ctap2-proto: Move authenticator::client_pin::AuthProtocolVersion to own module

In preparation for adding traits for the PIN/UV Auth Protocol, this
splits the AuthProtocolVersion type into its own module and renames it
to auth_protocol::Version.
main
Nick Zana 2 years ago
parent 16d11745a3
commit a8a9eeb817

@ -1,5 +1,5 @@
use crate::Sha256Hash;
use crate::{authenticator::client_pin::AuthProtocolVersion, extensions};
use crate::{authenticator::client_pin::auth_protocol, extensions};
use fido_common::credential::public_key;
use std::{collections::BTreeMap, usize};
@ -69,7 +69,7 @@ pub struct Request<'a> {
pub pin_uv_auth_param: Option<&'a [u8]>,
/// > PIN/UV protocol version selected by platform.
#[cfg_attr(feature = "serde", serde(rename = 0x07))]
pub pin_uv_auth_protocol_version: Option<AuthProtocolVersion>,
pub pin_uv_auth_protocol_version: Option<auth_protocol::Version>,
}
/// Response structure for [`Ctap2Device::get_assertion`] operation.

@ -0,0 +1,31 @@
#[cfg(feature = "serde")]
use serde::{Deserialize, Serialize};
#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug)]
#[cfg_attr(
feature = "serde",
derive(Serialize, Deserialize),
serde(into = "u8", try_from = "u8")
)]
pub enum Version {
One = 1,
Two = 2,
}
impl From<Version> for u8 {
fn from(value: Version) -> Self {
value as u8
}
}
impl TryFrom<u8> for Version {
type Error = super::Error;
fn try_from(value: u8) -> Result<Self, Self::Error> {
match value {
1 => Ok(Version::One),
2 => Ok(Version::Two),
_ => Err(super::Error::InvalidParameter),
}
}
}

@ -4,55 +4,15 @@ use std::collections::BTreeSet;
#[cfg(feature = "serde")]
use serde::{Deserialize, Serialize};
#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug)]
#[cfg_attr(
feature = "serde",
derive(Serialize, Deserialize),
serde(into = "u8", try_from = "u8")
)]
pub enum AuthProtocolVersion {
One = 1,
Two = 2,
}
impl From<AuthProtocolVersion> for u8 {
fn from(value: AuthProtocolVersion) -> Self {
value as u8
}
}
impl TryFrom<u8> for AuthProtocolVersion {
type Error = Error;
fn try_from(value: u8) -> Result<Self, Self::Error> {
match value {
1 => Ok(AuthProtocolVersion::One),
2 => Ok(AuthProtocolVersion::Two),
_ => Err(Error::InvalidParameter),
}
}
}
where
D: serde::Deserializer<'de>,
{
use serde::de;
pub mod auth_protocol;
match u8::deserialize(deserializer)? {
1 => Ok(Self::One),
2 => Ok(Self::Two),
i => Err(de::Error::invalid_value(
de::Unexpected::Unsigned(i.into()),
&"1 or 2",
)),
}
}
}
pub type PinUvAuthParam = [u8; 16];
#[derive(Clone, Copy)]
#[derive(Clone)]
pub enum Request<'a> {
GetPinRetries,
GetKeyAgreement {
version: AuthProtocolVersion,
version: auth_protocol::Version,
},
SetPin {
key_agreement: &'a coset::CoseKey,
@ -60,25 +20,25 @@ pub enum Request<'a> {
pin_uv_auth_param: &'a [u8],
},
ChangePin {
version: AuthProtocolVersion,
version: auth_protocol::Version,
pin_hash_encrypted: &'a [u8],
new_pin_encrypted: &'a [u8],
pin_uv_auth_param: &'a [u8],
},
GetPinToken {
version: AuthProtocolVersion,
key_agreement: &'a coset::CoseKey,
version: auth_protocol::Version,
key_agreement: cosey::PublicKey,
pin_hash_encrypted: &'a [u8],
},
GetPinUvAuthTokenUsingUvWithPermissions {
version: AuthProtocolVersion,
version: auth_protocol::Version,
key_agreement: &'a coset::CoseKey,
permissions: &'a BTreeSet<Permission>, // TODO: Enforce non-empty set?
relying_party_id: Option<usize>,
},
GetUvRetries,
GetPinUvAuthTokenUsingPinWithPermissions {
version: AuthProtocolVersion,
version: auth_protocol::Version,
key_agreement: &'a coset::CoseKey,
pin_hash_encrypted: usize,
permissions: &'a BTreeSet<Permission>, // TODO: Enforce non-empty set?
@ -126,6 +86,7 @@ pub enum Response {
},
}
#[derive(Debug, Clone, Copy)]
pub enum Error {
MissingParameter,
InvalidParameter,
@ -142,6 +103,26 @@ pub enum Error {
UserVerificationInvalid,
}
impl std::fmt::Display for Error {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
Error::MissingParameter => write!(f, "Missing parameter"),
Error::InvalidParameter => write!(f, "Invalid parameter"),
Error::PinAuthInvalid => write!(f, "PIN auth invalid"),
Error::PinPolicyViolation => write!(f, "PIN policy violation"),
Error::PinBlocked => write!(f, "PIN blocked"),
Error::PinAuthBlocked => write!(f, "PIN auth blocked"),
Error::PinInvalid => write!(f, "PIN invalid"),
Error::OperationDenied => write!(f, "Operation denied"),
Error::UnauthorizedPermission => write!(f, "Unauthorized permission"),
Error::NotAllowed => write!(f, "Not allowed"),
Error::UserVerificationBlocked => write!(f, "User verification blocked"),
Error::UserActionTimeout => write!(f, "User action timeout"),
Error::UserVerificationInvalid => write!(f, "User verification invalid"),
}
}
}
/// > When obtaining a `pinUvAuthToken`, the platform requests permissions
/// > appropriate for the operations it intends to perform. Consequently, the
/// > `pinUvAuthToken` can only be used for those operations.

@ -1,19 +1,19 @@
use std::collections::BTreeMap;
use super::client_pin::AuthProtocolVersion;
use super::client_pin::auth_protocol;
#[derive(Clone, Copy)]
pub enum Request<'a> {
/// > This `enableEnterpriseAttestation` subcommand is only implemented if
/// > the enterprise attestation feature is supported.
EnableEnterpriseAttestation {
pin_uv_auth_protocol: AuthProtocolVersion,
pin_uv_auth_protocol: auth_protocol::Version,
pin_uv_auth_param: &'a [u8], // TODO: Is using a more specific type possible?
},
/// > This `toggleAlwaysUv` subcommand is only implemented if the Always
/// > Require User Verification feature is supported.
ToggleAlwaysUserVerification {
pin_uv_auth_protocol: AuthProtocolVersion,
pin_uv_auth_protocol: auth_protocol::Version,
pin_uv_auth_param: &'a [u8], // TODO: Is using a more specific type possible?
},
/// > This `setMinPINLength` subcommand is only implemented if the
@ -22,7 +22,7 @@ pub enum Request<'a> {
/// > This command sets the minimum PIN length in Unicode code points to be
/// > enforced by the authenticator while changing/setting up a ClientPIN.
SetMinPinLength {
pin_uv_auth_protocol: AuthProtocolVersion,
pin_uv_auth_protocol: auth_protocol::Version,
pin_uv_auth_param: &'a [u8], // TODO: Is using a more specific type possible?
},
/// > This subCommand allows vendors to test authenticator configuration
@ -39,7 +39,7 @@ pub enum Request<'a> {
vendor_command_id: usize,
params: &'a BTreeMap<Vec<u8>, Vec<u8>>, /* TODO: Is the character space of keys
* restricted to UTF-8? */
pin_uv_auth_protocol: AuthProtocolVersion,
pin_uv_auth_protocol: auth_protocol::Version,
pin_uv_auth_param: &'a [u8], // TODO: Is using a more specific type possible?
},
}

