kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improved documentation

Browse Source
This commit is contained in:
Fabian Kaczmarczyck
2020-08-19 19:20:41 +02:00
parent bbcff488d5
commit 77b21e9ecf
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/ctap/pin_protocol_v1.rs
View File

@@ -48,9 +48,9 @@ fn verify_pin_auth(hmac_key: &[u8], hmac_contents: &[u8], pin_auth: &[u8]) -> bo
)
}
/// Decrypts the HMAC secret salt(s) that were encrypted with the shared secret.
/// Encrypts the HMAC-secret outputs. To compute them, we first have to
/// decrypt the HMAC secret salt(s) that were encrypted with the shared secret.
/// The credRandom is used as a secret to HMAC those salts.
/// The last step is to re-encrypt the outputs.
fn encrypt_hmac_secret_output(
shared_secret: &[u8; 32],
salt_enc: &[u8],
@@ -202,6 +202,7 @@ impl PinProtocolV1 {
/// Decrypts the encrypted pin_hash and compares it to the stored pin_hash.
/// Resets or decreases the PIN retries, depending on success or failure.
/// Also, in case of failure, the key agreement key is randomly reset.
fn verify_pin_hash_enc(
&mut self,
rng: &mut impl Rng256,
@@ -1079,7 +1080,7 @@ mod test {
];
assert_eq!(
decrypt_pin(&aes_dec_key, new_pin_enc),
Some(vec![0x31, 0x32, 0x33, 0x34]),
Some(b"1234".to_vec()),
);
// "123"
@@ -1092,7 +1093,7 @@ mod test {
];
assert_eq!(
decrypt_pin(&aes_dec_key, new_pin_enc),
Some(vec![0x31, 0x32, 0x33]),
Some(b"123".to_vec()),
);
// Encrypted PIN is too short.