kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adds a feature flag for CTAP2.1, addresses comments

Browse Source
This commit is contained in:
Fabian Kaczmarczyck
2020-04-27 20:00:39 +02:00
parent 8f20a75b17
commit d9c4c729e8
8 changed files with 274 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/ctap/command.rs
View File

@@ -23,9 +23,10 @@ use alloc::string::String;
use alloc::vec::Vec;
use core::convert::TryFrom;
// Depending on your memory, you can use Some(n) to limit request sizes.
// Depending on your memory, you can use Some(n) to limit request sizes in
// MakeCredential and GetAssertion. This affects allowList and excludeList.
// You might also want to set the max credential size in process_get_info then.
pub const MAX_CREDENTIAL_COUNT_IN_LIST: Option<u64> = None;
pub const MAX_CREDENTIAL_COUNT_IN_LIST: Option<usize> = None;
// CTAP specification (version 20190130) section 6.1
#[cfg_attr(any(test, feature = "debug_ctap"), derive(Debug, PartialEq))]
@@ -136,25 +137,19 @@ impl TryFrom<cbor::Value> for AuthenticatorMakeCredentialParameters {
)?)?;
let cred_param_vec = read_array(ok_or_missing(param_map.get(&cbor_unsigned!(4)))?)?;
let mut pub_key_cred_params = vec![];
for cred_param_map_value in cred_param_vec {
if let Ok(cred_param) = PublicKeyCredentialParameter::try_from(cred_param_map_value) {
pub_key_cred_params.push(cred_param);
}
}
let pub_key_cred_params = cred_param_vec
.iter()
.map(PublicKeyCredentialParameter::try_from)
.collect::<Result<Vec<PublicKeyCredentialParameter>, Ctap2StatusCode>>()?;
let exclude_list = match param_map.get(&cbor_unsigned!(5)) {
Some(entry) => {
let exclude_list_vec = read_array(entry)?;
let mut exclude_list = vec![];
for exclude_list_value in exclude_list_vec {
if let Some(count) = MAX_CREDENTIAL_COUNT_IN_LIST {
if exclude_list.len() as u64 >= count {
break;
}
}
exclude_list.push(PublicKeyCredentialDescriptor::try_from(exclude_list_value)?);
}
let exclude_list = exclude_list_vec
.iter()
.take(MAX_CREDENTIAL_COUNT_IN_LIST.unwrap_or(exclude_list_vec.len()))
.map(PublicKeyCredentialDescriptor::try_from)
.collect::<Result<Vec<PublicKeyCredentialDescriptor>, Ctap2StatusCode>>()?;
Some(exclude_list)
}
None => None,
@@ -222,15 +217,11 @@ impl TryFrom<cbor::Value> for AuthenticatorGetAssertionParameters {
let allow_list = match param_map.get(&cbor_unsigned!(3)) {
Some(entry) => {
let allow_list_vec = read_array(entry)?;
let mut allow_list = vec![];
for allow_list_value in allow_list_vec {
if let Some(count) = MAX_CREDENTIAL_COUNT_IN_LIST {
if allow_list.len() as u64 >= count {
break;
}
}
allow_list.push(PublicKeyCredentialDescriptor::try_from(allow_list_value)?);
}
let allow_list = allow_list_vec
.iter()
.take(MAX_CREDENTIAL_COUNT_IN_LIST.unwrap_or(allow_list_vec.len()))
.map(PublicKeyCredentialDescriptor::try_from)
.collect::<Result<Vec<PublicKeyCredentialDescriptor>, Ctap2StatusCode>>()?;
Some(allow_list)
}
None => None,
@@ -330,7 +321,7 @@ mod test {
AuthenticatorTransport, PublicKeyCredentialRpEntity, PublicKeyCredentialType,
PublicKeyCredentialUserEntity,
};
use super::super::CREDENTIAL_PARAMETER;
use super::super::ES256_CRED_PARAM;
use super::*;
use alloc::collections::BTreeMap;
@@ -349,7 +340,7 @@ mod test {
"displayName" => "bar",
"icon" => "example.com/foo/icon.png",
},
4 => cbor_array![CREDENTIAL_PARAMETER],
4 => cbor_array![ES256_CRED_PARAM],
5 => cbor_array![],
8 => vec![0x12, 0x34],
9 => 1,
@@ -380,7 +371,7 @@ mod test {
client_data_hash,
rp,
user,
pub_key_cred_params: vec![CREDENTIAL_PARAMETER],
pub_key_cred_params: vec![ES256_CRED_PARAM],
exclude_list: Some(vec![]),
extensions: None,
options,