diff --git a/.githooks/pre-commit b/.githooks/pre-commit new file mode 100755 index 00000000..6f9e5710 --- /dev/null +++ b/.githooks/pre-commit @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# +# Pre-commit hook: runs cargo fmt and fails if code is not formatted. +# Install: git config core.hooksPath .githooks + +set -eu + +# Find the Cargo.toml relative to the repo root +REPO_ROOT="$(git rev-parse --show-toplevel)" +MANIFEST="$REPO_ROOT/libwebauthn/Cargo.toml" + +if ! command -v cargo >/dev/null 2>&1; then + echo "warning: cargo not found, skipping format check" + exit 0 +fi + +if ! cargo fmt --manifest-path "$MANIFEST" -- --check >/dev/null 2>&1; then + echo "error: code is not formatted. Run 'cargo fmt --manifest-path libwebauthn/Cargo.toml' and re-commit." + exit 1 +fi diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index ad2d2c3c..1a732388 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -21,6 +21,8 @@ jobs: run: sudo apt-get install libudev-dev libdbus-1-dev libsodium-dev libnfc-dev libpcsclite-dev - name: Clippy run: cargo clippy --all-targets --all-features -- -D warnings + - name: Check formatting + run: cargo fmt -- --check - name: Build run: cargo build --all-targets --all-features - name: Run tests diff --git a/libwebauthn/examples/prf_test.rs b/libwebauthn/examples/prf_test.rs index 8e114b8f..db5afbab 100644 --- a/libwebauthn/examples/prf_test.rs +++ b/libwebauthn/examples/prf_test.rs @@ -131,14 +131,7 @@ pub async fn main() -> Result<(), Box> { eval_by_credential, }; - run_success_test( - &mut channel, - &credential, - &challenge, - prf, - "PRF output: ", - ) - .await; + run_success_test(&mut channel, &credential, &challenge, prf, "PRF output: ").await; } Ok(()) } diff --git a/libwebauthn/examples/u2f_ble.rs b/libwebauthn/examples/u2f_ble.rs index def97700..027cfbff 100644 --- a/libwebauthn/examples/u2f_ble.rs +++ b/libwebauthn/examples/u2f_ble.rs @@ -55,8 +55,7 @@ pub async fn main() -> Result<(), Box> { // Signature ceremony println!("Signature request sent (timeout: {:?} seconds).", TIMEOUT); let new_key = response.as_registered_key()?; - let sign_request = - SignRequest::new(APP_ID, challenge, &new_key.key_handle, TIMEOUT, true); + let sign_request = SignRequest::new(APP_ID, challenge, &new_key.key_handle, TIMEOUT, true); let response = channel.u2f_sign(&sign_request).await?; println!("Response: {:?}", response); } diff --git a/libwebauthn/examples/u2f_hid.rs b/libwebauthn/examples/u2f_hid.rs index 63b0cca9..593ab4e2 100644 --- a/libwebauthn/examples/u2f_hid.rs +++ b/libwebauthn/examples/u2f_hid.rs @@ -58,8 +58,7 @@ pub async fn main() -> Result<(), Box> { // Signature ceremony println!("Signature request sent (timeout: {:?} seconds).", TIMEOUT); let new_key = response.as_registered_key()?; - let sign_request = - SignRequest::new(APP_ID, challenge, &new_key.key_handle, TIMEOUT, true); + let sign_request = SignRequest::new(APP_ID, challenge, &new_key.key_handle, TIMEOUT, true); let response = channel.u2f_sign(&sign_request).await?; println!("Response: {:?