Skip to content

Fix PIN length check #43

New issue
New issue
Open
Bug
Open
Fix PIN length check#43
Bug
@robin-nitrokey

Description

@robin-nitrokey
robin-nitrokey
opened on Sep 2, 2025

@sosthene-nitrokey in Nitrokey#62 (comment):

Minor issue of spec compliance:

Minimum PIN Length: 4 code points.

In decrypt_pin_check_length we check 4 bytes, not 4 code points. The max is still 63 bytes, so the check should be:

        let pin_length = pin.iter().position(|&b| b == b'\0').unwrap_or(pin.len());
        let pin_data = &pin[..pin_length];
        let pin_utf8 = core::str::from_utf8(pin_data)?;
        let pin_len_codepoints = pin_utf8.chars().count();

        if pin_len_codepoints < 4 || pin_length > 63{
            return Err(Error::PinPolicyViolation);
        }

Transferred from Nitrokey#64

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions