google · kaczmarczyck · Aug 20, 2020 · Jun 18, 2020 · Jun 18, 2020 · Jun 24, 2020
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,6 +29,7 @@ with_ctap2_1 = []
 
 [dev-dependencies]
 elf2tab = "0.4.0"
+enum-iterator = "0.6.0"
 
 [build-dependencies]
 openssl = "0.10"

diff --git a/README.md b/README.md
@@ -103,6 +103,13 @@ a few things you can personalize:
     When changing the default, resident credentials become undiscoverable without
     user verification. This helps privacy, but can make usage less comfortable
     for credentials that need less protection.
+6.  Increase the default minimum length for PINs in `ctap/storage.rs`.
+    The current minimum is 4. Values from 4 to 63 are allowed. Requiring longer
+    PINs can help establish trust between users and relying parties. It makes
+    user verification harder to break, but less convenient.
+    NIST recommends at least 6-digit PINs in section 5.1.9.1:
+    https://pages.nist.gov/800-63-3/sp800-63b.html
+    You can add relying parties to the list of readers of the minimum PIN length.
 
 ### 3D printed enclosure
 

diff --git a/reproducible/reference_binaries_macos-10.15.sha256sum b/reproducible/reference_binaries_macos-10.15.sha256sum
@@ -1,9 +1,9 @@
 0b54df6d548849e24d67b9b022ca09cb33c51f078ce85d0c9c4635ffc69902e1	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
-9726082139399889fde1d5aa4005596eecd60726201e02a522aa25870109d252	target/nrf52840dk_merged.hex
+949d005f9a356a031dcb0a92a703c87377489ca66869dda490d9a687c77dd723	target/nrf52840dk_merged.hex
 052eec0ae526038352b9f7573468d0cf7fb5ec331d4dc1a2df75fdbd514ea5ca	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
-5cf5599d001a9f7be80132b3e83c2a5e28e9c6a70b79058b266a23527e754d41	target/nrf52840_dongle_merged.hex
+fbf5e36aa4c71a77af5d04392faf29fd6491f0597f0fa35e6c0edeb5d3c8ad26	target/nrf52840_dongle_merged.hex
 908d7f4f40936d968b91ab6e19b2406612fe8c2c273d9c0b71ef1f55116780e0	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
-69524a8538ae65637dfaf8709b9cfb4730858dea56d96ae304163d6f5d0dabe0	target/nrf52840_dongle_dfu_merged.hex
+1ad0c691e8c0b4df8051f0738502e34cb9dd57d449d0c01f050dae577746c3ac	target/nrf52840_dongle_dfu_merged.hex
 34ecbecaebf1188277f2310fe769c8c60310d8576493242712854deb4ba1036e	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
-276bec775183524eb7dbbd107416d90dbadb853771deaa8f49f1baf9d0f216e1	target/nrf52840_mdk_dfu_merged.hex
-8e7ad6778dbb86e13613a30487c41b9086f7fe55dc0db234968eb52750b8a94c	target/tab/ctap2.tab
+2e0bdaf152933e7bca99c2c13e13bb14da26e71e0845e09bf97d611df34768c3	target/nrf52840_mdk_dfu_merged.hex
+6f72b3e5c35c3d73c7274b0736c4969e2bd566c77815a8e7cdd407d9edb67180	target/tab/ctap2.tab
diff --git a/reproducible/reference_binaries_ubuntu-18.04.sha256sum b/reproducible/reference_binaries_ubuntu-18.04.sha256sum
@@ -1,9 +1,9 @@
 29382e72d0f3c6a72ce9517211952ff29ea270193d7f0ddc48ca69009ee29925	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
-f48b98125b06b81ba3c62657bfd9aee9c2b81a1307173d2a73f110f7cdb29513	target/nrf52840dk_merged.hex
+2c0bdb663edc88ae168ecd12b71730ab26bdc6d23b9fa832acc63cc4c91461ac	target/nrf52840dk_merged.hex
 30f239390ae9bef0825731e4c82d40470fc5e9bded2bf0d942e92dbb5d4faba1	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
-97f0998c06c622c92a4504b6f416f548e5b47a1a9b592c6a98ca338450990419	target/nrf52840_dongle_merged.hex
+81564eab5c20f186c0583e0a31f26fcc50ec0ebd997bff6109e663cbb7d59966	target/nrf52840_dongle_merged.hex
 e3acf15d5ae3a22aecff6cc58db5fc311f538f47328d348b7ad7db7f9ab5e72c	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
-bf5a5745d76eeeb38908f6179d5ba07ac2578dd1b55f95e9440cdf893d850ffc	target/nrf52840_dongle_dfu_merged.hex
+25b10d9d80d4961ea0d8373d64e883279baeff6997eb8e541d36930ec423b88b	target/nrf52840_dongle_dfu_merged.hex
 cae312a26a513ada6c198fdc59b2bba3860c51726b817a9fd17a4331ee12c882	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
-6b2da0ff3af55e7fe86177a8d795baab3752a59c55bf0bb0af2fcfec1c983e57	target/nrf52840_mdk_dfu_merged.hex
-26706e2fefe6894ffbaa0681454aeda24c69d8aeb5289f8c0e4428cdc7c4fc59	target/tab/ctap2.tab
+1077f1acf2c0d65eeda2056d907ee449bfbf7f783c253c1f92838f7ac5e11d99	target/nrf52840_mdk_dfu_merged.hex
+3c8dc97b68c5ce5030f0af3879c5f9531d69ea1404899e9dfe306d02d638e0cc	target/tab/ctap2.tab
diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt
@@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 16 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 179332 (0x2bc84) bytes.
-  Adding .stack section. Offset: 179460 (0x2bd04). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 175972 (0x2af64) bytes.
+  Adding .stack section. Offset: 176100 (0x2afe4). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 16 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 179332 (0x2bc84) bytes.
-  Adding .stack section. Offset: 179460 (0x2bd04). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 175972 (0x2af64) bytes.
+  Adding .stack section. Offset: 176100 (0x2afe4). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 16 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 179332 (0x2bc84) bytes.
-  Adding .stack section. Offset: 179460 (0x2bd04). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 175972 (0x2af64) bytes.
+  Adding .stack section. Offset: 176100 (0x2afe4). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 16 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 179332 (0x2bc84) bytes.
-  Adding .stack section. Offset: 179460 (0x2bd04). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 175972 (0x2af64) bytes.
+  Adding .stack section. Offset: 176100 (0x2afe4). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2

diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt
@@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 16 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 178788 (0x2ba64) bytes.
-  Adding .stack section. Offset: 178916 (0x2bae4). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 176516 (0x2b184) bytes.
+  Adding .stack section. Offset: 176644 (0x2b204). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 16 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 178788 (0x2ba64) bytes.
-  Adding .stack section. Offset: 178916 (0x2bae4). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 176516 (0x2b184) bytes.
+  Adding .stack section. Offset: 176644 (0x2b204). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 16 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 178788 (0x2ba64) bytes.
-  Adding .stack section. Offset: 178916 (0x2bae4). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 176516 (0x2b184) bytes.
+  Adding .stack section. Offset: 176644 (0x2b204). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 16 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 178788 (0x2ba64) bytes.
-  Adding .stack section. Offset: 178916 (0x2bae4). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 176516 (0x2b184) bytes.
+  Adding .stack section. Offset: 176644 (0x2b204). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2

diff --git a/src/ctap/command.rs b/src/ctap/command.rs
@@ -278,12 +278,32 @@ pub struct AuthenticatorClientPinParameters {
     pub pin_auth: Option<Vec<u8>>,
     pub new_pin_enc: Option<Vec<u8>>,
     pub pin_hash_enc: Option<Vec<u8>>,
+    #[cfg(feature = "with_ctap2_1")]
+    pub min_pin_length: Option<u8>,
+    #[cfg(feature = "with_ctap2_1")]
+    pub min_pin_length_rp_ids: Option<Vec<String>>,
+    #[cfg(feature = "with_ctap2_1")]
+    pub permissions: Option<u8>,
+    #[cfg(feature = "with_ctap2_1")]
+    pub permissions_rp_id: Option<String>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     type Error = Ctap2StatusCode;
 
