Client pin features

Cargo.toml

@@ -31,6 +31,7 @@ with_ctap2_1 = []
 
 [dev-dependencies]
 elf2tab = "0.4.0"
+enum-iterator = "0.6.0"
 
 [build-dependencies]
 openssl = "0.10"

README.md

@@ -103,6 +103,13 @@ a few things you can personalize:
     When changing the default, resident credentials become undiscoverable without
     user verification. This helps privacy, but can make usage less comfortable
     for credentials that need less protection.
+6.  Increase the default minimum length for PINs in `ctap/storage.rs`.
+    The current minimum is 4. Values from 4 to 63 are allowed. Requiring longer
+    PINs can help establish trust between users and relying parties. It makes
+    user verification harder to break, but less convenient.
+    NIST recommends at least 6-digit PINs in section 5.1.9.1:
+    https://pages.nist.gov/800-63-3/sp800-63b.html
+    You can add relying parties to the list of readers of the minimum PIN length.
 
 ### 3D printed enclosure
 

reproducible/reference_binaries_macos-10.15.sha256sum

@@ -1,9 +1,9 @@
 91a98f475cb3042dd5184598a8292edb2a414df8d967a35c8f2295826b5a161b	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
-33164f39a0b5354cdf61236c301242476284c6b96d55275aa603734054ca7928	target/nrf52840dk_merged.hex
+7cc5c802e22e73c1edfd5b890642c5f6c4a1f888b61f0cd6d638a770eb0af739	target/nrf52840dk_merged.hex
 a5943c5311158b0f99370246d37782eb9b12fc36c56387eadb6587a3a4fe8fd5	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
-1232b44947f302900291692690f2e94cdfb165e00e74c682433100882754a516	target/nrf52840_dongle_merged.hex
+9ff31263bd33e92b5f1f59d83f557046cb4d022919a5082931a197a2f6ec4398	target/nrf52840_dongle_merged.hex
 663297e3e29b9e2a972b68cea1592aaf965d797242579bb5bca09cd73cdfb637	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
-b95ce848465523e98cf0c30f94f6430e99dc8ac4b33da5bc0d0f643523ff4b50	target/nrf52840_dongle_dfu_merged.hex
+4b1f17b3dda2460fe83adc157f8ae1fb2559fb151b8897806e7b0aa25c898ec1	target/nrf52840_dongle_dfu_merged.hex
 162a05d056aafc16d4868d5c3aa10518e41299dddd60608f96954dc9cf964cd3	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
-1085e1789c4429430c47d28b23a975223717eddd7c8aa23114acbc3ec2ec7080	target/nrf52840_mdk_dfu_merged.hex
-5bd063ce44e9ddcad8c4d17165a247387e4f1a9c6db81060fbb97244be1929b8	target/tab/ctap2.tab
+90369c2f5c1b3b3a443114be069fd2da0806444865830a7e992ed52e036c5a39	target/nrf52840_mdk_dfu_merged.hex
+299201ff87cd84bd767516143b4e6a54759e01fcd864c0e579c62217b21d4fa4	target/tab/ctap2.tab

reproducible/reference_binaries_ubuntu-18.04.sha256sum

@@ -1,9 +1,9 @@
 3feb5d29a3d669107b460a00391440be4ebc5e50461f9ef3248714f4f99c070e	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
-a02f078e165373113adbaf7fa5d272e7e01134061e8212331d54f0b0a8809aaa	target/nrf52840dk_merged.hex
+875fdc2bbd473a5c77c119ba860e54a43f8097c20931cc5ae83a26e9311ce124	target/nrf52840dk_merged.hex
 8eebe1c1dfe22003466c2570b3735c54c58ae91b8168582ad363ab79c9230a15	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
-973bf7d0b6ddb37bb9698cf8f2ef3c2a3dd27cd482b7a4c02e452902394ffa37	target/nrf52840_dongle_merged.hex
+70c1249370144c6ca55ad490dc5e418f9c2994c2649941dec41d769963a0e0ad	target/nrf52840_dongle_merged.hex
 779d77071d1e629f92210ac313e230bcaea6d77c710210c1ac4b40f8085cdad7	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
-d0e7ecc1d2a45ef4c77b39720b95b3e349a0d48d7b9ca99fa591019a9f2cafee	target/nrf52840_dongle_dfu_merged.hex
+6c12edd4ec4d952619e976e635df39235d821eec9902e8882563fc43a1690ddb	target/nrf52840_dongle_dfu_merged.hex
 f466490d6498f6c06c7c4a717eb437ba2fb06d1985532c23f145d38b9daa8259	third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
-d3d4a9d3442bb8cf924f553f8df7085e3d6331f1b6d9557115d485e584285d68	target/nrf52840_mdk_dfu_merged.hex
-6cda1346503867ef18d3fe7a3d32de6e22585c6134ef3347877894c5469390f5	target/tab/ctap2.tab
+7b67e726071ac5161344212821b9869c8f289559c8b91a5f2a0f17624855ce8a	target/nrf52840_mdk_dfu_merged.hex
+4dd8753dba382bdbadd0c9761949f7bdacbd77408cfc8dc466107a81ff664b15	target/tab/ctap2.tab

