Merge commit 'c2ff833e241dcb0742130262418bea46afc898f8' into feature/…

…piv-oath-pgp

FIDO2 Conformance Testing.json

@@ -0,0 +1,88 @@
+{
+    "description": "CanoKey Authenticator",
+    "aaguid": "244eb29e-e090-4e49-81fe-1f20f8d3b8f4",
+    "authenticatorVersion": 201,
+    "protocolFamily": "fido2",
+    "schema": 3,
+    "upv": [
+        {
+            "major": 1,
+            "minor": 1
+        },
+        {
+            "major": 1,
+            "minor": 0
+        }
+    ],
+    "authenticationAlgorithms": ["secp256r1_ecdsa_sha256_raw", "ed25519_eddsa_sha512_raw"],
+    "publicKeyAlgAndEncodings": ["cose"],
+    "attestationTypes": ["basic_full"],
+    "userVerificationDetails": [
+        [
+            { "userVerificationMethod": "none" }
+        ],
+        [
+            { "userVerificationMethod": "presence_internal" }
+        ],
+        [
+            { "userVerificationMethod": "passcode_external" }
+        ],
+        [
+            { "userVerificationMethod": "passcode_external" },
+            { "userVerificationMethod": "presence_internal" }
+        ]
+    ],
+    "keyProtection": ["hardware", "secure_element"],
+    "matcherProtection": ["on_chip"],
+    "tcDisplay": [],
+    "attestationRootCertificates": [
+        "MIIDMjCCAhqgAwIBAgIUAvaAGy8lEWimeNJniABYTEpv1GowDQYJKoZIhvcNAQELBQAwMTEvMC0GA1UEAwwmQ2Fub0tleXMgRklETyBBdHRlc3RhdGlvbiBSb290IENBIE5vLjEwHhcNMjAwNzA4MTEzNzMzWhcNNDAwMTA1MTEzNzMzWjAxMS8wLQYDVQQDDCZDYW5vS2V5cyBGSURPIEF0dGVzdGF0aW9uIFJvb3QgQ0EgTm8uMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7eBQHp4sJBXOEM9JivpoQvS/neBPCdp2h36PGDzx6wZ5AP8UZOw5a+VFeresLm00qo5qWOJ2ajFlupjmXVpfsYnao1DDbI3ZDZkbIePj0NmnTProHr4N73gBGGaErKW+IURVGsvXAZcPz/qeGclo4ZFH4th6RZT4nJzOUd5rwB5ZNnqgxmhAziyz8MUb3dmYJpB/PC+5SRaCcW7hzKoxy9Wv4SJkCrf3V7YOix9VKqut4hIHDObHgzeoUDpw1makeRDD+I0ImKCxErVydSNXhcKF+8TDAM6S+ucD2Nj/xmrSB3P59ZIBYlGlrEZG5tbXs+KWXP5GH28jDlCzqzrMMCAwEAAaNCMEAwHQYDVR0OBBYEFLH58IKZ6u2YsgCKQdfbKILv3W1AMA8GA1UdEwQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBoIU1j9srZqey3e1i3Ntu0Sa/co4ltDhHrl2FqZNAsVSjqD6sbDFjOO2gPWh/RhkbV0KYlFPqA7MC4KwIwBekWwZ0W5ZH+a4uEGjZqGAxym4Bae+qyHrsnBmKnwhKmQTbGmCrHWxObi8dq+cImBN/LmzWk7ImriNbTf/g/DwYLA/9FxD7O90KCW7yghXOsZhka8Z6o/5dqnIagMXeSimkPzwIdB53v4AObsguiD9aV5b1P62wymEFp1wImJoJsXQxls1AhTdAG2Yez0PjeN4l5im+px6owhDA3bcGbccdwLGj+5FClWa+Bi3Ekt5Sx9DQ8V7AnzQzpizcHkDr4tpmB"
