diff --git a/.github/workflows/cargo_check.yml b/.github/workflows/cargo_check.yml
index c54fc9e34ab5309e19d28dc4f9894bbcba72637f..07c1c0a8d2420b20be74f8238c7aa362af918bad 100644
--- a/.github/workflows/cargo_check.yml
+++ b/.github/workflows/cargo_check.yml
@@ -40,6 +40,12 @@ jobs:
command: check
args: --target thumbv7em-none-eabi --release --features with_ctap1
+ - name: Check OpenSK with_ctap2_1
+ uses: actions-rs/cargo@v1
+ with:
+ command: check
+ args: --target thumbv7em-none-eabi --release --features with_ctap2_1
+
- name: Check OpenSK debug_ctap
uses: actions-rs/cargo@v1
with:
@@ -76,11 +82,17 @@ jobs:
command: check
args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1
- - name: Check OpenSK debug_ctap,with_ctap1,panic_console,debug_allocations,verbose
+ - name: Check OpenSK debug_ctap,with_ctap2_1
+ uses: actions-rs/cargo@v1
+ with:
+ command: check
+ args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap2_1
+
+ - name: Check OpenSK debug_ctap,with_ctap1,with_ctap2_1,panic_console,debug_allocations,verbose
uses: actions-rs/cargo@v1
with:
command: check
- args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1,panic_console,debug_allocations,verbose
+ args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1,with_ctap2_1,panic_console,debug_allocations,verbose
- name: Check examples
uses: actions-rs/cargo@v1
diff --git a/.github/workflows/opensk_test.yml b/.github/workflows/opensk_test.yml
index 6b177638145cc60ab477b5a80bb044a64d9ae806..ece41e71b9667f0220a01423d6f6e375e41fa320 100644
--- a/.github/workflows/opensk_test.yml
+++ b/.github/workflows/opensk_test.yml
@@ -49,3 +49,27 @@ jobs:
command: test
args: --features std,with_ctap1
+ - name: Unit testing of CTAP2 (release mode + CTAP2.1)
+ uses: actions-rs/cargo@v1
+ with:
+ command: test
+ args: --release --features std,with_ctap2_1
+
+ - name: Unit testing of CTAP2 (debug mode + CTAP2.1)
+ uses: actions-rs/cargo@v1
+ with:
+ command: test
+ args: --features std,with_ctap2_1
+
+ - name: Unit testing of CTAP2 (release mode + CTAP1 + CTAP2.1)
+ uses: actions-rs/cargo@v1
+ with:
+ command: test
+ args: --release --features std,with_ctap1,with_ctap2_1
+
+ - name: Unit testing of CTAP2 (debug mode + CTAP1 + CTAP2.1)
+ uses: actions-rs/cargo@v1
+ with:
+ command: test
+ args: --features std,with_ctap1,with_ctap2_1
+
diff --git a/README.md b/README.md
index 8dcc7613f954fc4ce537b699a2dba1e51b9ada11..28093fc3a83c99ca214bfad7891803a21c2ded35 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ be FIDO Certified.
We started adding features of the upcoming next version of the
[CTAP2.1 specifications](https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html).
The development is currently between 2.0 and 2.1, with updates hidden behind a feature flag.
-Please add the flag `shell --ctap2-1` to the deploy command to include them.
+Please add the flag `--ctap2.1` to the deploy command to include them.
### Cryptography
diff --git a/deploy.py b/deploy.py
index 89921ca41cbff888f5f562e57a1a8ba0312d80c5..2b1ce0c784f3822e279481ad2d6f1424ab5cd9c3 100755
--- a/deploy.py
+++ b/deploy.py
@@ -755,7 +755,7 @@ if __name__ == "__main__":
"support for U2F/CTAP1 protocol."),
)
main_parser.add_argument(
- "--ctap2-1",
+ "--ctap2.1",
action=RemoveConstAction,
const="with_ctap2_1",
dest="features",
diff --git a/run_desktop_tests.sh b/run_desktop_tests.sh
index 0613e34592becdd8fc8336b1a66fff4135e30e3e..07b652e2756f8e8142c5c94b0dc4cc770dd2dcc6 100755
--- a/run_desktop_tests.sh
+++ b/run_desktop_tests.sh
@@ -93,4 +93,10 @@ then
echo "Running unit tests on the desktop (debug mode + CTAP2.1)..."
cargo test --features std,with_ctap2_1
+
+ echo "Running unit tests on the desktop (release mode + CTAP1 + CTAP2.1)..."
+ cargo test --release --features std,with_ctap1,with_ctap2_1
+
+ echo "Running unit tests on the desktop (debug mode + CTAP1 + CTAP2.1)..."
+ cargo test --features std,with_ctap1,with_ctap2_1
fi
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 4f7e31cf37600c0b651303063642e2b2ed94a7bb..8e6c7d9c365a149d8c1b4a82e1ad019448a4ecff 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -111,7 +111,7 @@ impl From<PublicKeyCredentialType> for cbor::Value {
match cred_type {
PublicKeyCredentialType::PublicKey => "public-key",
// We should never create this credential type.
- PublicKeyCredentialType::Unknown => unreachable!(),
+ PublicKeyCredentialType::Unknown => "unknown",
}
.into()
}
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 24039ad128313a2670bbdcd9c2d0ba0476993f06..a39a983f41524b2728f220b0cf4ed34da2b9b46c 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -762,7 +762,6 @@ where
self.persistent_store.pin_hash().is_some(),
);
Ok(ResponseData::AuthenticatorGetInfo(
- #[cfg(feature = "with_ctap2_1")]
AuthenticatorGetInfoResponse {
versions: vec![
#[cfg(feature = "with_ctap1")]
@@ -776,29 +775,19 @@ where
pin_protocols: Some(vec![
CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION,
]),
+ #[cfg(feature = "with_ctap2_1")]
max_credential_count_in_list: MAX_CREDENTIAL_COUNT_IN_LIST.map(|c| c as u64),
// You can use ENCRYPTED_CREDENTIAL_ID_SIZE here, but if your
// browser passes that value, it might be used to fingerprint.
+ #[cfg(feature = "with_ctap2_1")]
max_credential_id_length: None,
+ #[cfg(feature = "with_ctap2_1")]
transports: Some(vec![AuthenticatorTransport::Usb]),
+ #[cfg(feature = "with_ctap2_1")]
algorithms: Some(vec![ES256_CRED_PARAM]),
+ #[cfg(feature = "with_ctap2_1")]
firmware_version: None,
},
- #[cfg(not(feature = "with_ctap2_1"))]
- AuthenticatorGetInfoResponse {
- versions: vec![
- #[cfg(feature = "with_ctap1")]
- String::from(U2F_VERSION_STRING),
- String::from(FIDO2_VERSION_STRING),
- ],
- extensions: Some(vec![String::from("hmac-secret")]),
- aaguid: *AAGUID,
- options: Some(options_map),
- max_msg_size: Some(1024),
- pin_protocols: Some(vec![
- CtapState::<R, CheckUserPresence>::PIN_PROTOCOL_VERSION,
- ]),
- },
))
}