166 Commits

Author SHA1 Message Date
Robin Krahl 785bcc5272 Fix large blob support
This patch fixes some issues that we missed in
https://github.com/trussed-dev/ctap-types/pull/18:
- largeBlobs request deserialization
- largeBlobKey in credential management
- empty response for largeBlobs command with set
2023-11-21 12:44:51 +01:00
Robin Krahl 2a563c82f1 cose: Allow missing algorithms
The algorithm field is optional, see RFC 8152 § 7:

   COSE_Key = {
       1 => tstr / int,          ; kty
       ? 2 => bstr,              ; kid
       ? 3 => tstr / int,        ; alg
       ? 4 => [+ (tstr / int) ], ; key_ops
       ? 5 => bstr,              ; Base IV
       * label => values
   }

   alg:  This parameter is used to restrict the algorithm that is used
      with the key.  If this parameter is present in the key structure,
      the application MUST verify that this algorithm matches the
      algorithm for which the key is being used.
2023-11-21 11:56:52 +01:00
Robin Krahl 6ff764d02e Refactor COSE serialization and deserialization
This patch introduces the RawPublicKey helper type that takes care of
serialization and deserialization of the key type.  The *PublicKey
structs now only need to check if all required fields are present and
have the correct value.  It also adds extensive tests to make sure that
serialization and deserialization work correctly.
2023-11-21 11:56:52 +01:00
Robin Krahl 9324f0094b Enable CI
This patch adds a CI config that builds and tests the library and runs
clippy and rustfmt.  To make the CI pass, it also fixes the formatting
and two clippy lints.  One of them is a breaking change:  We remove
AuthenticatorDataFlags::EMPTY.  Instead, AuthenticatorDataFlags::empty()
should be used.
2023-11-16 12:51:32 +01:00
Robin Krahl c424155340 Update changelog 2023-11-15 18:56:45 +01:00
Felix Gohla 2b5a295793 Add largeBlobKey Extension to authenticatorGetAssertion 2023-11-15 18:56:45 +01:00
Felix Gohla 002e837ad8 Add largeBlobKey Extension to authenticatorMakeCredential 2023-11-15 18:56:45 +01:00
Felix Gohla 82d719f110 Add More Error Codes 2023-11-15 18:56:45 +01:00
Felix Gohla db1526266a Add authenticatorLargeBlobs Types 2023-11-15 18:56:45 +01:00
Felix Gohla 6502e00e94 Add largeBlobs Option For FIDO_2_1 2023-11-15 18:56:45 +01:00
Sosthène Guédon 40f1de76be Update changelog 2023-11-15 14:59:47 +01:00
Sosthène Guédon ffc606f025 Filter unknown algorithm
This commit modifies the way the pub_key_cred_params is parsed to silently drop unknown algorithms.
This ensures that the deserialization does not fail if the host sends more than 12 algorithms,i
since we know how many algorithms are supported and will therefore be parsed.

Regarding the spec:
  This member contains information about the desired properties of the credential to be created.
  The sequence is ordered from most preferred to least preferred.
  The client makes a best-effort to create the most preferred credential that it can.

Since the behaviour is best-effort, it makes sense to drop unsupported algorithms at serialization.

We could even consider only keeping the first algorithm that it supported since it is the one that will be used.
2023-11-15 14:59:47 +01:00
Sosthène Guédon 2164c40bbc Update changelog 2023-11-15 14:56:45 +01:00
Sosthène Guédon d9c90b8d10 Fix tests 2023-11-15 14:56:45 +01:00
Robin Krahl e2e41a7f81 Use byte slice for PinAuth
Fixes: https://github.com/Nitrokey/ctap-types/issues/12
2023-11-15 14:56:45 +01:00
Sosthène Guédon b3a3a126a6 Fix invalid comments 2023-11-15 14:56:45 +01:00
Sosthène Guédon 8ce2830b03 Use lifetime references to deserialize the largest structs 2023-11-15 14:56:45 +01:00
Robin Krahl 92fef529c0 Send empty response to clientPin instead of empty map
For the SetPin and ChangePin subcommands, the clientPin command does not
return any parameters.  Previously, we sent an empty map for these
cases.  With this patch, we sent an empty response instead.

Fixes: https://github.com/solokeys/ctap-types/issues/13
2023-09-13 09:21:09 +02:00
Robin Krahl cda15f89a6 Truncate overlong name and displayName values
Previously, we just returned an error if a name or displayName value for
a PublicKeyCredentialEntity was longer than the supported 64 bytes.
With this patch, we instead truncate the value at a UTF-8 character
boundary.  The logic for determining the truncation point is borrowed
from a nightly function from the standard library.

Fixes: https://github.com/solokeys/fido-authenticator/issues/30
2023-09-13 09:19:25 +02:00
Robin Krahl 290f90320e Rename url to icon and ignore its content
The icon field of PublicKeyCredentialRpEntity has been removed from the
Webauthn spec.  CTAP 2.2 still requires us to parse it although we may
not store its content.  This patch:
- renames the url field to icon and keeps url as an alias for backwards
  compatibility,
- introduces an Icon helper type to make sure that we do not store any
  data for this field, and
- adds the skip_serializing attribute to the field.

Fixes: https://github.com/solokeys/ctap-types/issues/9
2023-09-13 09:16:15 +02:00
Nicolas Stalder 7fa0f08b1f Yanked wrong version 0.1.2 2022-03-07 22:22:55 +01:00
Nicolas Stalder be13c32177 Prepare 0.1.1 release replacing 0.1.0 0.1.1 2022-03-07 22:20:42 +01:00
Nicolas Stalder 853a8d0395 Add the other CTAP2.1 options 2022-03-07 22:18:28 +01:00
Nicolas Stalder 5bc8d70d9a Add CTAP2.1 Selection command (breaking) 2022-03-07 22:18:15 +01:00
Nicolas Stalder 535d601cff Clippy and formatting 0.1.0 2022-03-05 20:14:14 +01:00