Merge pull request #40 from Nitrokey/apdu-dispatch-020

Update apdu-dispatch
Nitrokey · Nov 8, 2023 · f4cf88a · f4cf88a
2 parents 2f49017 + bb6c07c
commit f4cf88a
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,13 +14,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Ignore user data with empty ID in getAssertion ([#32][])
 - Allow three instead of two PIN retries per boot ([#35][])
 - Reduce ID length for new credentials ([#37][])
+- Update apdu-dispatch and reject calls to `select` ([#40][])
 
 [#26]: https://github.com/solokeys/fido-authenticator/issues/26
 [#28]: https://github.com/solokeys/fido-authenticator/issues/28
 [#31]: https://github.com/solokeys/fido-authenticator/issues/31
 [#32]: https://github.com/solokeys/fido-authenticator/issues/32
 [#35]: https://github.com/solokeys/fido-authenticator/issues/35
 [#37]: https://github.com/solokeys/fido-authenticator/issues/37
+[#40]: https://github.com/nitrokey/fido-authenticator/pull/40
 
 ## [0.1.1] - 2022-08-22
 - Fix bug that treated U2F payloads as APDU over APDU in NFC transport @conorpp

diff --git a/Cargo.toml b/Cargo.toml
@@ -47,5 +47,6 @@ features = ["dispatch"]
 [patch.crates-io]
 ctap-types = { git = "https://github.com/nitrokey/ctap-types.git", tag = "v0.1.2-nitrokey.4" }
 ctaphid-dispatch = { git = "https://github.com/trussed-dev/ctaphid-dispatch.git", rev = "57cb3317878a8593847595319aa03ef17c29ec5b" }
+apdu-dispatch = { git = "https://github.com/trussed-dev/apdu-dispatch.git", rev = "915fc237103fcecc29d0f0b73391f19abf6576de" }
 trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "51e68500d7601d04f884f5e95567d14b9018a6cb" }
 serde-indexed = { git = "https://github.com/sosthene-nitrokey/serde-indexed.git", rev = "5005d23cb4ee8622e62188ea0f9466146f851f0d" }
diff --git a/src/dispatch/apdu.rs b/src/dispatch/apdu.rs
@@ -1,4 +1,4 @@
-use apdu_dispatch::{app as apdu, response::Data, Command};
+use apdu_dispatch::{app as apdu, dispatch::Interface, response::Data, Command};
 use ctap_types::{serde::error::Error as SerdeError, Error};
 use ctaphid_dispatch::app as ctaphid;
 use iso7816::Status;
@@ -28,7 +28,13 @@ where
     UP: UserPresence,
     T: TrussedRequirements,
 {
-    fn select(&mut self, _: &Command, reply: &mut Data) -> apdu::Result {
+    fn select(&mut self, interface: Interface, _: &Command, reply: &mut Data) -> apdu::Result {
+        // FIDO-over-CCID does not seem to officially be a thing; we don't support it.
+        // If we would, need to review the following cases catering to semi-documented U2F legacy.
+        if interface != apdu::Interface::Contactless {
+            return Err(Status::ConditionsOfUseNotSatisfied);
+        }
+
         reply.extend_from_slice(b"U2F_V2").unwrap();
         Ok(())
     }