Refactors fingerprint code

Introduces a compile flag to toggle fingerprint code.
Makes data structures and style match the library's current standard.
Removes some undesired customization and debug features.

Author: kaczmarczyck

Cargo.toml

@@ -43,6 +43,7 @@ with_ctap1 = ["opensk/with_ctap1"]
 with_nfc = ["libtock_drivers/with_nfc"]
 vendor_hid = ["opensk/vendor_hid"]
 ed25519 = ["ed25519-compact", "opensk/ed25519"]
+fingerprint = ["opensk/fingerprint"]
 
 [dev-dependencies]
 enum-iterator = "0.6.0"

libraries/opensk/Cargo.toml

@@ -42,6 +42,7 @@ with_ctap1 = []
 vendor_hid = []
 fuzz = ["arbitrary", "std"]
 ed25519 = ["ed25519-compact"]
+fingerprint = []
 
 [dev-dependencies]
 enum-iterator = "0.6.0"

libraries/opensk/src/api/customization.rs

@@ -145,7 +145,7 @@ pub trait Customization {
     /// this value.
     fn max_msg_size(&self) -> usize;
 
-    /// Sets the number of consecutive failed PINs before blocking interaction.
+    /// The number of consecutive failed PINs before blocking interaction.
     ///
     /// # Invariant
     ///
@@ -155,6 +155,42 @@ pub trait Customization {
     /// The fail retry counter is reset after entering the correct PIN.
     fn max_pin_retries(&self) -> u8;
 
+    /// Maximum number of UV retries performed before returning an error.
+    ///
+    /// Corresponds to maxUvAttemptsForInternalRetries in CTAP 2.1 onwards.
+    /// When internal retries are allowed, the authenticator will retry UV
+    /// before communicating its result through CTAP.
+    ///
+    /// # Invariant
+    ///
+    /// - Must be in the range [1, `max_uv_retries`].
+    /// - If `preferred_platform_uv_attempts` is not 1, must be in [1, 5].
+    #[cfg(feature = "fingerprint")]
+    fn max_uv_attempts_for_internal_retries(&self) -> u8;
+
+    /// The number of consecutive failed UV attempts before blocking built-in UV.
+    ///
+    /// Corresponds to maxUvRetries in CTAP 2.1 onwards.
+    ///
+    /// # Invariant
+    ///
+    /// - Must be in the range [1, 25].
+    #[cfg(feature = "fingerprint")]
+    fn max_uv_retries(&self) -> u8;
+
+    /// Preferred number of UV attempts before falling back to PIN.
+    ///
+    /// Corresponds to preferredPlatformUvAttempts in CTAP 2.1 onwards.
+    /// States the preference how often the platform should invoke
+    /// `getPinUvAuthTokenUsingUvWithPermissions` before falling back to
+    /// `getPinUvAuthTokenUsingPinWithPermissions` or displaying an error.
+    ///
+    /// # Invariant
+    ///
+    /// - Must be greater than 0.
+    #[cfg(feature = "fingerprint")]
+    fn preferred_platform_uv_attempts(&self) -> usize;
+
     /// Enables or disables basic attestation for FIDO2.
     ///
     /// # Invariant
@@ -253,30 +289,11 @@ pub trait Customization {
     /// for 10 years.
     fn max_supported_resident_keys(&self) -> usize;
 