}", response); } diff --git a/libwebauthn/examples/webauthn_cable.rs b/libwebauthn/examples/webauthn_cable.rs index 1c8b0cda..389a43f8 100644 --- a/libwebauthn/examples/webauthn_cable.rs +++ b/libwebauthn/examples/webauthn_cable.rs @@ -4,8 +4,8 @@ use std::sync::Arc; use std::time::Duration; use libwebauthn::pin::PinRequestReason; -use libwebauthn::transport::cable::is_available; use libwebauthn::transport::cable::channel::{CableUpdate, CableUxUpdate}; +use libwebauthn::transport::cable::is_available; use libwebauthn::transport::cable::known_devices::{ CableKnownDevice, ClientPayloadHint, EphemeralDeviceInfoStore, }; diff --git a/libwebauthn/examples/webauthn_json_hid.rs b/libwebauthn/examples/webauthn_json_hid.rs index 92604012..1e319207 100644 --- a/libwebauthn/examples/webauthn_json_hid.rs +++ b/libwebauthn/examples/webauthn_json_hid.rs @@ -8,8 +8,8 @@ use tokio::sync::broadcast::Receiver; use tracing_subscriber::{self, EnvFilter}; use libwebauthn::ops::webauthn::{ - GetAssertionRequest, JsonFormat, MakeCredentialRequest, RelyingPartyId, - WebAuthnIDL as _, WebAuthnIDLResponse as _, + GetAssertionRequest, JsonFormat, MakeCredentialRequest, RelyingPartyId, WebAuthnIDL as _, + WebAuthnIDLResponse as _, }; use libwebauthn::pin::PinRequestReason; use libwebauthn::transport::hid::list_devices; diff --git a/libwebauthn/examples/webauthn_prf_hid.rs b/libwebauthn/examples/webauthn_prf_hid.rs index 0ab63a94..96605cfa 100644 --- a/libwebauthn/examples/webauthn_prf_hid.rs +++ b/libwebauthn/examples/webauthn_prf_hid.rs @@ -200,14 +200,7 @@ pub async fn main() -> Result<(), Box> { eval, eval_by_credential, }; - run_success_test( - &mut channel, - &credential, - &challenge, - prf, - "eval only", - ) - .await; + run_success_test(&mut channel, &credential, &challenge, prf, "eval only").await; // Test 4: eval and a full list of eval_by_credential let eval = Some(PRFValue { diff --git a/libwebauthn/src/fido.rs b/libwebauthn/src/fido.rs index 94c8c1d1..5d227786 100644 --- a/libwebauthn/src/fido.rs +++ b/libwebauthn/src/fido.rs @@ -203,9 +203,9 @@ impl<'de, T: DeserializeOwned> Deserialize<'de> for AuthenticatorData { .read_u8() .map_err(|e| DesError::custom(format!("failed to read flags: {e}")))?; let flags = AuthenticatorDataFlags::from_bits_truncate(flags_raw); - let signature_count = cursor - .read_u32::() - .map_err(|e| DesError::custom(format!("failed to read signature_count: {e}")))?; + let signature_count = cursor.read_u32::().map_err(|e| { + DesError::custom(format!("failed to read signature_count: {e}")) + })?; let attested_credential = if flags.contains(AuthenticatorDataFlags::ATTESTED_CREDENTIALS) { @@ -218,17 +218,16 @@ impl<'de, T: DeserializeOwned> Deserialize<'de> for AuthenticatorData { cursor .read_exact(&mut aaguid) .map_err(|e| DesError::custom(format!("failed to read aaguid: {e}")))?; - let credential_id_len = cursor - .read_u16::() - .map_err(|e| DesError::custom(format!("failed to read credential_id_len: {e}")))? - as usize; + let credential_id_len = cursor.read_u16::().map_err(|e| { + DesError::custom(format!("failed to read credential_id_len: {e}")) + })? as usize; if data.len() < 55 + credential_id_len { return Err(DesError::invalid_length(data.len(), &"55+L")); } let mut credential_id = vec![0u8; credential_id_len]; - cursor - .read_exact(&mut credential_id) - .map_err(|e| DesError::custom(format!