Include maxMessageSize as applicable

BryanJacobs · BryanJacobs · commit 4a99be954af5 · 2023-08-27T19:17:15.000+10:00
diff --git a/src/main/java/us/q3q/fido2/FIDO2Applet.java b/src/main/java/us/q3q/fido2/FIDO2Applet.java
@@ -5429,8 +5429,10 @@ private void sendAuthInfo(APDU apdu) {
 
         short offset = 0;
 
+        boolean includeMaxMsgSize = bufferMem.length != 1024;
+
         buffer[offset++] = FIDOConstants.CTAP2_OK;
-        buffer[offset++] = (byte) 0xAF; // Map - fifteen keys
+        buffer[offset++] = (byte) (includeMaxMsgSize ? 0xB1 : 0xB0); // Map - sixteen or seventeen keys
         buffer[offset++] = 0x01; // map key: versions
 
         if (alwaysUv || attestationData == null || filledAttestationData < attestationData.length) {
@@ -5484,6 +5486,13 @@ private void sendAuthInfo(APDU apdu) {
                 buffer, offset, (short) CannedCBOR.MAKE_CRED_UV_NOT_REQD.length);
         buffer[offset++] = (byte)(LOW_SECURITY_MAXIMUM_COMPLIANCE && !alwaysUv ? 0xF5 : 0xF4); // makeCredUvNotRequired = true or false
 
+        if (includeMaxMsgSize) {
+            buffer[offset++] = 0x05; // map key: maxMsgSize
+            buffer[offset++] = 0x19; // two-byte integer
+            Util.setShort(buffer, offset, (short) bufferMem.length);
+            offset += 2;
+        }
+
         buffer[offset++] = 0x06; // map key: pinProtocols
         buffer[offset++] = (byte) 0x82; // array: two items
         buffer[offset++] = 0x01; // pin protocol version 1
@@ -5492,17 +5501,17 @@ private void sendAuthInfo(APDU apdu) {
         buffer[offset++] = 0x07; // map key: maxCredentialCountInList
         buffer[offset++] = 0x0A; // ten
 
-        buffer[offset++] = 0x08; // map key: maxCredentialIdLength
-        offset = encodeIntTo(buffer, offset, (byte) CREDENTIAL_ID_LEN);
         final short amountInApduBuf = offset;
-
         if (!longResponse) {
             // We're going to have too much for one 256-byte buffer
             // So let's split into two halves, one directly APDU-written and one saved
             buffer = bufferMem;
             offset = 0;
         }
 
+        buffer[offset++] = 0x08; // map key: maxCredentialIdLength
+        offset = encodeIntTo(buffer, offset, (byte) CREDENTIAL_ID_LEN);
+
         buffer[offset++] = 0x0A; // map key: algorithms
         offset = Util.arrayCopyNonAtomic(CannedCBOR.ES256_ALG_TYPE, (short) 0,
                 buffer, offset, (short) CannedCBOR.ES256_ALG_TYPE.length);
@@ -5527,7 +5536,7 @@ private void sendAuthInfo(APDU apdu) {
         buffer[offset++] = 0x10; // map key: maxRPIDsForSetMinPinLength
         offset = encodeIntTo(buffer, offset, MAX_RP_IDS_MIN_PIN_LENGTH);
 
-        /*buffer[offset++] = 0x12; // map key: uvModality
+        buffer[offset++] = 0x12; // map key: uvModality
         buffer[offset++] = 0x19; // two-byte integer
         offset = Util.setShort(buffer, offset, (short) 0x0200); // uvModality "none"*/
 
@@ -6703,6 +6712,8 @@ private FIDO2Applet(byte[] array, short offset, byte length) {
                         FLASH_SCRATCH_SIZE = Util.getShort(array, offset);
                         offset += 2;
                         break;
+                    default:
+                        ISOException.throwIt(ISO7816.SW_WRONG_DATA);
                 }
             }
         }
