Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement PIN protocol 2 and PIN token permissions #63

Merged
merged 3 commits into from
Mar 1, 2024
Merged

Implement PIN protocol 2 and PIN token permissions #63

merged 3 commits into from
Mar 1, 2024

Conversation

robin-nitrokey
Copy link
Member

@robin-nitrokey
ctap2: Explicitly specify PIN protocol version
2bbe43e 
This patch removes the assumption that we only support PIN protocol 1
from the CTAP2 implementation.  Instead, a list of supported PIN
protocols is provided by the pin_protocols function and
parse_pin_protocol can be used to validate the PIN protocol selected by
the platform.  The parsed PIN protocol version must then be passed to
the pin_protcol function to access the correct implementation.
@robin-nitrokey robin-nitrokey force-pushed the pin-protocol-2 branch 3 times, most recently from 462e305 to c53bbea Compare February 29, 2024 21:17
@robin-nitrokey robin-nitrokey marked this pull request as ready for review February 29, 2024 21:19
@robin-nitrokey robin-nitrokey changed the title Implement PIN protocol 2 Implement PIN protocol 2 and PIN token permissions Feb 29, 2024
@robin-nitrokey
Copy link
Member Author

Updated to include PIN token permissions so that testing is feasible. This branch should include a working firmware version with these changes: https://github.com/Nitrokey/nitrokey-3-firmware/tree/fido-pin-protocol-2

@robin-nitrokey
Copy link
Member Author

A potential point for discussion is naming. What used to be the pinToken in CTAP 2.0 is now the pinUvAuthToken. For simplicity, I just kept the pin_token naming in the code. python-fido2 uses puat.

@robin-nitrokey robin-nitrokey mentioned this pull request Mar 1, 2024
Merged
@daringer
Copy link

daringer commented Mar 1, 2024
edited
Loading

naming: I think pin_token is clearer than puat and there seems anyway nothing similar named to be mixed up with, right?

testing https://github.com/Nitrokey/nitrokey-3-firmware/tree/fido-pin-protocol-2 for regressions and functionality against pynitrokey (master) with Nitrokey/pynitrokey#507 included:

soooo, lgtm!

@robin-nitrokey robin-nitrokey merged commit 87e3aef into main Mar 1, 2024
@robin-nitrokey robin-nitrokey deleted the pin-protocol-2 branch March 1, 2024 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daringer daringer daringer approved these changes

@sosthene-nitrokey sosthene-nitrokey Awaiting requested review from sosthene-nitrokey

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@robin-nitrokey @daringer