("failed to read credential_id: {e}")))?; + cursor.read_exact(&mut credential_id).map_err(|e| { + DesError::custom(format!("failed to read credential_id: {e}")) + })?; let credential_public_key: PublicKey = cbor::from_cursor(&mut cursor).map_err(DesError::custom)?; diff --git a/libwebauthn/src/management/authenticator_config.rs b/libwebauthn/src/management/authenticator_config.rs index 5193da88..5ffc3169 100644 --- a/libwebauthn/src/management/authenticator_config.rs +++ b/libwebauthn/src/management/authenticator_config.rs @@ -181,7 +181,6 @@ impl Ctap2UserVerifiableRequest for Ctap2AuthenticatorConfigRequest { Ok(()) } - fn permissions(&self) -> Ctap2AuthTokenPermissionRole { Ctap2AuthTokenPermissionRole::AUTHENTICATOR_CONFIGURATION } diff --git a/libwebauthn/src/management/bio_enrollment.rs b/libwebauthn/src/management/bio_enrollment.rs index edf74b71..de3a02b0 100644 --- a/libwebauthn/src/management/bio_enrollment.rs +++ b/libwebauthn/src/management/bio_enrollment.rs @@ -99,12 +99,11 @@ where let resp = self.ctap2_bio_enrollment(&req, timeout).await?; let Some(fingerprint_kind) = resp.fingerprint_kind else { warn!("Channel did not return fingerprint_kind in sensor info."); - return Err(Error::Ctap(CtapError::Other)) + return Err(Error::Ctap(CtapError::Other)); }; Ok(Ctap2BioEnrollmentFingerprintSensorInfo { fingerprint_kind, - max_capture_samples_required_for_enroll: resp - .max_capture_samples_required_for_enroll, + max_capture_samples_required_for_enroll: resp.max_capture_samples_required_for_enroll, max_template_friendly_name: resp.max_template_friendly_name, }) } @@ -303,7 +302,10 @@ impl Ctap2UserVerifiableRequest for Ctap2BioEnrollmentRequest { let subcommand = self .subcommand .ok_or(Error::Platform(PlatformError::InvalidDeviceResponse))?; - let mut data = vec![Ctap2BioEnrollmentModality::Fingerprint as u8, subcommand as u8]; + let mut data = vec![ + Ctap2BioEnrollmentModality::Fingerprint as u8, + subcommand as u8, + ]; // e.g. "Authenticator calls verify(pinUvAuthToken, fingerprint (0x01) || removeEnrollment (0x06) || subCommandParams, pinUvAuthParam)" if let Some(params) = &self.subcommand_params { data.extend(cbor::to_vec(¶ms)?); @@ -314,7 +316,6 @@ impl Ctap2UserVerifiableRequest for Ctap2BioEnrollmentRequest { Ok(()) } - fn permissions(&self) -> Ctap2AuthTokenPermissionRole { Ctap2AuthTokenPermissionRole::BIO_ENROLLMENT } diff --git a/libwebauthn/src/management/credential_management.rs b/libwebauthn/src/management/credential_management.rs index b803bca5..e19dc404 100644 --- a/libwebauthn/src/management/credential_management.rs +++ b/libwebauthn/src/management/credential_management.rs @@ -294,7 +294,6 @@ impl Ctap2UserVerifiableRequest for Ctap2CredentialManagementRequest { Ok(()) } - fn permissions(&self) -> Ctap2AuthTokenPermissionRole { Ctap2AuthTokenPermissionRole::CREDENTIAL_MANAGEMENT } diff --git a/libwebauthn/src/ops/u2f.rs b/libwebauthn/src/ops/u2f.rs index 51df4c94..64a6fb15 100644 --- a/libwebauthn/src/ops/u2f.rs +++ b/libwebauthn/src/ops/u2f.rs @@ -9,8 +9,7 @@ use x509_parser::nom::AsBytes; use super::webauthn::MakeCredentialRequest; use crate::fido::{AttestedCredentialData, AuthenticatorData, AuthenticatorDataFlags}; use crate::ops::webauthn::{ - GetAssertionRequest, GetAssertionResponse, MakeCredentialResponse, - UserVerificationRequirement, + GetAssertionRequest, GetAssertionResponse, MakeCredentialResponse, UserVerificationRequirement, }; use crate::proto::ctap1::{Ctap1RegisterRequest, Ctap1SignRequest}; use crate::proto::ctap1::{Ctap1RegisterResponse, Ctap1SignResponse}; diff --git a/libwebauthn/src/pin.rs b/libwebauthn/src/pin.rs index b409120a..7414f282 100644 --- a/libwebauthn/src/pin.rs +++ b/libwebauthn/src/pin.rs @@ -414,7 +414,9 @@ pub fn hkdf_sha256(salt: Option<&[u8]>, ikm: &[u8], info: &[u8]) -> Result Result, Error> { .await .or(Err(Error::ConnectionFailed))? .into_iter() - .filter(|p| { - p.services() - .iter() - .any(|s| s.uuid == FIDO_PROFILE_UUID) - }) + .filter(|p| p.services().iter().any(|s| s.uuid == FIDO_PROFILE_UUID)) .collect(); let with_properties = discover_properties(peripherals) .await? diff --git a/libwebauthn/src/transport/cable/connection_stages.rs b/libwebauthn/src/transport/cable/connection_stages.rs index 0a02aada..c2e844fd 100644 --- a/libwebauthn/src/transport/cable/connection_stages.rs +++ b/libwebauthn/src/transport/cable/connection_stages.rs @@ -68,7 +68,8 @@ impl ConnectionInput { qr_device.qr_code.qr_secret.as_ref(), None, KeyPurpose::TunnelID, - ).map_err(|_| TransportError::InvalidKey)?; + ) + .map_err(|_| TransportError::InvalidKey)?; let tunnel_id = &tunnel_id_full[..16]; let tunnel_id_str = hex::encode(tunnel_id); diff --git a/libwebauthn/src/transport/cable/crypto.rs b/libwebauthn/src/transport/cable/crypto.rs index 98f30b26..ee9f6d7f 100644 --- a/libwebauthn/src/transport/cable/crypto.rs +++ b/libwebauthn/src/transport/cable/crypto.rs @@ -85,7 +85,9 @@ mod tests { .try_into() .unwrap(); let salt = hex::decode("ffeeddccbbaa998877665544332211").unwrap(); - let output = derive(&input, Some(&salt), KeyPurpose::EIDKey).unwrap().to_vec(); + let output = derive(&input, Some(&salt), KeyPurpose::EIDKey) + .unwrap() + .to_vec(); let expected = hex::decode("168cf3dd220a7907f8bac30f559be92a3b6d937fe5594beeaf1e50e35976b7d654dd550e22ae4c801b9d1cdbf0d2b1472daa1328661eb889acae3023b7ffa509").unwrap(); assert_eq!(output, expected); } diff --git a/libwebauthn/src/transport/cable/known_devices.rs b/libwebauthn/src/transport/cable/known_devices.rs index bd60d92d..5782d81d 100644 --- a/libwebauthn/src/transport/cable/known_devices.rs +++ b/libwebauthn/src/transport/cable/known_devices.rs @@ -175,8 +175,11 @@ impl CableKnownDevice { let proximity_output = proximity_check_stage(proximity_input, ux_sender).await?; // Stage 3: Handshake - let handshake_input = - HandshakeInput::new_for_known_device(known_device, connection_output, proximity_output)?; + let handshake_input = HandshakeInput::new_for_known_device( + known_device, + connection_output, + proximity_output, + )?; let handshake_output = handshake_stage(handshake_input, ux_sender).await?; Ok(handshake_output) diff --git a/libwebauthn/src/transport/cable/tunnel.rs b/libwebauthn/src/transport/cable/tunnel.rs index c5de81fb..622a814e 100644 --- a/libwebauthn/src/transport/cable/tunnel.rs +++ b/libwebauthn/src/transport/cable/tunnel.rs @@ -146,8 +146,7 @@ pub fn decode_tunnel_server_domain(encoded: u16) -> Option { let digest = hasher.finalize(); let mut v = u64::from_le_bytes([ - digest[0], digest[1], digest[2], digest[3], - digest[4], digest[5], digest[6], digest[7], + digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7], ]); let tld_index = v & 3; v >>= 2; @@ -711,12 +710,8 @@ async fn connection_recv( let device_id: CableKnownDeviceId = (&linking_info).into(); match known_device_store { Some(store) => { - match parse_known_device( - private_key, - tunnel_domain, - &linking_info, - noise_state, - ) { + match parse_known_device(private_key, tunnel_domain, &linking_info, noise_state) + { Ok(known_device) => { debug!(?device_id, "Updating known device"); trace!(?known_device); diff --git a/libwebauthn/src/transport/hid/channel.rs b/libwebauthn/src/transport/hid/channel.rs index d2a6af1e..36e2c749 100644 --- a/libwebauthn/src/transport/hid/channel.rs +++ b/libwebauthn/src/transport/hid/channel.rs @@ -467,8 +467,7 @@ impl Channel for HidChannel<'_> { self.status } - async fn close(&mut self) { - } + async fn close(&mut self) {} async fn apdu_send( &mut self, diff --git a/libwebauthn/src/transport/hid/framing.rs b/libwebauthn/src/transport/hid/framing.rs index 43e40b01..97851004 100644 --- a/libwebauthn/src/transport/hid/framing.rs +++ b/libwebauthn/src/transport/hid/framing.rs @@ -255,9 +255,7 @@ mod tests { let mut parser = HidMessageParser::new(); assert_eq!( parser - .update(&[ - 0xC0, 0xC1, 0xC2, 0xC3, 0x83, 0x00, 0x04, 0x0A, 0x0B, 0x0C, 0x0D, - ]) + .update(&[0xC0, 0xC1, 0xC2, 0xC3, 0x83, 0x00, 0x04, 0x0A, 0x0B, 0x0C, 0x0D,]) .unwrap(), HidMessageParserState::Done ); diff --git a/libwebauthn/src/transport/mod.rs b/libwebauthn/src/transport/mod.rs index 1d6ea8c4..4098710e 100644 --- a/libwebauthn/src/transport/mod.rs +++ b/libwebauthn/src/transport/mod.rs @@ -4,12 +4,12 @@ pub mod ble; pub mod cable; pub mod device; pub mod hid; -#[cfg(feature = "nfc")] -pub mod nfc; #[cfg(test)] /// A mock channel that can be used in tests to /// queue expected requests and responses in unittests pub mod mock; +#[cfg(feature = "nfc")] +pub mod nfc; #[cfg(test)] /// Fully fledged virtual device based on trussed /// for end2end tests diff --git a/libwebauthn/src/transport/nfc/channel.rs b/libwebauthn/src/transport/nfc/channel.rs index 6408e612..f8fba16c 100644 --- a/libwebauthn/src/transport/nfc/channel.rs +++ b/libwebauthn/src/transport/nfc/channel.rs @@ -233,8 +233,7 @@ where self.status } - async fn close(&mut self) { - } + async fn close(&mut self) {} #[instrument(level = Level::DEBUG, skip_all)] async fn apdu_send(&mut self, request: &ApduRequest, _timeout: Duration) -> Result<(), Error> { diff --git a/libwebauthn/src/transport/nfc/pcsc/mod.rs b/libwebauthn/src/transport/nfc/pcsc/mod.rs index ea67888c..f6018999 100644 --- a/libwebauthn/src/transport/nfc/pcsc/mod.rs +++ b/libwebauthn/src/transport/nfc/pcsc/mod.rs @@ -45,9 +45,7 @@ impl Drop for PcscCard { impl PcscCard { pub fn new(card: pcsc::Card) -> Self { - PcscCard { - card: Some(card), - } + PcscCard { card: Some(card) } } } diff --git a/libwebauthn/src/webauthn.rs b/libwebauthn/src/webauthn.rs index 57a632a4..21746af9 100644 --- a/libwebauthn/src/webauthn.rs +++ b/libwebauthn/src/webauthn.rs @@ -108,8 +108,13 @@ where