+    ],
+    "icon": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAAACXBIWXMAAC4jAAAuIwF4pT92AAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAthJREFUeNrslt9Lk1EYx7/vNte0vXOk7yS7qyWBYvnjIktGU0vDCwktV4KXpv3wB/4BBiIa/QC1wjkVUxNsUuuuzd1k6iBLCxIFzcDXOTZwY8r2sr1rp4uXZuoggryJfS8eeL6c53w45+E5HIoQgoOUCAesGCAGiAEAyX6LZdn19XWGYdRq9T8gkN1qa20VDlVZcZUQYpuZKS0tHTca9ywz6Hurq6s/zs6SP2kXwGI2AzjKqHQ63ft3k4SQpoYGAMWFRXvKLmoLAAwODPwdoLdHD2BkaOh3843J5HK59pTV1dwE8Gp8fP+OS4tL5rfmH6GQkO70oLuzc2jwuSop2dBrOCynk5KO9PX3Z2ZkMCkpqyvfGIYBcL+9w2qdKCoqCgQCAHieF2ofP3xkMr1W0IraulptQYHP7wNF7e2BNl8DIO34CQANd+u7u7oASEABqKupJYRU6a4DoGXxqaoUpZwWA9aJCUJI4QUtgFPqkwnSQwD69ProVxQMBtvb2iiKetDRwfN8KBTiOO7Zk6cA+noNLMsCyMo8zfn9HMflnMkCsLS4OD01DUB39RohxOl0yhMS4iiR3W6PbLszB3FxcbRCQQhRJCZKJBKxWCyTyeRyGoBUKv0y/xmATlcpi4+XyWQajQaAz+ebmpwEUF5RDkClUhVqC3gSnp+biz4HnN8PwO/3R5xAgMvNzk5mkkWUCMDq6nfBdzg2BDCtUABwOl2/fIdAig4IBoORKIjneQVNb3m3ii+XiEHp+wzpGelut/ul0QggEAiUXSm7def2vZaWtLS0hYWvH+Y+5Z/Ny8nNjf5USCSSSIw44XDY4dhQKpXDw8NiiqpvbBwdeVF1owoAu7aWmnrM0KPf3t6+VFLc1Nx8Pu/c6NiYSCSKPsket2d5ednj8UQcr9drX7e73ZtCyrJrVqs1HA4TQpZXVrxer+C7N90Wi8Vms+0fCyr2q4gBYoD/APBzAI6VNqGQPUqnAAAAAElFTkSuQmCC",
+    "authenticatorGetInfo": {
+        "versions": [
+            "U2F_V2",
+            "FIDO_2_0",
+            "FIDO_2_1"
+        ],
+        "extensions": [
+            "credBlob",
+            "credProtect",
+            "hmac-secret",
+            "largeBlobKey"
+        ],
+        "aaguid": "244eb29ee0904e4981fe1f20f8d3b8f4",
+        "options": {
+            "rk": true,
+            "credMgmt": true,
+            "clientPin": false,
+            "largeBlobs": true,
+            "pinUvAuthToken": true,
+            "makeCredUvNotRqd": true
+        },
+        "maxMsgSize": 1300,
+        "pinUvAuthProtocols": [
+            1,
+            2
+        ],
+        "maxCredentialCountInList": 8,
+        "maxCredentialIdLength": 70,
+        "transports": [
+            "nfc",
+            "usb"
+        ],
+        "algorithms": [
+            {
+                "alg": -7,
+                "type": "public-key"
+            },
+            {
+                "alg": -8,
+                "type": "public-key"
+            }
+        ],
+        "maxSerializedLargeBlobArray": 4096,
+        "firmwareVersion": 201,
+        "maxCredBlobLength": 32
+    }
+}