-    /// This specifies the preferred number of invocations of the
-    /// `getPinUvAuthTokenUsingUvWithPermissions` subCommand the platform may
-    /// attempt before falling back to the
-    /// `getPinUvAuthTokenUsingPinWithPermissions` subCommand or displaying an
-    /// error.
-    ///
-    /// MUST be greater than zero. If the value is 1 then all uvRetries are
-    /// internal and the platform MUST only invoke the
-    /// getPinUvAuthTokenUsingUvWithPermissions subCommand a single time. If the
-    /// value is > 1 the authenticator MUST only decrement uvRetries by 1 for
-    /// each iteration.
-    fn preferred_platform_uv_attempts(&self) -> usize;
-
-    /// Sets the number of consecutive failed User Verification attempts before
-    /// blocking built-in UV.
-    ///
-    /// # Invariant
+    /// Maximum size of a friendly name for a UV template.
     ///
-    /// - CTAP2.1: Maximum PIN retries must be 25 at most.
-    fn max_uv_retries(&self) -> u8;
-
-    /// The maximum number of times the authenticator will retry internally when
-    /// internalRetry is true as part of the performBuiltInUv() algorithm.
-    fn max_uv_attempts_for_internal_retries(&self) -> u8;
+    /// This value limits storage requirements for fingerprints.
+    #[cfg(feature = "fingerprint")]
+    fn max_template_friendly_name(&self) -> usize;
 }
 
 #[derive(Clone)]
@@ -291,39 +308,49 @@ pub struct CustomizationImpl {
     pub enterprise_rp_id_list: &'static [&'static str],
     pub max_msg_size: usize,
     pub max_pin_retries: u8,
+    #[cfg(feature = "fingerprint")]
+    pub max_uv_attempts_for_internal_retries: u8,
+    #[cfg(feature = "fingerprint")]
+    pub max_uv_retries: u8,
+    #[cfg(feature = "fingerprint")]
+    pub preferred_platform_uv_attempts: usize,
     pub use_batch_attestation: bool,
     pub use_signature_counter: bool,
     pub max_cred_blob_length: usize,
     pub max_credential_count_in_list: Option<usize>,
     pub max_large_blob_array_size: usize,
     pub max_rp_ids_length: usize,
     pub max_supported_resident_keys: usize,
-    pub preferred_platform_uv_attempts: usize,
-    pub max_uv_retries: u8,
-    pub max_uv_attempts_for_internal_retries: u8,
+    #[cfg(feature = "fingerprint")]
+    pub max_template_friendly_name: usize,
 }
 
 pub const DEFAULT_CUSTOMIZATION: CustomizationImpl = CustomizationImpl {
     aaguid: &[0; AAGUID_LENGTH],
     allows_pin_protocol_v1: true,
-    default_cred_protect: Some(CredentialProtectionPolicy::UserVerificationOptional),
+    default_cred_protect: None,
     default_min_pin_length: 4,
     default_min_pin_length_rp_ids: &[],
-    enforce_always_uv: true,
+    enforce_always_uv: false,
     enterprise_attestation_mode: None,
     enterprise_rp_id_list: &[],
     max_msg_size: 7609,
     max_pin_retries: 8,
+    #[cfg(feature = "fingerprint")]
+    max_uv_attempts_for_internal_retries: 1,
+    #[cfg(feature = "fingerprint")]
+    max_uv_retries: 8,
+    #[cfg(feature = "fingerprint")]
+    preferred_platform_uv_attempts: 1,
     use_batch_attestation: false,
     use_signature_counter: true,
     max_cred_blob_length: 32,
     max_credential_count_in_list: None,
     max_large_blob_array_size: 2048,
     max_rp_ids_length: 8,
     max_supported_resident_keys: 150,
-    preferred_platform_uv_attempts: 5,
-    max_uv_retries: 8,
-    max_uv_attempts_for_internal_retries: 8,
+    #[cfg(feature = "fingerprint")]
+    max_template_friendly_name: 64,
 };
 
 impl Customization for CustomizationImpl {
@@ -378,6 +405,21 @@ impl Customization for CustomizationImpl {
         self.max_pin_retries
     }
 
+    #[cfg(feature = "fingerprint")]
+    fn max_uv_attempts_for_internal_retries(&self) -> u8 {
+        self.max_uv_attempts_for_internal_retries
+    }
+
+    #[cfg(feature = "fingerprint")]
+    fn max_uv_retries(&self) -> u8 {
+        self.max_uv_retries
+    }
+
+    #[cfg(feature = "fingerprint")]
+    fn preferred_platform_uv_attempts(&self) -> usize {
+        self.preferred_platform_uv_attempts
+    }
+
     fn use_batch_attestation(&self) -> bool {
         self.use_batch_attestation
     }
@@ -406,16 +448,9 @@ impl Customization for CustomizationImpl {
         self.max_supported_resident_keys
     }
 
