Correct credential minimum size

google · Aug 9, 2023 · 6e8be2f · 6e8be2f
1 parent 6147818
commit 6e8be2f
Showing 1 changed file with 1 addition and 8 deletions.
diff --git a/libraries/opensk/src/api/key_store.rs b/libraries/opensk/src/api/key_store.rs
@@ -29,14 +29,13 @@ use rand_core::RngCore;
 use sk_cbor as cbor;
 use sk_cbor::{cbor_map_options, destructure_cbor_map};
 
-const LEGACY_CREDENTIAL_ID_SIZE: usize = 112;
 // CBOR credential IDs consist of
 // - 1 byte : version number
 // - 16 bytes: initialization vector for AES-256,
 // - 192 bytes: encrypted block of the key handle cbor,
 // - 32 bytes: HMAC-SHA256 over everything else.
 pub const CBOR_CREDENTIAL_ID_SIZE: usize = 241;
-const MIN_CREDENTIAL_ID_SIZE: usize = LEGACY_CREDENTIAL_ID_SIZE;
+const MIN_CREDENTIAL_ID_SIZE: usize = CBOR_CREDENTIAL_ID_SIZE;
 pub(crate) const MAX_CREDENTIAL_ID_SIZE: usize = CBOR_CREDENTIAL_ID_SIZE;
 
 pub const CBOR_CREDENTIAL_ID_VERSION: u8 = 0x01;
@@ -183,12 +182,6 @@ impl<T: Helper> KeyStore for T {
  /// - the format does not match any known versions, or
  /// - the HMAC test fails.
  ///
- /// For v0 (legacy U2F) the credential ID consists of:
- /// - 16 bytes: initialization vector for AES-256,
- /// - 32 bytes: encrypted ECDSA private key for the credential,
- /// - 32 bytes: encrypted relying party ID hashed with SHA256,
- /// - 32 bytes: HMAC-SHA256 over everything else.
- ///
  /// For v1 (CBOR) the credential ID consists of:
  /// - 1 byte : version number,
  /// - 16 bytes: initialization vector for AES-256,