Client pin features #127
Merged
Client pin features #127
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ia0
reviewed
Jul 3, 2020
ia0
reviewed
Jul 8, 2020
gendx
reviewed
Jul 8, 2020
gendx
reviewed
Jul 8, 2020
gendx
reviewed
Jul 8, 2020
gendx
reviewed
Jul 8, 2020
gendx
reviewed
Jul 8, 2020
Open
|
This is a CTAP2.1 feature, tracked in #106 . |
ia0
previously approved these changes
Jul 9, 2020
ia0
reviewed
Jul 9, 2020
ia0
previously approved these changes
Jul 9, 2020
gendx
reviewed
Jul 20, 2020
gendx
requested changes
Jul 20, 2020
|
Thanks @gendx for the review and the Rust comments. Concerning reviewing for details of the protocol, the old comments are thoroughly tested and mostly taken from |
gendx
requested changes
Jul 30, 2020
gendx
reviewed
Aug 7, 2020
gendx
reviewed
Aug 7, 2020
gendx
reviewed
Aug 7, 2020
gendx
reviewed
Aug 17, 2020
gendx
reviewed
Aug 19, 2020
gendx
reviewed
Aug 20, 2020
gendx
previously approved these changes
Aug 20, 2020
gendx
approved these changes
Aug 20, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds new subcommands from CTAP 2.1 in clientPin.
CTAP 2.1 introduces an interface for PIN protocol versions, since a v2 is currently being drafted. I decided to move all clientPin code for the existing PIN protocol v1 to a separate module. For better code sharing with a potential v2, we might introduce the common interface later when needed. I decided to not proactively refactor v1 into that interface, and wait until it is stable.
This has the added benefit of moving some complexity out of
ctap/mod.rswhich will have to accommodate more commands as they are introduced.We will need to do more testing of changes for 2.1 in the wild when platforms and relying parties support it.
This PR contains some unused functions, this is intentional. They will later be used by the "Minimum PIN Length Extension" to allow some relying parties to see the minimum PIN length required by this authenticator, and include it in its attestation during MakeCredential. This feature establishes trust with relying parties with strict PIN policies.
Other open TODOs are (1) enforcing PIN length in code points and (2) places where the specification is ambiguous and discussed in the FIDO Alliance (you might lack permissions).