removes all occurences of CTAP 2.1 flags

.github/workflows/cargo_check.yml

@@ -42,12 +42,6 @@ jobs:
           command: check
           args: --target thumbv7em-none-eabi --release --features with_ctap1
 
-      - name: Check OpenSK with_ctap2_1
-        uses: actions-rs/cargo@v1
-        with:
-          command: check
-          args: --target thumbv7em-none-eabi --release --features with_ctap2_1
-
       - name: Check OpenSK debug_ctap
         uses: actions-rs/cargo@v1
         with:
@@ -78,17 +72,11 @@ jobs:
           command: check
           args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1
 
-      - name: Check OpenSK debug_ctap,with_ctap2_1
-        uses: actions-rs/cargo@v1
-        with:
-          command: check
-          args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap2_1
-
-      - name: Check OpenSK debug_ctap,with_ctap1,with_ctap2_1,panic_console,debug_allocations,verbose
+      - name: Check OpenSK debug_ctap,with_ctap1,panic_console,debug_allocations,verbose
         uses: actions-rs/cargo@v1
         with:
           command: check
-          args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1,with_ctap2_1,panic_console,debug_allocations,verbose
+          args: --target thumbv7em-none-eabi --release --features debug_ctap,with_ctap1,,panic_console,debug_allocations,verbose
 
       - name: Check examples
         uses: actions-rs/cargo@v1

.github/workflows/opensk_test.yml

@@ -51,27 +51,3 @@ jobs:
           command: test
           args: --features std,with_ctap1
 
-      - name: Unit testing of CTAP2 (release mode + CTAP2.1)
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: --release --features std,with_ctap2_1
-
-      - name: Unit testing of CTAP2 (debug mode + CTAP2.1)
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: --features std,with_ctap2_1
-
-      - name: Unit testing of CTAP2 (release mode + CTAP1 + CTAP2.1)
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: --release --features std,with_ctap1,with_ctap2_1
-
-      - name: Unit testing of CTAP2 (debug mode + CTAP1 + CTAP2.1)
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          args: --features std,with_ctap1,with_ctap2_1
-

Cargo.toml

@@ -27,7 +27,6 @@ panic_console = ["lang_items/panic_console"]
 std = ["cbor/std", "crypto/std", "crypto/derive_debug", "lang_items/std", "persistent_store/std"]
 verbose = ["debug_ctap", "libtock_drivers/verbose_usb"]
 with_ctap1 = ["crypto/with_ctap1"]
-with_ctap2_1 = []
 with_nfc = ["libtock_drivers/with_nfc"]
 
 [dev-dependencies]

README.md

@@ -24,15 +24,14 @@ few limitations:
 
 ### FIDO2
 
-Although we tested and implemented our firmware based on the published
+The stable branch implements the published
 [CTAP2.0 specifications](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html),
-our implementation was not reviewed nor officially tested and doesn't claim to
-be FIDO Certified.
-We started adding features of the upcoming next version of the
-[CTAP2.1 specifications](https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html).
-The development is currently between 2.0 and 2.1, with updates hidden behind
-a feature flag.
-Please add the flag `--ctap2.1` to the deploy command to include them.
+but our implementation was not reviewed nor officially tested and doesn't claim
+to be FIDO Certified. It already contains some preview features of 2.1, that you
+can try by adding the flag `--ctap2.1` to the deploy command.
+The develop branch offers only the
+[CTAP2.1 specifications](https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html).
+The new features of 2.1 are currently work in progress.
 
 ### Cryptography
 

deploy.py

@@ -881,14 +881,6 @@ def main(args):
       help=("Compiles the OpenSK application without backward compatible "
             "support for U2F/CTAP1 protocol."),
   )
-  main_parser.add_argument(
-      "--ctap2.1",
-      action="append_const",
-      const="with_ctap2_1",
-      dest="features",
-      help=("Compiles the OpenSK application with backward compatible "
-            "support for CTAP2.1 protocol."),
-  )
   main_parser.add_argument(
       "--nfc",
       action="append_const",

