Update max credential ID length; update all max sizes

sandbox-quantum · Nov 5, 2024 · 09bb2e4 · 09bb2e4
1 parent 2fe6e1b
commit 09bb2e4
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 9 deletions.
diff --git a/src/ctap1.rs b/src/ctap1.rs
@@ -30,7 +30,7 @@ pub mod authenticate {
 
 pub mod register {
     use super::Bytes;
-    use crate::sizes::MAX_MESSAGE_LENGTH;
+    use crate::sizes::{MAX_CREDENTIAL_ID_LENGTH, MAX_MESSAGE_LENGTH};
 
     #[derive(Clone, Debug, Eq, PartialEq)]
     pub struct Request<'a> {
@@ -42,7 +42,7 @@ pub mod register {
     pub struct Response {
         pub header_byte: u8,
         pub public_key: Bytes<65>,
-        pub key_handle: Bytes<255>,
+        pub key_handle: Bytes<MAX_CREDENTIAL_ID_LENGTH>,
         pub attestation_certificate: Bytes<MAX_MESSAGE_LENGTH>,
         pub signature: Bytes<72>,
     }
@@ -51,7 +51,7 @@ pub mod register {
         pub fn new(
             header_byte: u8,
             public_key: &cosey::EcdhEsHkdf256PublicKey,
-            key_handle: Bytes<255>,
+            key_handle: Bytes<MAX_CREDENTIAL_ID_LENGTH>,
             signature: Bytes<72>,
             attestation_certificate: Bytes<MAX_MESSAGE_LENGTH>,
         ) -> Self {

diff --git a/src/sizes.rs b/src/sizes.rs
@@ -1,13 +1,10 @@
-pub const AUTHENTICATOR_DATA_LENGTH: usize = 676;
 // pub const AUTHENTICATOR_DATA_LENGTH_BYTES: usize = 512;
 
-pub const ASN1_SIGNATURE_LENGTH: usize = 77;
 // pub const ASN1_SIGNATURE_LENGTH_BYTES: usize = 72;
 
 pub const COSE_KEY_LENGTH: usize = 256;
 // pub const COSE_KEY_LENGTH_BYTES: usize = 256;
 
-pub const MAX_CREDENTIAL_ID_LENGTH: usize = 255;
 pub const MAX_CREDENTIAL_ID_LENGTH_PLUS_256: usize = 767;
 pub const MAX_CREDENTIAL_COUNT_IN_LIST: usize = 10;
 
@@ -34,12 +31,26 @@ pub const LARGE_BLOB_MAX_FRAGMENT_LENGTH: usize = 3008;
 // TODO: update these, and grab them from a common crate?
 cfg_if::cfg_if! {
     if #[cfg(feature = "backend-dilithium5")] {
-        pub const MAX_MESSAGE_LENGTH: usize = 7523 + 57 + 30;
+        pub const MAX_MESSAGE_LENGTH: usize = MAX_COMMITTMENT_LENGTH;
+        pub const MAX_CREDENTIAL_ID_LENGTH: usize = 7523 + 57 + 30 + 37;
+        pub const AUTHENTICATOR_DATA_LENGTH: usize = MAX_CREDENTIAL_ID_LENGTH + 2031; // TODO: this will have to be larger
+        pub const ASN1_SIGNATURE_LENGTH: usize = 4627;
     } else if #[cfg(feature = "backend-dilithium3")] {
-        pub const MAX_MESSAGE_LENGTH: usize = 6019 + 57 + 30;
+        pub const MAX_MESSAGE_LENGTH: usize = MAX_COMMITTMENT_LENGTH;
+        pub const MAX_CREDENTIAL_ID_LENGTH: usize =  6019 + 57 + 30 + 37;
+        pub const AUTHENTICATOR_DATA_LENGTH: usize = MAX_CREDENTIAL_ID_LENGTH + 2031;
+        pub const ASN1_SIGNATURE_LENGTH: usize = 3309;
     } else if #[cfg(feature = "backend-dilithium2")] {
-        pub const MAX_MESSAGE_LENGTH: usize = 3907 + 57 + 30;
+        pub const MAX_MESSAGE_LENGTH: usize = MAX_COMMITTMENT_LENGTH;
+        pub const MAX_CREDENTIAL_ID_LENGTH: usize = 3907 + 57 + 30 + 37;
+        pub const AUTHENTICATOR_DATA_LENGTH: usize = MAX_CREDENTIAL_ID_LENGTH + 2031; // TODO: this can be smaller
+        pub const ASN1_SIGNATURE_LENGTH: usize = 2420;
     } else {
         pub const MAX_MESSAGE_LENGTH: usize = 1024;
+        pub const MAX_CREDENTIAL_ID_LENGTH: usize = 255;
+        pub const AUTHENTICATOR_DATA_LENGTH: usize = 676;
+        pub const ASN1_SIGNATURE_LENGTH: usize = 77;
     }
 }
+
+pub const MAX_COMMITTMENT_LENGTH: usize = AUTHENTICATOR_DATA_LENGTH + 32;