From 132cd6b03f6e400f91d08b9db3048db5cd5ac65e Mon Sep 17 00:00:00 2001
From: Nick Zana <me@nickzana.dev>
Date: Wed, 14 Jun 2023 15:03:11 -0400
Subject: [PATCH] ctap2-proto: Add
 ctap2-proto::authenticator::client_pin::raw::RawPermission bitflag set

CTAP 2 uses bitflags to represent the permissions field in client pin
requests. This adds a RawPermission type that can be represented using a
FlagSet<RawPermission> for Serialization and Deserialization.
---
 crates/ctap2-proto/Cargo.toml                 |  1 +
 .../src/authenticator/client_pin/raw/mod.rs   | 52 +++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/crates/ctap2-proto/Cargo.toml b/crates/ctap2-proto/Cargo.toml
index 602e8c3..a8fda3d 100644
--- a/crates/ctap2-proto/Cargo.toml
+++ b/crates/ctap2-proto/Cargo.toml
@@ -14,6 +14,7 @@ typed-builder = { version = "0.14.0", default-features = false }
 # Version <= to support older serde
 serde_with = { version = "<=2.2.0", optional = true }
 cosey = "0.3.0"
+flagset = { version = "0.4.3", default-features = false, features = ["serde"] }
 
 [dev-dependencies]
 hex = "0.4.3"
diff --git a/crates/ctap2-proto/src/authenticator/client_pin/raw/mod.rs b/crates/ctap2-proto/src/authenticator/client_pin/raw/mod.rs
index 50848e1..014f593 100644
--- a/crates/ctap2-proto/src/authenticator/client_pin/raw/mod.rs
+++ b/crates/ctap2-proto/src/authenticator/client_pin/raw/mod.rs
@@ -2,6 +2,9 @@
 //! possible in CBOR format while maintaining ergonomic enum variants for public
 //! API.
 
+use super::Permission;
+use flagset::flags;
+use flagset::FlagSet;
 use serde::{Deserialize, Serialize};
 mod public_key;
 
@@ -24,3 +27,52 @@ impl From<RawSubcommand> for u8 {
     }
 }
 
+
+flags! {
+    #[derive(Serialize, Deserialize)]
+    pub enum RawPermission: u8 {
+        MakeCredential = 0x01,
+        GetAssertion = 0x02,
+        CredentialManagement = 0x04,
+        BioEnrollment = 0x08,
+        LargeBlobWrite = 0x10,
+        AuthenticatorConfiguration = 0x20,
+    }
+}
+
+impl From<Permission> for RawPermission {
+    fn from(value: Permission) -> Self {
+        match value {
+            Permission::MakeCredential => Self::MakeCredential,
+            Permission::GetAssertion => Self::GetAssertion,
+            Permission::CredentialManagement => Self::CredentialManagement,
+            Permission::BiometricEnrollment => Self::BioEnrollment,
+            Permission::LargeBlobWrite => Self::LargeBlobWrite,
+            Permission::AuthenticatorConfiguration => Self::AuthenticatorConfiguration,
+        }
+    }
+}
+
+impl From<RawPermission> for Permission {
+    fn from(value: RawPermission) -> Self {
+        match value {
+            RawPermission::MakeCredential => Self::MakeCredential,
+            RawPermission::GetAssertion => Self::GetAssertion,
+            RawPermission::CredentialManagement => Self::CredentialManagement,
+            RawPermission::BioEnrollment => Self::BiometricEnrollment,
+            RawPermission::LargeBlobWrite => Self::LargeBlobWrite,
+            RawPermission::AuthenticatorConfiguration => Self::AuthenticatorConfiguration,
+        }
+    }
+}
+
+impl FromIterator<Permission> for FlagSet<RawPermission> {
+    fn from_iter<T: IntoIterator<Item = Permission>>(iter: T) -> Self {
+        iter.into_iter()
+            .map(RawPermission::from)
+            .fold(None.into(), |mut set, flag| {
+                set |= flag;
+                set
+            })
+    }
+}