-    fn preferred_platform_uv_attempts(&self) -> usize {
-        self.preferred_platform_uv_attempts
-    }
-
-    fn max_uv_retries(&self) -> u8 {
-        self.max_uv_retries
-    }
-
-    fn max_uv_attempts_for_internal_retries(&self) -> u8 {
-        self.max_uv_attempts_for_internal_retries
+    #[cfg(feature = "fingerprint")]
+    fn max_template_friendly_name(&self) -> usize {
+        self.max_template_friendly_name
     }
 }
 
@@ -489,6 +524,31 @@ pub fn is_valid(customization: &impl Customization) -> bool {
         return false;
     }
 
+    #[cfg(feature = "fingerprint")]
+    {
+        // Maximum UV retries must be in range [1, 25].
+        if customization.max_uv_retries() < 1 || customization.max_uv_retries() > 25 {
+            return false;
+        }
+
+        // Maximum internal UV attemps must be in range [1, `max_uv_retries`].
+        if customization.max_uv_attempts_for_internal_retries() < 1
+            || customization.max_uv_attempts_for_internal_retries() > customization.max_uv_retries()
+        {
+            return false;
+        }
+        if customization.preferred_platform_uv_attempts() != 1
+            && customization.max_uv_attempts_for_internal_retries() > 5
+        {
+            return false;
+        }
+
+        // Preferred number of UV attempts must be positive.
+        if customization.preferred_platform_uv_attempts() == 0 {
+            return false;
+        }
+    }
+
     true
 }
 
@@ -514,13 +574,21 @@ mod test {
             enterprise_rp_id_list: &[],
             max_msg_size: 7609,
             max_pin_retries: 8,
+            #[cfg(feature = "fingerprint")]
+            max_uv_attempts_for_internal_retries: 1,
+            #[cfg(feature = "fingerprint")]
+            max_uv_retries: 8,
+            #[cfg(feature = "fingerprint")]
+            preferred_platform_uv_attempts: 1,
             use_batch_attestation: true,
             use_signature_counter: true,
             max_cred_blob_length: 32,
             max_credential_count_in_list: Some(3),
             max_large_blob_array_size: 2048,
             max_rp_ids_length: 8,
             max_supported_resident_keys: 150,
+            #[cfg(feature = "fingerprint")]
+            max_template_friendly_name: 64,
         };
         assert_eq!(customization.aaguid(), &[0; AAGUID_LENGTH]);
         assert!(customization.allows_pin_protocol_v1());
@@ -535,12 +603,20 @@ mod test {
         assert!(customization.enterprise_rp_id_list().is_empty());
         assert_eq!(customization.max_msg_size(), 7609);
         assert_eq!(customization.max_pin_retries(), 8);
+        #[cfg(feature = "fingerprint")]
+        assert_eq!(customization.max_uv_attempts_for_internal_retries(), 1);
+        #[cfg(feature = "fingerprint")]
+        assert_eq!(customization.max_uv_retries(), 8);
+        #[cfg(feature = "fingerprint")]
+        assert_eq!(customization.preferred_platform_uv_attempts(), 1);
         assert!(customization.use_batch_attestation());
         assert!(customization.use_signature_counter());
         assert_eq!(customization.max_cred_blob_length(), 32);
         assert_eq!(customization.max_credential_count_in_list(), Some(3));
         assert_eq!(customization.max_large_blob_array_size(), 2048);
         assert_eq!(customization.max_rp_ids_length(), 8);
         assert_eq!(customization.max_supported_resident_keys(), 150);
+        #[cfg(feature = "fingerprint")]
+        assert_eq!(customization.max_template_friendly_name(), 64);
     }
 }