applets/ctap/ctap-internal.h

@@ -39,6 +39,7 @@
 #define CTAP_LARGE_BLOBS           0x0C
 #define CTAP_CONFIG                0x0D
 #define CTAP_CRED_MANAGE_LEGACY    0x41
+#define CTAP_INVALID_CMD           0xFF
 
 // Parsed params
 #define PARAM_CLIENT_DATA_HASH       (1 << 0)
@@ -189,39 +190,43 @@
 #define LB_RESP_CONFIG 0x01
 
 // Size limits
-#define KH_KEY_SIZE                  32
-#define HE_KEY_SIZE                  32
-#define PRI_KEY_SIZE                 32
-#define PUB_KEY_SIZE                 64
-#define SHARED_SECRET_SIZE           32
-#define MAX_COSE_KEY_SIZE            78
-#define PIN_ENC_SIZE_P1              64
-#define PIN_ENC_SIZE_P2              80
-#define PIN_HASH_SIZE_P1             16
-#define PIN_HASH_SIZE_P2             32
-#define MAX_CERT_SIZE                1152
-#define AAGUID_SIZE                  16
-#define PIN_AUTH_SIZE_P1             16
-#define PIN_TOKEN_SIZE               32
-#define HMAC_SECRET_SALT_SIZE        64
-#define HMAC_SECRET_SALT_AUTH_SIZE   16
-#define CREDENTIAL_TAG_SIZE          16
-#define CLIENT_DATA_HASH_SIZE        32
-#define CREDENTIAL_NONCE_SIZE        16
-#define CREDENTIAL_NONCE_DC_POS      16
-#define CREDENTIAL_NONCE_CP_POS      17
-#define DOMAIN_NAME_MAX_SIZE         254
-#define USER_ID_MAX_SIZE             64
-#define DISPLAY_NAME_LIMIT           65
-#define USER_NAME_LIMIT              65
-#define MAX_DC_NUM                   64
-#define MAX_STORED_RPID_LENGTH       32
-#define MAX_EXTENSION_SIZE_IN_AUTH   51
-#define MAX_CREDENTIAL_COUNT_IN_LIST 8
-#define MAX_CRED_BLOB_LENGTH         32
-#define LARGE_BLOB_KEY_SIZE          32
-#define LARGE_BLOB_SIZE_LIMIT        4096
-#define MAX_FRAGMENT_LENGTH          (MAX_CTAP_BUFSIZE - 64)
+#define KH_KEY_SIZE                   32
+#define HE_KEY_SIZE                   32
+#define PRI_KEY_SIZE                  32
+#define PUB_KEY_SIZE                  64
+#define SHARED_SECRET_SIZE_P1         32
+#define SHARED_SECRET_SIZE_P2         64
+#define SHARED_SECRET_SIZE_HMAC       32
+#define MAX_COSE_KEY_SIZE             78
+#define PIN_ENC_SIZE_P1               64
+#define PIN_ENC_SIZE_P2               80
+#define PIN_HASH_SIZE_P1              16
+#define PIN_HASH_SIZE_P2              32
+#define MAX_CERT_SIZE                 1152
+#define AAGUID_SIZE                   16
+#define PIN_AUTH_SIZE_P1              16
+#define PIN_TOKEN_SIZE                32
+#define HMAC_SECRET_SALT_SIZE         64
+#define HMAC_SECRET_SALT_IV_SIZE      16
+#define HMAC_SECRET_SALT_AUTH_SIZE_P1 16
+#define HMAC_SECRET_SALT_AUTH_SIZE_P2 32
+#define CREDENTIAL_TAG_SIZE           16
+#define CLIENT_DATA_HASH_SIZE         32
+#define CREDENTIAL_NONCE_SIZE         16
+#define CREDENTIAL_NONCE_DC_POS       16
+#define CREDENTIAL_NONCE_CP_POS       17
+#define DOMAIN_NAME_MAX_SIZE          254
+#define USER_ID_MAX_SIZE              64
+#define DISPLAY_NAME_LIMIT            65
+#define USER_NAME_LIMIT               65
+#define MAX_DC_NUM                    64
+#define MAX_STORED_RPID_LENGTH        32
+#define MAX_EXTENSION_SIZE_IN_AUTH    51
+#define MAX_CREDENTIAL_COUNT_IN_LIST  8
+#define MAX_CRED_BLOB_LENGTH          32
+#define LARGE_BLOB_KEY_SIZE           32
+#define LARGE_BLOB_SIZE_LIMIT         4096
+#define MAX_FRAGMENT_LENGTH           (MAX_CTAP_BUFSIZE - 64)
 
 typedef struct {
   uint8_t id[USER_ID_MAX_SIZE];
@@ -316,9 +321,10 @@ typedef struct {
   size_t pin_uv_auth_param_len;
   uint8_t pin_uv_auth_protocol;
   uint8_t ext_hmac_secret_key_agreement[PUB_KEY_SIZE];
-  uint8_t ext_hmac_secret_salt_enc[HMAC_SECRET_SALT_SIZE];
-  uint8_t ext_hmac_secret_salt_auth[HMAC_SECRET_SALT_AUTH_SIZE];
-  uint8_t ext_hmac_secret_salt_len;
+  uint8_t ext_hmac_secret_salt_enc[HMAC_SECRET_SALT_IV_SIZE + HMAC_SECRET_SALT_SIZE];
+  uint8_t ext_hmac_secret_salt_enc_len;
+  uint8_t ext_hmac_secret_salt_auth[HMAC_SECRET_SALT_AUTH_SIZE_P2];
+  uint8_t ext_hmac_secret_salt_auth_len;
   uint8_t ext_hmac_secret_pin_protocol;
   bool ext_large_blob_key;
   bool ext_cred_blob;