run_desktop_tests.sh

@@ -44,7 +44,6 @@ cargo test --manifest-path tools/heapviz/Cargo.toml
 echo "Checking that CTAP2 builds properly..."
 cargo check --release --target=thumbv7em-none-eabi
 cargo check --release --target=thumbv7em-none-eabi --features with_ctap1
-cargo check --release --target=thumbv7em-none-eabi --features with_ctap2_1
 cargo check --release --target=thumbv7em-none-eabi --features debug_ctap
 cargo check --release --target=thumbv7em-none-eabi --features panic_console
 cargo check --release --target=thumbv7em-none-eabi --features debug_allocations
@@ -116,16 +115,4 @@ then
 
   echo "Running unit tests on the desktop (debug mode + CTAP1)..."
   cargo test --features std,with_ctap1
-
-  echo "Running unit tests on the desktop (release mode + CTAP2.1)..."
-  cargo test --release --features std,with_ctap2_1
-
-  echo "Running unit tests on the desktop (debug mode + CTAP2.1)..."
-  cargo test --features std,with_ctap2_1
-
-  echo "Running unit tests on the desktop (release mode + CTAP1 + CTAP2.1)..."
-  cargo test --release --features std,with_ctap1,with_ctap2_1
-
-  echo "Running unit tests on the desktop (debug mode + CTAP1 + CTAP2.1)..."
-  cargo test --features std,with_ctap1,with_ctap2_1
 fi

src/ctap/command.rs

@@ -41,7 +41,6 @@ pub enum Command {
     AuthenticatorClientPin(AuthenticatorClientPinParameters),
     AuthenticatorReset,
     AuthenticatorGetNextAssertion,
-    #[cfg(feature = "with_ctap2_1")]
     AuthenticatorSelection,
     // TODO(kaczmarczyck) implement FIDO 2.1 commands (see below consts)
     // Vendor specific commands
@@ -111,7 +110,6 @@ impl Command {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorGetNextAssertion)
             }
-            #[cfg(feature = "with_ctap2_1")]
             Command::AUTHENTICATOR_SELECTION => {
                 // Parameters are ignored.
                 Ok(Command::AuthenticatorSelection)
@@ -292,32 +290,16 @@ pub struct AuthenticatorClientPinParameters {
     pub pin_auth: Option<Vec<u8>>,
     pub new_pin_enc: Option<Vec<u8>>,
     pub pin_hash_enc: Option<Vec<u8>>,
-    #[cfg(feature = "with_ctap2_1")]
     pub min_pin_length: Option<u8>,
-    #[cfg(feature = "with_ctap2_1")]
     pub min_pin_length_rp_ids: Option<Vec<String>>,
-    #[cfg(feature = "with_ctap2_1")]
     pub permissions: Option<u8>,
-    #[cfg(feature = "with_ctap2_1")]
     pub permissions_rp_id: Option<String>,
 }
 
 impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
     type Error = Ctap2StatusCode;
 
     fn try_from(cbor_value: cbor::Value) -> Result<Self, Ctap2StatusCode> {
-        #[cfg(not(feature = "with_ctap2_1"))]
-        destructure_cbor_map! {
-            let {
-                1 => pin_protocol,
-                2 => sub_command,
-                3 => key_agreement,
-                4 => pin_auth,
-                5 => new_pin_enc,
-                6 => pin_hash_enc,
-            } = extract_map(cbor_value)?;
-        }
-        #[cfg(feature = "with_ctap2_1")]
         destructure_cbor_map! {
             let {
                 1 => pin_protocol,
@@ -339,14 +321,12 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
         let pin_auth = pin_auth.map(extract_byte_string).transpose()?;
         let new_pin_enc = new_pin_enc.map(extract_byte_string).transpose()?;
         let pin_hash_enc = pin_hash_enc.map(extract_byte_string).transpose()?;
-        #[cfg(feature = "with_ctap2_1")]
         let min_pin_length = min_pin_length
             .map(extract_unsigned)
             .transpose()?
             .map(u8::try_from)
             .transpose()
             .map_err(|_| Ctap2StatusCode::CTAP2_ERR_PIN_POLICY_VIOLATION)?;
-        #[cfg(feature = "with_ctap2_1")]
         let min_pin_length_rp_ids = match min_pin_length_rp_ids {
             Some(entry) => Some(
                 extract_array(entry)?
@@ -356,14 +336,12 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             ),
             None => None,
         };
-        #[cfg(feature = "with_ctap2_1")]
         // We expect a bit field of 8 bits, and drop everything else.
         // This means we ignore extensions in future versions.
         let permissions = permissions
             .map(extract_unsigned)
             .transpose()?
             .map(|p| p as u8);
-        #[cfg(feature = "with_ctap2_1")]
         let permissions_rp_id = permissions_rp_id.map(extract_text_string).transpose()?;
 