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        #[cfg(not(feature = "with_ctap2_1"))]
+        destructure_cbor_map! {
+            let {
+                1 => pin_protocol,
+                2 => sub_command,
+                3 => key_agreement,
+                4 => pin_auth,
+                5 => new_pin_enc,
+                6 => pin_hash_enc,
+            } = extract_map(cbor_value)?;
+        }
+        #[cfg(feature = "with_ctap2_1")]
         destructure_cbor_map! {
             let {
                 1 => pin_protocol,
@@ -292,6 +312,10 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
                 4 => pin_auth,
                 5 => new_pin_enc,
                 6 => pin_hash_enc,
+                7 => min_pin_length,
+                8 => min_pin_length_rp_ids,
+                9 => permissions,
+                10 => permissions_rp_id,
             } = extract_map(cbor_value)?;
         }
 
@@ -304,6 +328,32 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
         let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
         let new_pin_enc = new_pin_enc.map(extract_byte_string).transpose()?;
         let pin_hash_enc = pin_hash_enc.map(extract_byte_string).transpose()?;
+        #[cfg(feature = "with_ctap2_1")]
+        let min_pin_length = min_pin_length
+            .map(extract_unsigned)
+            .transpose()?
+            .map(u8::try_from)
+            .transpose()
+            .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
+        #[cfg(feature = "with_ctap2_1")]
+        let min_pin_length_rp_ids = match min_pin_length_rp_ids {
+            Some(entry) => Some(
+                extract_array(entry)?
+                    .into_iter()
+                    .map(extract_text_string)
+                    .collect::<Result<Vec<String>, Ctap2StatusCode>>()?,
+            ),
+            None => None,
+        };
+        #[cfg(feature = "with_ctap2_1")]
+        // We expect a bit field of 8 bits, and drop everything else.
+        // This means we ignore extensions in future versions.
+        let permissions = permissions
+            .map(extract_unsigned)
+            .transpose()?
+            .map(|p| p as u8);
+        #[cfg(feature = "with_ctap2_1")]
+        let permissions_rp_id = permissions_rp_id.map(extract_text_string).transpose()?;
 
         Ok(AuthenticatorClientPinParameters {
             pin_protocol,
@@ -312,6 +362,14 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             pin_auth,
             new_pin_enc,
             pin_hash_enc,
+            #[cfg(feature = "with_ctap2_1")]
+            min_pin_length,
+            #[cfg(feature = "with_ctap2_1")]
+            min_pin_length_rp_ids,
+            #[cfg(feature = "with_ctap2_1")]
+            permissions,
+            #[cfg(feature = "with_ctap2_1")]
+            permissions_rp_id,
         })
     }
 }
@@ -434,6 +492,9 @@ mod test {
 
     #[test]
     fn test_from_cbor_client_pin_parameters() {
+        // TODO(kaczmarczyck) inline the #cfg when #128 is resolved:
+        // https://github.com/google/OpenSK/issues/128
+        #[cfg(not(feature = "with_ctap2_1"))]
         let cbor_value = cbor_map! {
             1 => 1,
             2 => ClientPinSubCommand::GetPinRetries,
@@ -442,6 +503,19 @@ mod test {
             5 => vec! [0xCC],
             6 => vec! [0xDD],
         };
+        #[cfg(feature = "with_ctap2_1")]
+        let cbor_value = cbor_map! {
+            1 => 1,
+            2 => ClientPinSubCommand::GetPinRetries,
+            3 => cbor_map!{},
+            4 => vec! [0xBB],
+            5 => vec! [0xCC],
+            6 => vec! [0xDD],
+            7 => 4,
+            8 => cbor_array!["example.com"],
+            9 => 0x03,
+            10 => "example.com",
+        };
         let returned_pin_protocol_parameters =
             AuthenticatorClientPinParameters::try_from(cbor_value).unwrap();
 
@@ -452,6 +526,14 @@ mod test {
             pin_auth: Some(vec![0xBB]),
             new_pin_enc: Some(vec![0xCC]),
             pin_hash_enc: Some(vec![0xDD]),
+            #[cfg(feature = "with_ctap2_1")]
+            min_pin_length: Some(4),
+            #[cfg(feature = "with_ctap2_1")]
+            min_pin_length_rp_ids: Some(vec!["example.com".to_string()]),
+            #[cfg(feature = "with_ctap2_1")]
+            permissions: Some(0x03),
+            #[cfg(feature = "with_ctap2_1")]
+            permissions_rp_id: Some("example.com".to_string()),
         };
 
         assert_eq!(