@ -99,7 +99,7 @@ pub struct Request<'a> {
/// > PIN/UV protocol version selected by platform.
#[builder(default, setter(strip_option))]
#[cfg_attr(feature = "serde", serde(rename = 0x09))]
pub pin_uv_auth_protocol_version: Option<client_pin::AuthProtocolVersion>,
pub pin_uv_auth_protocol_version: Option<client_pin::auth_protocol::Version>,
/// > An authenticator supporting this enterprise attestation feature is
/// > enterprise attestation capable and signals its support via the `ep`
/// > Option ID in the `authenticatorGetInfo` command response.

@ -7,13 +7,13 @@ pub type PinUvAuthParam = [u8; 16];
pub enum Request<'a> {
GetCredentialsMetadata {
/// > PIN/UV protocol version chosen by the platform.
pin_uv_auth_protocol: client_pin::AuthProtocolVersion,
pin_uv_auth_protocol: client_pin::auth_protocol::Version,
/// > First 16 bytes of HMAC-SHA-256 of contents using `pinUvAuthToken`.
pin_uv_auth_param: &'a PinUvAuthParam,
},
EnumerateRPsBegin {
/// > PIN/UV protocol version chosen by the platform.
pin_uv_auth_protocol: client_pin::AuthProtocolVersion,
pin_uv_auth_protocol: client_pin::auth_protocol::Version,
/// > First 16 bytes of HMAC-SHA-256 of contents using `pinUvAuthToken`.
pin_uv_auth_param: &'a PinUvAuthParam,
},
@ -22,7 +22,7 @@ pub enum Request<'a> {
/// The ID of the relying party to enumerate credentials for.
relying_party_id_hash: &'a Sha256Hash,
/// > PIN/UV protocol version chosen by the platform.
pin_uv_auth_protocol: client_pin::AuthProtocolVersion,
pin_uv_auth_protocol: client_pin::auth_protocol::Version,
/// > First 16 bytes of HMAC-SHA-256 of contents using `pinUvAuthToken`.
pin_uv_auth_param: &'a PinUvAuthParam,
},
@ -31,7 +31,7 @@ pub enum Request<'a> {
/// The ID of the credential to delete.
credential_id: &'a public_key::Descriptor,
/// > PIN/UV protocol version chosen by the platform.
pin_uv_auth_protocol: client_pin::AuthProtocolVersion,
pin_uv_auth_protocol: client_pin::auth_protocol::Version,
/// > First 16 bytes of HMAC-SHA-256 of contents using `pinUvAuthToken`.
pin_uv_auth_param: &'a PinUvAuthParam,
},
@ -41,7 +41,7 @@ pub enum Request<'a> {
/// The updated user information.
user: &'a public_key::UserEntity,
/// > PIN/UV protocol version chosen by the platform.
pin_uv_auth_protocol: client_pin::AuthProtocolVersion,
pin_uv_auth_protocol: client_pin::auth_protocol::Version,
/// > First 16 bytes of HMAC-SHA-256 of contents using `pinUvAuthToken`.
pin_uv_auth_param: &'a PinUvAuthParam,
},

@ -1,4 +1,4 @@
use crate::authenticator::client_pin::AuthProtocolVersion;
use crate::authenticator::client_pin::auth_protocol;
use crate::authenticator::Transport;
use crate::extensions;
use fido_common::credential::public_key;
@ -247,7 +247,7 @@ pub struct Info {
/// > authenticator preference. MUST NOT contain duplicate values...
// Cannot be empty if present
#[cfg_attr(feature = "serde", serde(rename = 0x06))]
pub pin_uv_auth_protocols: Option<Vec<AuthProtocolVersion>>,
pub pin_uv_auth_protocols: Option<Vec<auth_protocol::Version>>,
/// > Maximum number of credentials supported in credentialID list at a time
/// > by the authenticator.
#[cfg_attr(feature = "serde", serde(rename = 0x07))]

Loading…
Cancel
Save