Skip to content

Commit

Permalink
apply suggestions: Vec to slice, if let to match, comments
Browse files Browse the repository at this point in the history
  • Loading branch information
kaczmarczyck committed Mar 12, 2020
1 parent 8d52e8a commit db6be4e
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 28 deletions.
6 changes: 3 additions & 3 deletions src/ctap/data_formats.rs
Original file line number Diff line number Diff line change
Expand Up @@ -224,8 +224,8 @@ impl From<Extensions> for cbor::Value {
fn from(extensions: Extensions) -> Self {
cbor_map_btree!(extensions
.0
.iter()
.map(|(key, value)| (cbor_text!(key), value.clone()))
.into_iter()
.map(|(key, value)| (cbor_text!(key), value))
.collect())
}
}
Expand Down Expand Up @@ -1095,7 +1095,7 @@ mod test {
);

let credential = PublicKeyCredentialSource {
cred_random: Some([0x00; 32].to_vec()),
cred_random: Some(vec![0x00; 32]),
..credential
};

Expand Down
49 changes: 24 additions & 25 deletions src/ctap/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -81,9 +81,13 @@ const PIN_PADDED_LENGTH: usize = 64;
// - 32 byte relying party ID hashed with SHA256,
// - 32 byte HMAC-SHA256 over everything else.
pub const ENCRYPTED_CREDENTIAL_ID_SIZE: usize = 112;
// Set this bit when checking user presence.
const UP_FLAG: u8 = 0x01;
// Set this bit when checking user verification.
const UV_FLAG: u8 = 0x04;
// Set this bit when performing attestation.
const AT_FLAG: u8 = 0x40;
// Set this bit when an extension is used.
const ED_FLAG: u8 = 0x80;

pub const TOUCH_TIMEOUT_MS: isize = 30000;
Expand Down Expand Up @@ -111,7 +115,7 @@ fn check_pin_auth(hmac_key: &[u8], hmac_contents: &[u8], pin_auth: &[u8]) -> boo
// The last step is to re-encrypt the outputs.
pub fn encrypt_hmac_secret_output(
shared_secret: &[u8; 32],
salt_enc: Vec<u8>,
salt_enc: &[u8],
cred_random: &[u8],
) -> Result<Vec<u8>, Ctap2StatusCode> {
if salt_enc.len() != 32 && salt_enc.len() != 64 {
Expand Down Expand Up @@ -421,11 +425,8 @@ where
return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
}

let use_hmac_extension = if let Some(extensions) = extensions {
extensions.has_make_credential_hmac_secret()?
} else {
false
};
let use_hmac_extension =
extensions.map_or(Ok(false), |e| e.has_make_credential_hmac_secret())?;
if use_hmac_extension && !options.rk {
// The extension is actually supported, but we need resident keys.
return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
Expand Down Expand Up @@ -611,10 +612,9 @@ where
}
}

let get_assertion_hmac_secret_input = if let Some(extensions) = extensions {
extensions.get_assertion_hmac_secret().transpose()?
} else {
None
let get_assertion_hmac_secret_input = match extensions {
Some(extensions) => extensions.get_assertion_hmac_secret().transpose()?,
None => None,
};
if get_assertion_hmac_secret_input.is_some() && !options.up {
// The extension is actually supported, but we need user presence.
Expand Down Expand Up @@ -703,11 +703,10 @@ where
return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
}

let encrypted_output = if let Some(cred_random) = &credential.cred_random {
encrypt_hmac_secret_output(&shared_secret, salt_enc, cred_random)?
} else {
// This happens because the credential was not created with HMAC-secret.
return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION);
let encrypted_output = match &credential.cred_random {
Some(cr) => encrypt_hmac_secret_output(&shared_secret, &salt_enc[..], cr)?,
// This is the case if the credential was not created with HMAC-secret.
None => return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION),
};

let extensions = cbor_map! {
Expand Down Expand Up @@ -1524,25 +1523,25 @@ mod test {
#[test]
fn test_encrypt_hmac_secret_output() {
let shared_secret = [0x55; 32];
let salt_enc = vec![0x5E; 32];
let cred_random = vec![0xC9; 32];
let output = encrypt_hmac_secret_output(&shared_secret, salt_enc, &cred_random);
let salt_enc = [0x5E; 32];
let cred_random = [0xC9; 32];
let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
assert_eq!(output.unwrap().len(), 32);

let salt_enc = vec![0x5E; 48];
let output = encrypt_hmac_secret_output(&shared_secret, salt_enc, &cred_random);
let salt_enc = [0x5E; 48];
let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
assert_eq!(
output,
Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION)
);

let salt_enc = vec![0x5E; 64];
let output = encrypt_hmac_secret_output(&shared_secret, salt_enc, &cred_random);
let salt_enc = [0x5E; 64];
let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
assert_eq!(output.unwrap().len(), 64);

let salt_enc = vec![0x5E; 32];
let cred_random = vec![0xC9; 33];
let output = encrypt_hmac_secret_output(&shared_secret, salt_enc, &cred_random);
let salt_enc = [0x5E; 32];
let cred_random = [0xC9; 33];
let output = encrypt_hmac_secret_output(&shared_secret, &salt_enc, &cred_random);
assert_eq!(
output,
Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_EXTENSION)
Expand Down

0 comments on commit db6be4e

Please sign in to comment.