Ctap2MakeCredentialRequest::from_webauthn_request(op, &get_info_response)?; if Self::supports_preflight() { if let Some(exclude_list) = &op.exclude { - let filtered_exclude_list = - ctap2_preflight(self, exclude_list, &op.client_data_hash(), &op.relying_party.id).await; + let filtered_exclude_list = ctap2_preflight( + self, + exclude_list, + &op.client_data_hash(), + &op.relying_party.id, + ) + .await; ctap2_request.exclude = Some(filtered_exclude_list); } } @@ -171,8 +176,13 @@ where Ctap2GetAssertionRequest::from_webauthn_request(op, &get_info_response)?; if Self::supports_preflight() { - let filtered_allow_list = - ctap2_preflight(self, &op.allow, &op.client_data_hash(), &op.relying_party_id).await; + let filtered_allow_list = ctap2_preflight( + self, + &op.allow, + &op.client_data_hash(), + &op.relying_party_id, + ) + .await; if filtered_allow_list.is_empty() && !op.allow.is_empty() { // We filtered out everything in preflight, meaning none of the allowed // credentials are present on this device. So we error out here diff --git a/libwebauthn/src/webauthn/pin_uv_auth_token.rs b/libwebauthn/src/webauthn/pin_uv_auth_token.rs index 0d7d5d96..652d2553 100644 --- a/libwebauthn/src/webauthn/pin_uv_auth_token.rs +++ b/libwebauthn/src/webauthn/pin_uv_auth_token.rs @@ -214,7 +214,8 @@ where // In preparation for obtaining pinUvAuthToken, the platform: // * Obtains a shared secret. - let (public_key, shared_secret) = obtain_shared_secret(channel, uv_proto.as_ref(), timeout).await?; + let (public_key, shared_secret) = + obtain_shared_secret(channel, uv_proto.as_ref(), timeout).await?; // Then the platform obtains a pinUvAuthToken from the authenticator, with the mc (and likely also with the ga) // permission (see "pre-flight", mentioned above), using the selected operation. @@ -230,20 +231,26 @@ where Ctap2ClientPinRequest::new_get_pin_token( uv_proto.version(), public_key.clone(), - &uv_proto.encrypt(&shared_secret, &pin_hash(&pin.ok_or_else(|| { - error!("PIN expected but not available"); - Error::Ctap(CtapError::PINRequired) - })?))?, + &uv_proto.encrypt( + &shared_secret, + &pin_hash(&pin.ok_or_else(|| { + error!("PIN expected but not available"); + Error::Ctap(CtapError::PINRequired) + })?), + )?, ) } Ctap2UserVerificationOperation::GetPinUvAuthTokenUsingPinWithPermissions => { Ctap2ClientPinRequest::new_get_pin_token_with_perm( uv_proto.version(), public_key.clone(), - &uv_proto.encrypt(&shared_secret, &pin_hash(&pin.ok_or_else(|| { - error!("PIN expected but not available"); - Error::Ctap(CtapError::PINRequired) - })?))?, + &uv_proto.encrypt( + &shared_secret, + &pin_hash(&pin.ok_or_else(|| { + error!("PIN expected but not available"); + Error::Ctap(CtapError::PINRequired) + })?), + )?, ctap2_request.permissions(), ctap2_request.permissions_rpid(), ) @@ -358,7 +365,8 @@ where // If successful, the platform creates the pinUvAuthParam parameter by calling // authenticate(pinUvAuthToken, clientDataHash), and goes to Step 1.1.1. // Sets the pinUvAuthProtocol parameter to the value as selected when it obtained the shared secret. - ctap2_request.calculate_and_set_uv_auth(uv_proto.as_ref(), uv_auth_token.as_slice())?; + ctap2_request + .calculate_and_set_uv_auth(uv_proto.as_ref(), uv_auth_token.as_slice())?; Ok(UsedPinUvAuthToken::NewlyCalculated(uv_operation)) } @@ -759,7 +767,8 @@ mod test { let pin_req = CborRequest::try_from(&Ctap2ClientPinRequest::new_get_key_agreement( Ctap2PinUvAuthProtocol::One, - )).unwrap(); + )) + .unwrap(); let pin_resp = CborResponse::new_success_from_slice( to_vec(&Ctap2ClientPinResponse { key_agreement: Some(get_key_agreement()), @@ -833,7 +842,8 @@ mod test { // Queueing KeyAgreement request and response let key_agreement_req = CborRequest::try_from( &Ctap2ClientPinRequest::new_get_key_agreement(Ctap2PinUvAuthProtocol::One), - ).unwrap(); + ) + .unwrap(); let key_agreement_resp = CborResponse::new_success_from_slice( to_vec(&Ctap2ClientPinResponse { key_agreement: Some(get_key_agreement()), @@ -853,12 +863,14 @@ mod test { let pin_protocol = PinUvAuthProtocolOne::new(); let (public_key, shared_secret) = pin_protocol.encapsulate(&get_key_agreement()).unwrap(); - let pin_req = CborRequest::try_from(&Ctap2ClientPinRequest::new_get_uv_token_with_perm( - Ctap2PinUvAuthProtocol::One, - public_key, - getassertion.permissions(), - getassertion.permissions_rpid(), - )).unwrap(); + let pin_req = + CborRequest::try_from(&Ctap2ClientPinRequest::new_get_uv_token_with_perm( + Ctap2PinUvAuthProtocol::One, + public_key, + getassertion.permissions(), + getassertion.permissions_rpid(), + )) + .unwrap(); // We do here what the device would need to do, i.e. generate a new random // pinUvAuthToken (here all 5's), then encrypt it using the shared_secret. let token = [5; 32]; @@ -946,9 +958,10 @@ mod test { channel.push_command_pair(info_req, info_resp); // Queueing PinRetries request and response - let pin_retries_req = CborRequest::try_from(&Ctap2ClientPinRequest::new_get_pin_retries( - Some(Ctap2PinUvAuthProtocol::One), - )).unwrap(); + let pin_retries_req = CborRequest::try_from( + &Ctap2ClientPinRequest::new_get_pin_retries(Some(Ctap2PinUvAuthProtocol::One)), + ) + .unwrap(); let pin_retries_resp = CborResponse::new_success_from_slice( to_vec(&Ctap2ClientPinResponse { key_agreement: None, @@ -965,7 +978,8 @@ mod test { // Queueing KeyAgreement request and response let key_agreement_req = CborRequest::try_from( &Ctap2ClientPinRequest::new_get_key_agreement(Ctap2PinUvAuthProtocol::One), - ).unwrap(); + ) + .unwrap(); let key_agreement_resp = CborResponse::new_success_from_slice( to_vec(&Ctap2ClientPinResponse { key_agreement: Some(get_key_agreement()), @@ -988,13 +1002,15 @@ mod test { let pin_hash_enc = pin_protocol .encrypt(&shared_secret, &pin_hash("1234".as_bytes())) .unwrap(); - let pin_req = CborRequest::try_from(&Ctap2ClientPinRequest::new_get_pin_token_with_perm( - Ctap2PinUvAuthProtocol::One, - public_key, - &pin_hash_enc, - getassertion.permissions(), - getassertion.permissions_rpid(), - )).unwrap(); + let pin_req = + CborRequest::try_from(&Ctap2ClientPinRequest::new_get_pin_token_with_perm( + Ctap2PinUvAuthProtocol::One, + public_key, + &pin_hash_enc, + getassertion.permissions(), + getassertion.permissions_rpid(), + )) + .unwrap(); // We do here what the device would need to do, i.e. generate a new random // pinUvAuthToken (here all 5's), then encrypt it using the shared_secret. let token = [5; 32];