move some logic into storage.rs

2021-02-08 21:54:22 +01:00
parent 4678a7417d
commit 6a31e06a55
3 changed files with 8 additions and 6 deletions
--- a/src/ctap/config_command.rs
+++ b/src/ctap/config_command.rs
@@ -18,7 +18,7 @@ use super::pin_protocol_v1::PinProtocolV1;
 use super::response::ResponseData;
 use super::status_code::Ctap2StatusCode;
 use super::storage::PersistentStore;
-use super::{check_pin_uv_auth_protocol, ENFORCE_ALWAYS_UV, ENTERPRISE_ATTESTATION_MODE};
+use super::{check_pin_uv_auth_protocol, ENTERPRISE_ATTESTATION_MODE};
 use alloc::vec;

 /// Processes the subcommand enableEnterpriseAttestation for AuthenticatorConfig.
@@ -37,9 +37,6 @@ fn process_enable_enterprise_attestation(
 fn process_toggle_always_uv(
    persistent_store: &mut PersistentStore,
 ) -> Result<ResponseData, Ctap2StatusCode> {
-    if ENFORCE_ALWAYS_UV {
-        return Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED);
-    }
    persistent_store.toggle_always_uv()?;
    Ok(ResponseData::AuthenticatorConfig)
 }
@@ -130,6 +127,7 @@ pub fn process_config(
 #[cfg(test)]
 mod test {
    use super::*;
+    use crate::ctap::ENFORCE_ALWAYS_UV;
    use crypto::rng256::ThreadRng256;

    #[test]
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -148,7 +148,7 @@ const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
 // Maximum size stored with the credBlob extension. Must be at least 32.
 const MAX_CRED_BLOB_LENGTH: usize = 32;
 // Enforce the alwaysUv option. With this constant set to true, commands require
-// a PIN to be set up. The command toggleAlwaysUv will fail to disable alwaysUv.
+// a PIN to be set up. alwaysUv can not be disabled by commands.
 pub const ENFORCE_ALWAYS_UV: bool = false;

 // Checks the PIN protocol parameter against all supported versions.
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -649,7 +649,7 @@ impl PersistentStore {
    /// Enables alwaysUv, when disabled, and vice versa.
    pub fn toggle_always_uv(&mut self) -> Result<(), Ctap2StatusCode> {
        if ENFORCE_ALWAYS_UV {
-            return Ok(());
+            return Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED);
        }
        if self.has_always_uv()? {
            Ok(self.store.remove(key::ALWAYS_UV)?)
@@ -1375,6 +1375,10 @@ mod test {

        if ENFORCE_ALWAYS_UV {
            assert!(persistent_store.has_always_uv().unwrap());
+            assert_eq!(
+                persistent_store.toggle_always_uv(),
+                Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED)
+            );
        } else {
            assert!(!persistent_store.has_always_uv().unwrap());
            assert_eq!(persistent_store.toggle_always_uv(), Ok(()));