applets/ctap/ctap-parser.c

@@ -488,23 +488,25 @@ uint8_t parse_ga_extensions(CTAP_get_assertion *ga, CborValue *val) {
             if (cbor_value_get_type(&hmac_map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
             len = sizeof(ga->ext_hmac_secret_salt_enc);
             ret = cbor_value_copy_byte_string(&hmac_map, ga->ext_hmac_secret_salt_enc, &len, NULL);
-            if (ret == CborErrorOutOfMemory) return CTAP1_ERR_INVALID_LENGTH;
+            if (ret == CborErrorOutOfMemory) {
+              ERR_MSG("ext_hmac_secret_salt_enc is too long\n");
+              return CTAP1_ERR_INVALID_LENGTH;
+            }
             CHECK_CBOR_RET(ret);
-            if (len != HMAC_SECRET_SALT_SIZE && len != HMAC_SECRET_SALT_SIZE / 2) return CTAP1_ERR_INVALID_LENGTH;
-            ga->ext_hmac_secret_salt_len = len;
+            ga->ext_hmac_secret_salt_enc_len = len;
             map_has_entry |= GA_HS_MAP_ENTRY_SALT_ENC;
             DBG_MSG("salt_enc: ");
-            PRINT_HEX(ga->ext_hmac_secret_salt_enc, ga->ext_hmac_secret_salt_len);
+            PRINT_HEX(ga->ext_hmac_secret_salt_enc, ga->ext_hmac_secret_salt_enc_len);
             break;
           case GA_REQ_HMAC_SECRET_SALT_AUTH:
             if (cbor_value_get_type(&hmac_map) != CborByteStringType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
             len = sizeof(ga->ext_hmac_secret_salt_auth);
             ret = cbor_value_copy_byte_string(&hmac_map, ga->ext_hmac_secret_salt_auth, &len, NULL);
             CHECK_CBOR_RET(ret);
-            if (len != HMAC_SECRET_SALT_AUTH_SIZE) return CTAP1_ERR_INVALID_LENGTH;
+            ga->ext_hmac_secret_salt_auth_len = len;
             map_has_entry |= GA_HS_MAP_ENTRY_SALT_AUTH;
             DBG_MSG("salt_auth: ");
-            PRINT_HEX(ga->ext_hmac_secret_salt_auth, 16);
+            PRINT_HEX(ga->ext_hmac_secret_salt_auth, ga->ext_hmac_secret_salt_auth_len);
             break;
           case GA_REQ_HMAC_SECRET_PIN_PROTOCOL:
             if (cbor_value_get_type(&hmac_map) != CborIntegerType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
@@ -522,6 +524,18 @@ uint8_t parse_ga_extensions(CTAP_get_assertion *ga, CborValue *val) {
       }
       if ((map_has_entry & GA_HS_MAP_ENTRY_ALL_REQUIRED) != GA_HS_MAP_ENTRY_ALL_REQUIRED)
         return CTAP2_ERR_MISSING_PARAMETER;
+      if ((ga->ext_hmac_secret_pin_protocol == 1 && ga->ext_hmac_secret_salt_enc_len != HMAC_SECRET_SALT_SIZE &&
+           ga->ext_hmac_secret_salt_enc_len != HMAC_SECRET_SALT_SIZE / 2) ||
+          (ga->ext_hmac_secret_pin_protocol == 2 && ga->ext_hmac_secret_salt_enc_len != HMAC_SECRET_SALT_SIZE + HMAC_SECRET_SALT_IV_SIZE &&
+           ga->ext_hmac_secret_salt_enc_len != HMAC_SECRET_SALT_SIZE / 2 + HMAC_SECRET_SALT_IV_SIZE)) {
+        ERR_MSG("Invalid hmac_secret_salt_enc_len %hhu\n", ga->ext_hmac_secret_salt_enc_len);
+        return CTAP1_ERR_INVALID_LENGTH;
+      }
+      if ((ga->ext_hmac_secret_pin_protocol == 1 && ga->ext_hmac_secret_salt_auth_len != HMAC_SECRET_SALT_AUTH_SIZE_P1) ||
+          (ga->ext_hmac_secret_pin_protocol == 2 && ga->ext_hmac_secret_salt_auth_len != HMAC_SECRET_SALT_AUTH_SIZE_P2)) {
+        ERR_MSG("Invalid hmac_secret_salt_auth_len %hhu\n", ga->ext_hmac_secret_salt_auth_len);
+        return CTAP1_ERR_INVALID_LENGTH;
+      }
       ga->parsed_params |= PARAM_HMAC_SECRET;
     } else if (strcmp(key, "credBlob") == 0) {
       if (cbor_value_get_type(&map) != CborBooleanType) return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
@@ -928,6 +942,8 @@ uint8_t parse_client_pin(CborParser *parser, CTAP_client_pin *cp, const uint8_t
         if (len == 0 || len > SHA256_DIGEST_LENGTH) return CTAP2_ERR_PIN_AUTH_INVALID;
         ret = cbor_value_copy_byte_string(&map, cp->pin_uv_auth_param, &len, NULL);
         CHECK_CBOR_RET(ret);
+        DBG_MSG("pin_uv_auth_param: ");
+        PRINT_HEX(cp->pin_uv_auth_param, len);
         cp->parsed_params |= PARAM_PIN_UV_AUTH_PARAM;
         break;