[riot-notifications] [RIOT-OS/RIOT] FIDO2 support in RIOT (#16489)

Nils Ollrogge notifications at github.com
Wed May 26 17:58:14 CEST 2021


@Ollrogge commented on this pull request.



> +    if (req.sub_command != CTAP_CP_REQ_SUB_COMMAND_GET_RETRIES) {
+        if (locked()) {
+            return CTAP2_ERR_PIN_BLOCKED;
+        }
+
+        if (boot_locked()) {
+            return CTAP2_ERR_PIN_AUTH_BLOCKED;
+        }
+    }
+
+    if (req.pin_protocol != CTAP_PIN_PROT_VER) {
+        return CTAP1_ERR_OTHER;
+    }
+
+    switch (req.sub_command) {
+    case CTAP_CP_REQ_SUB_COMMAND_GET_RETRIES:

These code paths are executed once you have set a PIN on the authenticator. Yes the package does test the PIN methods. The ClientPIN method is the reason you need to reboot so often when running `make fido2-tests` (to test the lockout mechanism when entering and invalid PIN a couple of times). 

The sub_command is part of the request and is set by the platform.

I agree the documentation is lacking. I will document the whole PIN process more.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/16489#discussion_r639871126
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20210526/11976c11/attachment.htm>


More information about the notifications mailing list