Previously, we used String<_> to represent string constants in some
responses. This has multiple drawbacks:
- It is error-prone because the value is not validated.
- Construction is fallible because of the fixed length of the string.
- The length needs to be bumped if longer values are added.
This patch introduces enums to replace these constants. As cbor_smol
serializes enums using the variant index instead of the string, we need
to manually implement the string conversion.
In CTAP 2.2, att_stmt will be optional in the make_credential response.
Applying this change now allows us to release v0.2.0 and then add the
remaining (compatible) changes required for CTAP 2.2 in a patch release.
This patch removes code that has been commented out and empty files that
are not actually used. It also removes the unused and undocumented
get_assertion::Responses typedef.
This means that all encrypted values need additional 16 bytes for the
IV, and the PIN hash is now completely transmitted instead of truncating
it to 16 bytes.
We skip the icon field during deserialization if it is too long.
Previously, we directly tried to deserialize a String<N> and ignored any
errors. This means that we also ignored any other errors, e. g. for
invalid data types.
This patch changes the implementation to first deserialize a string
slice and handle errors occuring during the deserialization. Then we
check if the string slice fits into String<N> or if we should ignore the
value.
The buffer size used in the response to the large-blobs command should
match the maximum message size of the FIDO2 implementation (minus 64).
At the same time, the buffer size must be hardcoded because
serde-indexed does not support const generics. As a temporary
workaround, this patch changes the default buffer size to zero (to
reduce stack usage if the extension is not used) and sets the buffer
size to 3008 if the large-blobs feature is activated (matching the max
message size declared by usbd-ctaphid that is used in solo2 and
nitrokey-3-firmware).
This patch removes the unused REALISTIC_MAX_MESSAGE_SIZE constant. Its
value has no inherent meaning, and applications should not rely on it.
In fact, implementations in the Trussed ecosystem typically use a max
message size of 3072, see usbd-ctaphid.
Instead of sending an empty CBOR map as a response, we now always send
an empty response. Previously, we had this as a special case for the
ClientPin response, but we need it for LargeBlobs too. So a generic
implementation makes more sense and is easier to maintain.