Fix styles

src/ctap/client_pin.rs

@@ -580,9 +580,17 @@ impl ClientPin {
         self.pin_uv_auth_token_state.has_permissions_rp_id(rp_id)
     }
 
-    /// Get the slot_id_in_use of the current pin_uv_auth_token_state, if any.
-    pub fn get_slot_id_in_use(&self) -> Option<usize> {
-        self.pin_uv_auth_token_state.slot_id_in_use()
+    /// Get the slot_id_in_use of the current pin_uv_auth_token_state if multi-PIN
+    /// feature is enabled. Otherwise return the default slot (0).
+    pub fn get_slot_id_in_use_or_default(
+        &self,
+        env: &mut impl Env,
+    ) -> Result<Option<usize>, Ctap2StatusCode> {
+        if storage::has_multi_pin(env)? {
+            Ok(self.pin_uv_auth_token_state.slot_id_in_use())
+        } else {
+            Ok(Some(0))
+        }
     }
 
     #[cfg(test)]
@@ -1543,7 +1551,7 @@ mod test {
         let pin_uv_auth_param_v2_from_v1_token =
             authenticate_pin_uv_auth_token(pin_uv_auth_token_v1, &message, PinUvAuthProtocol::V2);
 
-        assert_eq!(client_pin.get_slot_id_in_use(), Some(0));
+        assert_eq!(client_pin.pin_uv_auth_token_state.slot_id_in_use(), Some(0));
         assert_eq!(
             client_pin.verify_pin_uv_auth_token(
                 &message,

src/ctap/config_command.rs

@@ -91,14 +91,10 @@ pub fn process_config(
         pin_uv_auth_protocol,
     } = params;
 
-    let slot_id = if storage::has_multi_pin(env)? {
-        client_pin.get_slot_id_in_use()
-    } else {
-        Some(0)
-    };
+    let slot_id = client_pin.get_slot_id_in_use_or_default(env)?;
     let enforce_uv =
         !matches!(sub_command, ConfigSubCommand::ToggleAlwaysUv) && storage::has_always_uv(env)?;
-    // If multi-PIN feature is enabled, no PIN is in used, and the command is to turn off alwaysUv,
+    // If multi-PIN feature is enabled, no PIN is in use, and the command is to turn off alwaysUv,
     // the PIN check will be skipped here but an OPERATION_DENIED will still be returned later,
     // which is correct behavior.
     if (slot_id.is_some() && storage::pin_hash(env, slot_id.unwrap())?.is_some()) || enforce_uv {

src/ctap/mod.rs

@@ -778,11 +778,7 @@ impl CtapState {
             enterprise_attestation,
         } = make_credential_params;
 
-        let slot_id = if storage::has_multi_pin(env)? {
-            self.client_pin.get_slot_id_in_use()
-        } else {
-            Some(0)
-        };
+        let slot_id = self.client_pin.get_slot_id_in_use_or_default(env)?;
 
         self.pin_uv_auth_precheck(
             env,
@@ -1178,11 +1174,7 @@ impl CtapState {
             pin_uv_auth_protocol,
         } = get_assertion_params;
 
-        let slot_id = if storage::has_multi_pin(env)? {
-            self.client_pin.get_slot_id_in_use()
-        } else {
-            Some(0)
-        };
+        let slot_id = self.client_pin.get_slot_id_in_use_or_default(env)?;
 
         self.pin_uv_auth_precheck(
             env,

src/ctap/storage/key.rs

@@ -73,7 +73,9 @@ make_partition! {
     // - When adding a (non-persistent) key below this message, make sure its value is bigger or
     //   equal than NUM_PERSISTENT_KEYS.
 
-    /// If this entry exists and is empty, multi-PIN is enabled.
+    /// Whether multi-PIN is enabled.
+    ///
+    /// The value must be empty. Only presence of the value matters.
     MULTI_PIN = 983;
 
     // Start of key arrays for multi-PIN feature: these fields are separated for each slots, so