This patch fixes some issues that we missed in
https://github.com/trussed-dev/ctap-types/pull/18:
- largeBlobs request deserialization
- largeBlobKey in credential management
- empty response for largeBlobs command with set
The algorithm field is optional, see RFC 8152 § 7:
COSE_Key = {
1 => tstr / int, ; kty
? 2 => bstr, ; kid
? 3 => tstr / int, ; alg
? 4 => [+ (tstr / int) ], ; key_ops
? 5 => bstr, ; Base IV
* label => values
}
alg: This parameter is used to restrict the algorithm that is used
with the key. If this parameter is present in the key structure,
the application MUST verify that this algorithm matches the
algorithm for which the key is being used.
This patch introduces the RawPublicKey helper type that takes care of
serialization and deserialization of the key type. The *PublicKey
structs now only need to check if all required fields are present and
have the correct value. It also adds extensive tests to make sure that
serialization and deserialization work correctly.
This patch adds a CI config that builds and tests the library and runs
clippy and rustfmt. To make the CI pass, it also fixes the formatting
and two clippy lints. One of them is a breaking change: We remove
AuthenticatorDataFlags::EMPTY. Instead, AuthenticatorDataFlags::empty()
should be used.
This commit modifies the way the pub_key_cred_params is parsed to silently drop unknown algorithms.
This ensures that the deserialization does not fail if the host sends more than 12 algorithms,i
since we know how many algorithms are supported and will therefore be parsed.
Regarding the spec:
This member contains information about the desired properties of the credential to be created.
The sequence is ordered from most preferred to least preferred.
The client makes a best-effort to create the most preferred credential that it can.
Since the behaviour is best-effort, it makes sense to drop unsupported algorithms at serialization.
We could even consider only keeping the first algorithm that it supported since it is the one that will be used.
For the SetPin and ChangePin subcommands, the clientPin command does not
return any parameters. Previously, we sent an empty map for these
cases. With this patch, we sent an empty response instead.
Fixes: https://github.com/solokeys/ctap-types/issues/13
Previously, we just returned an error if a name or displayName value for
a PublicKeyCredentialEntity was longer than the supported 64 bytes.
With this patch, we instead truncate the value at a UTF-8 character
boundary. The logic for determining the truncation point is borrowed
from a nightly function from the standard library.
Fixes: https://github.com/solokeys/fido-authenticator/issues/30
The icon field of PublicKeyCredentialRpEntity has been removed from the
Webauthn spec. CTAP 2.2 still requires us to parse it although we may
not store its content. This patch:
- renames the url field to icon and keeps url as an alias for backwards
compatibility,
- introduces an Icon helper type to make sure that we do not store any
data for this field, and
- adds the skip_serializing attribute to the field.
Fixes: https://github.com/solokeys/ctap-types/issues/9