         Ok(AuthenticatorClientPinParameters {
@@ -373,13 +351,9 @@ impl TryFrom<cbor::Value> for AuthenticatorClientPinParameters {
             pin_auth,
             new_pin_enc,
             pin_hash_enc,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length,
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length_rp_ids,
-            #[cfg(feature = "with_ctap2_1")]
             permissions,
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id,
         })
     }
@@ -560,18 +534,6 @@ mod test {
 
     #[test]
     fn test_from_cbor_client_pin_parameters() {
-        // TODO(kaczmarczyck) inline the #cfg when #128 is resolved:
-        // https://github.com/google/OpenSK/issues/128
-        #[cfg(not(feature = "with_ctap2_1"))]
-        let cbor_value = cbor_map! {
-            1 => 1,
-            2 => ClientPinSubCommand::GetPinRetries,
-            3 => cbor_map!{},
-            4 => vec! [0xBB],
-            5 => vec! [0xCC],
-            6 => vec! [0xDD],
-        };
-        #[cfg(feature = "with_ctap2_1")]
         let cbor_value = cbor_map! {
             1 => 1,
             2 => ClientPinSubCommand::GetPinRetries,
@@ -594,13 +556,9 @@ mod test {
             pin_auth: Some(vec![0xBB]),
             new_pin_enc: Some(vec![0xCC]),
             pin_hash_enc: Some(vec![0xDD]),
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length: Some(4),
-            #[cfg(feature = "with_ctap2_1")]
             min_pin_length_rp_ids: Some(vec!["example.com".to_string()]),
-            #[cfg(feature = "with_ctap2_1")]
             permissions: Some(0x03),
-            #[cfg(feature = "with_ctap2_1")]
             permissions_rp_id: Some("example.com".to_string()),
         };
 
@@ -632,7 +590,6 @@ mod test {
         assert_eq!(command, Ok(Command::AuthenticatorGetNextAssertion));
     }
 
-    #[cfg(feature = "with_ctap2_1")]
     #[test]
     fn test_deserialize_selection() {
         let cbor_bytes = [Command::AUTHENTICATOR_SELECTION];

src/ctap/data_formats.rs

@@ -704,13 +704,9 @@ pub enum ClientPinSubCommand {
     SetPin = 0x03,
     ChangePin = 0x04,
     GetPinToken = 0x05,
-    #[cfg(feature = "with_ctap2_1")]
     GetPinUvAuthTokenUsingUvWithPermissions = 0x06,
-    #[cfg(feature = "with_ctap2_1")]
     GetUvRetries = 0x07,
-    #[cfg(feature = "with_ctap2_1")]
     SetMinPinLength = 0x08,
-    #[cfg(feature = "with_ctap2_1")]
     GetPinUvAuthTokenUsingPinWithPermissions = 0x09,
 }
 
@@ -731,18 +727,11 @@ impl TryFrom<cbor::Value> for ClientPinSubCommand {
             0x03 => Ok(ClientPinSubCommand::SetPin),
             0x04 => Ok(ClientPinSubCommand::ChangePin),
             0x05 => Ok(ClientPinSubCommand::GetPinToken),
-            #[cfg(feature = "with_ctap2_1")]
             0x06 => Ok(ClientPinSubCommand::GetPinUvAuthTokenUsingUvWithPermissions),
-            #[cfg(feature = "with_ctap2_1")]
             0x07 => Ok(ClientPinSubCommand::GetUvRetries),
-            #[cfg(feature = "with_ctap2_1")]
             0x08 => Ok(ClientPinSubCommand::SetMinPinLength),
-            #[cfg(feature = "with_ctap2_1")]
             0x09 => Ok(ClientPinSubCommand::GetPinUvAuthTokenUsingPinWithPermissions),
-            #[cfg(feature = "with_ctap2_1")]
             _ => Err(Ctap2StatusCode::CTAP2_ERR_INVALID_SUBCOMMAND),
-            #[cfg(not(feature = "with_ctap2_1"))]
-            _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER),
         }
     }
 }