Bump encrypted size by 16 bytes

trussed-dev · Feb 29, 2024 · a44138f · a44138f
1 parent ae524b2
commit a44138f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/src/ctap2/client_pin.rs b/src/ctap2/client_pin.rs
@@ -62,12 +62,12 @@ pub struct Request {
  // Encrypted new PIN using `sharedSecret`.
  // (Encryption over UTF-8 representation of new PIN).
  #[serde(skip_serializing_if = "Option::is_none")]
- pub new_pin_enc: Option<Bytes<64>>,
+ pub new_pin_enc: Option<Bytes<80>>,
 
  // 0x06
  // Encrypted first 16 bytes of SHA-256 of PIN using `sharedSecret`.
  #[serde(skip_serializing_if = "Option::is_none")]
- pub pin_hash_enc: Option<Bytes<64>>,
+ pub pin_hash_enc: Option<Bytes<80>>,
 
  // 0x07
  #[serde(skip_serializing_if = "Option::is_none")]
@@ -97,7 +97,7 @@ pub struct Response {
 
  // 0x02, encrypted `pinToken` using `sharedSecret`
  #[serde(skip_serializing_if = "Option::is_none")]
- pub pin_token: Option<Bytes<32>>,
+ pub pin_token: Option<Bytes<48>>,
 
  // 0x03, number of PIN attempts remaining before lockout
  #[serde(skip_serializing_if = "Option::is_none")]

diff --git a/src/ctap2/get_assertion.rs b/src/ctap2/get_assertion.rs
@@ -19,7 +19,7 @@ use crate::webauthn::*;
 pub struct HmacSecretInput {
  pub key_agreement: EcdhEsHkdf256PublicKey,
  // *either* enc(salt1) *or* enc(salt1 || salt2)
- pub salt_enc: Bytes<64>,
+ pub salt_enc: Bytes<80>,
  pub salt_auth: Bytes<16>,
  #[serde(skip_serializing_if = "Option::is_none")]
  pub pin_protocol: Option<u32>,
@@ -41,7 +41,7 @@ pub struct ExtensionsOutput {
  #[serde(rename = "hmac-secret")]
  #[serde(skip_serializing_if = "Option::is_none")]
  // *either* enc(output1) *or* enc(output1 || output2)
- pub hmac_secret: Option<Bytes<64>>,
+ pub hmac_secret: Option<Bytes<80>>,
 }
 
 pub struct NoAttestedCredentialData(core::marker::PhantomData<()>);