From e7644f158d0f500c9c0428b8f722e101c6ea39ef Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Wed, 4 Nov 2020 14:35:13 +0100
Subject: [PATCH 1/2] adds FIDO 2.1 PRE version string

---
 src/ctap/mod.rs | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 442d942..1a98ce5 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -102,6 +102,9 @@ const RESET_TIMEOUT_MS: isize = 10000;
 pub const FIDO2_VERSION_STRING: &str = "FIDO_2_0";
 #[cfg(feature = "with_ctap1")]
 pub const U2F_VERSION_STRING: &str = "U2F_V2";
+// TODO(#106) change to final string when ready
+#[cfg(feature = "with_ctap2_1")]
+pub const FIDO2_1_VERSION_STRING: &str = "FIDO_2_1_PRE";
 
 // We currently only support one algorithm for signatures: ES256.
 // This algorithm is requested in MakeCredential and advertized in GetInfo.
@@ -710,6 +713,8 @@ where
                     #[cfg(feature = "with_ctap1")]
                     String::from(U2F_VERSION_STRING),
                     String::from(FIDO2_VERSION_STRING),
+                    #[cfg(feature = "with_ctap2_1")]
+                    String::from(FIDO2_1_VERSION_STRING),
                 ],
                 extensions: Some(vec![String::from("hmac-secret")]),
                 aaguid: self.persistent_store.aaguid()?,
@@ -825,12 +830,24 @@ mod test {
         #[cfg(not(feature = "with_ctap2_1"))]
         let mut expected_response = vec![0x00, 0xA6, 0x01];
         // The difference here is a longer array of supported versions.
-        #[cfg(not(feature = "with_ctap1"))]
-        expected_response.extend(&[0x81, 0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x30]);
+        let mut version_count = 0;
+        // CTAP 2 is always supported
+        version_count += 1;
         #[cfg(feature = "with_ctap1")]
+        {
+            version_count += 1;
+        }
+        #[cfg(feature = "with_ctap2_1")]
+        {
+            version_count += 1;
+        }
+        expected_response.push(0x80 + version_count);
+        #[cfg(feature = "with_ctap1")]
+        expected_response.extend(&[0x66, 0x55, 0x32, 0x46, 0x5F, 0x56, 0x32]);
+        expected_response.extend(&[0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x30]);
+        #[cfg(feature = "with_ctap2_1")]
         expected_response.extend(&[
-            0x82, 0x66, 0x55, 0x32, 0x46, 0x5F, 0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4F, 0x5F,
-            0x32, 0x5F, 0x30,
+            0x6C, 0x46, 0x49, 0x44, 0x4F, 0x5F, 0x32, 0x5F, 0x31, 0x5F, 0x50, 0x52, 0x45,
         ]);
         expected_response.extend(&[
             0x02, 0x81, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74,

From 16157e64a4bcde818230b6d4dc83be58735e4dd9 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Tue, 10 Nov 2020 09:52:58 +0100
Subject: [PATCH 2/2] change max PIN retries to 8

---
 src/ctap/storage.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 8db70a2..127dc23 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -75,7 +75,7 @@ const MIN_PIN_LENGTH_RP_IDS: usize = 9;
 // so we use the maximum.
 const NUM_TAGS: usize = 10;
 
-const MAX_PIN_RETRIES: u8 = 6;
+const MAX_PIN_RETRIES: u8 = 8;
 const ATTESTATION_PRIVATE_KEY_LENGTH: usize = 32;
 const AAGUID_LENGTH: usize = 16;
 #[cfg(feature = "with_ctap2_1")]