eq!(
-            pin_protocol_v1.process_get_pin_retries(&mut persistent_store),
+            pin_protocol_v1.process_get_pin_retries(&persistent_store),
            expected_response
        );
    }
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -88,6 +88,7 @@ const _DEFAULT_MIN_PIN_LENGTH_RP_IDS: Vec<String> = Vec::new();
 #[cfg(feature = "with_ctap2_1")]
 const _MAX_RP_IDS_LENGTH: usize = 8;
 #[allow(clippy::enum_variant_names)]
 #[derive(PartialEq, Eq, PartialOrd, Ord)]
 enum Key {
    // TODO(cretin): Test whether this doesn't consume too much memory. Otherwise, we can use less
@@ -264,12 +265,10 @@ impl PersistentStore {
        debug_assert_eq!(entry.tag, TAG_CREDENTIAL);
        let result = deserialize_credential(entry.data);
        debug_assert!(result.is_some());
-        if check_cred_protect
+        let user_verification_required = result.as_ref().map_or(false, |cred| {
-            && result.as_ref().map_or(false, |cred| {
+            cred.cred_protect_policy == Some(CredentialProtectionPolicy::UserVerificationRequired)
-                cred.cred_protect_policy
+        });
-                    == Some(CredentialProtectionPolicy::UserVerificationRequired)
+        if check_cred_protect && user_verification_required {
            })
        {
            Ok(None)
        } else {
            Ok(result)
@@ -406,10 +405,11 @@ impl PersistentStore {
            data: pin_hash,
            sensitive: true,
        };
-        Ok(match self.store.find_one(&Key::PinHash) {
+        match self.store.find_one(&Key::PinHash) {
            None => self.store.insert(entry)?,
            Some((index, _)) => self.store.replace(index, entry)?,
-        })
+        }
        Ok(())
    }
    pub fn pin_retries(&self) -> Result<u8, Ctap2StatusCode> {
@@ -673,7 +673,6 @@ fn _serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap
 mod test {
    use super::*;
    use crate::ctap::data_formats::{PublicKeyCredentialSource, PublicKeyCredentialType};
    use crypto;
    use crypto::rng256::{Rng256, ThreadRng256};
    fn create_credential_source(
@@ -918,7 +917,7 @@ mod test {
        assert!(persistent_store.store_credential(credential).is_ok());
        let no_credential = persistent_store
-            .find_credential("example.com", &vec![0x00], true)
+            .find_credential("example.com", &[0x00], true)
            .unwrap();
        assert_eq!(no_credential, None);
    }
@@ -940,8 +939,8 @@ mod test {
        let master_hmac_key = master_keys_1.hmac.to_vec();
        persistent_store.reset(&mut rng).unwrap();
        let master_keys_3 = persistent_store.master_keys().unwrap();
-        assert!(master_keys_3.encryption != &master_encryption_key[..]);
+        assert!(master_keys_3.encryption != master_encryption_key.as_slice());
-        assert!(master_keys_3.hmac != &master_hmac_key[..]);
+        assert!(master_keys_3.hmac != master_hmac_key.as_slice());
    }
    #[test]
--- a/third_party/lang-items/src/allocator.rs
+++ b/third_party/lang-items/src/allocator.rs
@@ -44,6 +44,7 @@ impl TockAllocator {
 }
 unsafe impl GlobalAlloc for TockAllocator {
    #[allow(clippy::let_and_return)]
    unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
        let ptr = HEAP
            .allocate_first_fit(layout)
--- a/third_party/libtock-drivers/src/rng.rs
+++ b/third_party/libtock-drivers/src/rng.rs
@@ -41,5 +41,5 @@ pub fn fill_buffer(buf: &mut [u8]) -> bool {
    }
    util::yieldk_for(|| is_filled.get());
-    return true;
+    true
 }
--- a/third_party/libtock-drivers/src/usb_ctap_hid.rs
+++ b/third_party/libtock-drivers/src/usb_ctap_hid.rs
@@ -173,6 +173,7 @@ pub fn send_or_recv(buf: &mut [u8; 64]) -> SendOrRecvStatus {
 // Same as recv, but with a timeout.
 // If the timeout elapses, return None.
 #[allow(clippy::let_and_return)]
 pub fn recv_with_timeout(
    buf: &mut [u8; 64],
    timeout_delay: Duration<isize>,
@@ -199,6 +200,7 @@ pub fn recv_with_timeout(
 // Same as send_or_recv, but with a timeout.
 // If the timeout elapses, return None.
 #[allow(clippy::let_and_return)]
 pub fn send_or_recv_with_timeout(
    buf: &mut [u8; 64],
    timeout_delay: Duration<isize>,