move some logic into storage.rs
This commit is contained in:
Fabian Kaczmarczyck
@@ -18,7 +18,7 @@ use super::pin_protocol_v1::PinProtocolV1;
|
|||||||
use super::response::ResponseData;
|
use super::response::ResponseData;
|
||||||
use super::status_code::Ctap2StatusCode;
|
use super::status_code::Ctap2StatusCode;
|
||||||
use super::storage::PersistentStore;
|
use super::storage::PersistentStore;
|
||||||
use super::{check_pin_uv_auth_protocol, ENFORCE_ALWAYS_UV, ENTERPRISE_ATTESTATION_MODE};
|
use super::{check_pin_uv_auth_protocol, ENTERPRISE_ATTESTATION_MODE};
|
||||||
use alloc::vec;
|
use alloc::vec;
|
||||||
|
|
||||||
/// Processes the subcommand enableEnterpriseAttestation for AuthenticatorConfig.
|
/// Processes the subcommand enableEnterpriseAttestation for AuthenticatorConfig.
|
||||||
@@ -37,9 +37,6 @@ fn process_enable_enterprise_attestation(
|
|||||||
fn process_toggle_always_uv(
|
fn process_toggle_always_uv(
|
||||||
persistent_store: &mut PersistentStore,
|
persistent_store: &mut PersistentStore,
|
||||||
) -> Result<ResponseData, Ctap2StatusCode> {
|
) -> Result<ResponseData, Ctap2StatusCode> {
|
||||||
if ENFORCE_ALWAYS_UV {
|
|
||||||
return Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED);
|
|
||||||
}
|
|
||||||
persistent_store.toggle_always_uv()?;
|
persistent_store.toggle_always_uv()?;
|
||||||
Ok(ResponseData::AuthenticatorConfig)
|
Ok(ResponseData::AuthenticatorConfig)
|
||||||
}
|
}
|
||||||
@@ -130,6 +127,7 @@ pub fn process_config(
|
|||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod test {
|
mod test {
|
||||||
use super::*;
|
use super::*;
|
||||||
|
use crate::ctap::ENFORCE_ALWAYS_UV;
|
||||||
use crypto::rng256::ThreadRng256;
|
use crypto::rng256::ThreadRng256;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
|||||||
@@ -148,7 +148,7 @@ const DEFAULT_CRED_PROTECT: Option<CredentialProtectionPolicy> = None;
|
|||||||
// Maximum size stored with the credBlob extension. Must be at least 32.
|
// Maximum size stored with the credBlob extension. Must be at least 32.
|
||||||
const MAX_CRED_BLOB_LENGTH: usize = 32;
|
const MAX_CRED_BLOB_LENGTH: usize = 32;
|
||||||
// Enforce the alwaysUv option. With this constant set to true, commands require
|
// Enforce the alwaysUv option. With this constant set to true, commands require
|
||||||
// a PIN to be set up. The command toggleAlwaysUv will fail to disable alwaysUv.
|
// a PIN to be set up. alwaysUv can not be disabled by commands.
|
||||||
pub const ENFORCE_ALWAYS_UV: bool = false;
|
pub const ENFORCE_ALWAYS_UV: bool = false;
|
||||||
|
|
||||||
// Checks the PIN protocol parameter against all supported versions.
|
// Checks the PIN protocol parameter against all supported versions.
|
||||||
|
|||||||
@@ -649,7 +649,7 @@ impl PersistentStore {
|
|||||||
/// Enables alwaysUv, when disabled, and vice versa.
|
/// Enables alwaysUv, when disabled, and vice versa.
|
||||||
pub fn toggle_always_uv(&mut self) -> Result<(), Ctap2StatusCode> {
|
pub fn toggle_always_uv(&mut self) -> Result<(), Ctap2StatusCode> {
|
||||||
if ENFORCE_ALWAYS_UV {
|
if ENFORCE_ALWAYS_UV {
|
||||||
return Ok(());
|
return Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED);
|
||||||
}
|
}
|
||||||
if self.has_always_uv()? {
|
if self.has_always_uv()? {
|
||||||
Ok(self.store.remove(key::ALWAYS_UV)?)
|
Ok(self.store.remove(key::ALWAYS_UV)?)
|
||||||
@@ -1375,6 +1375,10 @@ mod test {
|
|||||||
|
|
||||||
if ENFORCE_ALWAYS_UV {
|
if ENFORCE_ALWAYS_UV {
|
||||||
assert!(persistent_store.has_always_uv().unwrap());
|
assert!(persistent_store.has_always_uv().unwrap());
|
||||||
|
assert_eq!(
|
||||||
|
persistent_store.toggle_always_uv(),
|
||||||
|
Err(Ctap2StatusCode::CTAP2_ERR_OPERATION_DENIED)
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
assert!(!persistent_store.has_always_uv().unwrap());
|
assert!(!persistent_store.has_always_uv().unwrap());
|
||||||
assert_eq!(persistent_store.toggle_always_uv(), Ok(()));
|
assert_eq!(persistent_store.toggle_always_uv(), Ok(()));
|
||||||
|
|||||||
Reference in New Issue
Block a user