Allow longer credential_id values to accommodate Titan security key (#…

…2374) As per [report from a user](https://forum.dfinity.org/t/error-when-adding-fido-device/28523/4), the [Titan security key](https://store.google.com/us/product/titan_security_key) offered by Google generates `credential_id` values of 304 bytes. This PR increases the limit of that field up to 350 bytes to accommodate it. However, the limits for a single identity in general have not been raised. This means that the potential for abuse is negligible as users now just have more flexibility _how_ to allocate their space among the different fields.
dfinity · Mar 21, 2024 · f0dc1b6 · f0dc1b6
1 parent 21856f9
commit f0dc1b6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/internet_identity/src/storage/anchor.rs b/src/internet_identity/src/storage/anchor.rs
@@ -515,7 +515,7 @@ fn check_device_limits(device: &Device) -> Result<(), AnchorError> {
     const ORIGIN_LEN_LIMIT: usize = 50;
     const ALIAS_LEN_LIMIT: usize = 64;
     const PK_LEN_LIMIT: usize = 300;
-    const CREDENTIAL_ID_LEN_LIMIT: usize = 200;
+    const CREDENTIAL_ID_LEN_LIMIT: usize = 350;
 
     let n = device.alias.len();
     if n > ALIAS_LEN_LIMIT {

diff --git a/src/internet_identity/src/storage/anchor/tests.rs b/src/internet_identity/src/storage/anchor/tests.rs
@@ -75,7 +75,7 @@ fn should_enforce_pubkey_limit() {
 fn should_enforce_credential_id_limit() {
     let mut anchor = Anchor::new(ANCHOR_NUMBER);
     let mut device = sample_device();
-    device.credential_id = Some(ByteBuf::from([0; 201]));
+    device.credential_id = Some(ByteBuf::from([0; 351]));
 
     let result = anchor.add_device(device);