reproducible/reference_elf2tab_macos-10.15.txt

@@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 20 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187792 (0x2dd90) bytes.
-  Adding .stack section. Offset: 187920 (0x2de10). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 178688 (0x2ba00) bytes.
+  Adding .stack section. Offset: 178816 (0x2ba80). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 20 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187792 (0x2dd90) bytes.
-  Adding .stack section. Offset: 187920 (0x2de10). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 178688 (0x2ba00) bytes.
+  Adding .stack section. Offset: 178816 (0x2ba80). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 20 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187792 (0x2dd90) bytes.
-  Adding .stack section. Offset: 187920 (0x2de10). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 178688 (0x2ba00) bytes.
+  Adding .stack section. Offset: 178816 (0x2ba80). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 20 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187792 (0x2dd90) bytes.
-  Adding .stack section. Offset: 187920 (0x2de10). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 178688 (0x2ba00) bytes.
+  Adding .stack section. Offset: 178816 (0x2ba80). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2

reproducible/reference_elf2tab_ubuntu-18.04.txt

@@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 20 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187736 (0x2dd58) bytes.
-  Adding .stack section. Offset: 187864 (0x2ddd8). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 178536 (0x2b968) bytes.
+  Adding .stack section. Offset: 178664 (0x2b9e8). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 20 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187736 (0x2dd58) bytes.
-  Adding .stack section. Offset: 187864 (0x2ddd8). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 178536 (0x2b968) bytes.
+  Adding .stack section. Offset: 178664 (0x2b9e8). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 20 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187736 (0x2dd58) bytes.
-  Adding .stack section. Offset: 187864 (0x2ddd8). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 178536 (0x2b968) bytes.
+  Adding .stack section. Offset: 178664 (0x2b9e8). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2
@@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 20 bytes
 Number of writeable flash regions: 0
   Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
 Entry point is in .text section
-  Adding .text section. Offset: 128 (0x80). Length: 187736 (0x2dd58) bytes.
-  Adding .stack section. Offset: 187864 (0x2ddd8). Length: 16384 (0x4000) bytes.
+  Adding .text section. Offset: 128 (0x80). Length: 178536 (0x2b968) bytes.
+  Adding .stack section. Offset: 178664 (0x2b9e8). Length: 16384 (0x4000) bytes.
 Searching for .rel.X sections to add.
 TBF Header:
                version:        2        0x2

src/ctap/command.rs

@@ -278,12 +278,32 @@ pub struct AuthenticatorClientPinParameters {
     pub pin_auth: Option<Vec<u8>>,
     pub new_pin_enc: Option<Vec<u8>>,
     pub pin_hash_enc: Option<Vec<u8>>,
+    #[cfg(feature = "with_ctap2_1")]
+    pub min_pin_length: Option<u8>,
+    #[cfg(feature = "with_ctap2_1")]
+    pub min_pin_length_rp_ids: Option<Vec<String>>,
+    #[cfg(feature = "with_ctap2_1")]
+    pub permissions: Option<u8>,
+    #[cfg(feature = "with_ctap2_1")]
+    pub permissions_rp_id: Option<String>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     type Error = Ctap2StatusCode;
 
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
+        #[cfg(not(feature = "with_ctap2_1"))]
+        destructure_cbor_map! {
+            let {
+                1 => pin_protocol,
+                2 => sub_command,
+                3 => key_agreement,
+                4 => pin_auth,
+                5 => new_pin_enc,
+                6 => pin_hash_enc,
+            } = extract_map(cbor_value)?;
+        }
+        #[cfg(feature = "with_ctap2_1")]
         destructure_cbor_map! {
             let {
                 1 => pin_protocol,
@@ -292,6 +312,10 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
                 4 => pin_auth,
                 5 => new_pin_enc,
                 6 => pin_hash_enc,
+                7 => min_pin_length,
+                8 => min_pin_length_rp_ids,
+                9 => permissions,
+                10 => permissions_rp_id,
             } = extract_map(cbor_value)?;
         }
 
@@ -304,6 +328,32 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
         let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
         let new_pin_enc = new_pin_enc.map(extract_byte_string).transpose()?;
         let pin_hash_enc = pin_hash_enc.map(extract_byte_string).transpose()?;
+        #[cfg(feature = "with_ctap2_1")]
+        let min_pin_length = min_pin_length
+            .map(extract_unsigned)
+            .transpose()?
+            .map(u8::try_from)
+            .transpose()
+            .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
+        #[cfg(feature = "with_ctap2_1")]
+        let min_pin_length_rp_ids = match min_pin_length_rp_ids {
+            Some(entry) => Some(
+                extract_array(entry)?
+                    .into_iter()
+                    .map(extract_text_string)
+                    .collect::<Result<Vec<String>, Ctap2StatusCode>>()?,
+            ),
+            None => None,
+        };
+        #[cfg(feature = "with_ctap2_1")]
+        // We expect a bit field of 8 bits, and drop everything else.
+        // This means we ignore extensions in future versions.
+        let permissions = permissions
+            .map(extract_unsigned)
+            .transpose()?
+            .map(|p| p as u8);
+        #[cfg(feature = "with_ctap2_1")]
+        let permissions_rp_id = permissions_rp_id.map(extract_text_string).transpose()?;
 
         Ok(AuthenticatorClientPinParameters {
             pin_protocol,
@@ -312,6 +362,14 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             pin_auth,
             new_pin_enc,
             pin_hash_enc,
+            #[cfg(feature = "with_ctap2_1")]
+            min_pin_length,
+            #[cfg(feature = "with_ctap2_1")]
+            min_pin_length_rp_ids,
+            #[cfg(feature = "with_ctap2_1")]
+            permissions,
+            #[cfg(feature = "with_ctap2_1")]
+            permissions_rp_id,
         })
     }
 }
@@ -434,6 +492,9 @@ mod test {
 
     #[test]
     fn test_from_cbor_client_pin_parameters() {
+        // TODO(kaczmarczyck) inline the #cfg when #128 is resolved:
+        // https://github.com/google/OpenSK/issues/128
+        #[cfg(not(feature = "with_ctap2_1"))]
         let cbor_value = cbor_map! {
             1 => 1,
             2 => ClientPinSubCommand::GetPinRetries,
@@ -442,6 +503,19 @@ mod test {
             5 => vec! [0xCC],
             6 => vec! [0xDD],
         };
+        #[cfg(feature = "with_ctap2_1")]
+        let cbor_value = cbor_map! {
+            1 => 1,
+            2 => ClientPinSubCommand::GetPinRetries,
+            3 => cbor_map!{},
+            4 => vec! [0xBB],
+            5 => vec! [0xCC],
+            6 => vec! [0xDD],
+            7 => 4,
+            8 => cbor_array!["example.com"],
+            9 => 0x03,
+            10 => "example.com",
+        };
         let returned_pin_protocol_parameters =
             AuthenticatorClientPinParameters::try_from(cbor_value).unwrap();
 
@@ -452,6 +526,14 @@ mod test {
             pin_auth: Some(vec![0xBB]),
             new_pin_enc: Some(vec![0xCC]),
             pin_hash_enc: Some(vec![0xDD]),
+            #[cfg(feature = "with_ctap2_1")]
+            min_pin_length: Some(4),
+            #[cfg(feature = "with_ctap2_1")]
+            min_pin_length_rp_ids: Some(vec!["example.com".to_string()]),
+            #[cfg(feature = "with_ctap2_1")]
+            permissions: Some(0x03),
+            #[cfg(feature = "with_ctap2_1")]
+            permissions_rp_id: Some("example.com".to_string()),
         };
 
         assert_eq!(