Releases: linux-credentials/libwebauthn
Release list
libwebauthn v0.9.0
Highlights
Transports
- NFC and hybrid (caBLE) transports are now advertised to relying parties (#282)
- Duplicate USB HID/NFC authenticators are deduplicated (#270)
- caBLE tunnel redirects are followed and dead links are forgotten instead of left stale (#274)
Extensions
credProtectsupport is now feature-detected fromgetInfo(#273)prfaccepts theevalByCredentialJSON key (#277)
Features
- New
authenticatorResetcommand (#296) - Backup eligibility and state flags (
BE/BS) are modeled on credentials (#272)
Bugfixes
appid/appidExcludeandrp.idare now authorized against the caller's actual origin, and IP-literalrp.idvalues are rejected (#275, #285)attestation=nonenow actually scrubs the attestation statement and AAGUID (#284)- Credential preflight no longer treats transient transport errors as a missing credential (#287)
- PIN policy is honored and PINs are normalized before use (#281)
Hardening
- BLE connections fail closed when bluez bonding state can't be confirmed (#283)
- caBLE linking updates with invalid signatures can no longer evict a known device (#288)
getNextAssertioniteration is bounded and validated against a hostile authenticator (#290)- Authenticator config subcommands are gated on declared
getInfocapabilities (#291) - Unknown CTAP status codes are preserved instead of reported as framing errors (#286)
- Unknown transport values in credential descriptors are tolerated per spec (#289)
getInforequest sizes are bounded (#278)
API
- Transport errors are now per-transport typed via a generic ceremony
Error<E>; the previousWebAuthnErrorname is kept as an alias (#297) - Public response and spec types are now
#[non_exhaustive]ahead of a future stable release (#293)
What's Changed
- fix(cable): follow tunnel redirects and forget gone links by @AlfioEmanueleFresta in #274
- feat(fido): model backup eligibility and state flags by @AlfioEmanueleFresta in #272
- feat(transport): advertise NFC and hybrid transports by @AlfioEmanueleFresta in #282
- fix(ctap2): feature-detect credProtect from getInfo by @AlfioEmanueleFresta in #273
- fix(webauthn): accept PRF evalByCredential JSON key by @AlfioEmanueleFresta in #277
- feat(ctap2): enforce getInfo request limits by @AlfioEmanueleFresta in #278
- test(ctap2): pin canonical CBOR and COSE vectors by @AlfioEmanueleFresta in #279
- test(ctap2): verify signature round-trip by @AlfioEmanueleFresta in #280
- feat(nfc): dedupe USB-HID authenticators by @AlfioEmanueleFresta in #270
- fix(pin): honor PIN policy and normalize PINs by @AlfioEmanueleFresta in #281
- chore(ci): declare and gate msrv at 1.88 by @AlfioEmanueleFresta in #292
- test(ctap1): cover u2f downgrade exclude-list preflight by @AlfioEmanueleFresta in #295
- docs: document UV update wiring and add license, msrv, cable rows by @AlfioEmanueleFresta in #294
- fix(ble): fail closed when bluez bonding state is unknown by @AlfioEmanueleFresta in #283
- fix(cable): do not evict known device on invalid linking update by @AlfioEmanueleFresta in #288
- fix(ctap2): preserve unknown ctap status codes and add 0x17/0x18 by @AlfioEmanueleFresta in #286
- fix(ctap2): tolerate unknown authenticator transports in descriptors by @AlfioEmanueleFresta in #289
- fix(authnr-config): gate config subcommands on getInfo capabilities by @AlfioEmanueleFresta in #291
- fix(webauthn): default rp.id to effective domain and reject ip-literal rp ids by @AlfioEmanueleFresta in #285
- feat(webauthn): scrub attestation for attestation=none conveyance by @AlfioEmanueleFresta in #284
- fix(preflight): treat only no-credentials as credential absence by @AlfioEmanueleFresta in #287
- fix(webauthn): bound and validate getNextAssertion iteration by @AlfioEmanueleFresta in #290
- chore(api): mark growable public response and spec types non_exhaustive by @AlfioEmanueleFresta in #293
- refactor(error): per-transport TransportError and generic ceremony Error by @AlfioEmanueleFresta in #297
- feat(ctap2): implement authenticatorReset command by @AlfioEmanueleFresta in #296
- fix(webauthn): authorize appid against caller origin by @AlfioEmanueleFresta in #275
- chore(release): 0.9.0 by @AlfioEmanueleFresta in #298
Full Changelog: libwebauthn-v0.8.0...libwebauthn-v0.9.0
libwebauthn v0.8.0
What's Changed
- feat(webauthn): surface getAssertion unsignedExtensionOutputs to client extension results by @AlfioEmanueleFresta in #260
- feat(webauthn): PRF with hybrid authenticators via the prf extension by @AlfioEmanueleFresta in #269
- chore(release): 0.8.0 by @AlfioEmanueleFresta in #271
Full Changelog: libwebauthn-v0.7.1...libwebauthn-v0.8.0
libwebauthn v0.7.1
What's Changed
- fix(ctap2): do not send uv option together with pinUvAuthParam by @Nisker in #265
- fix(credmgmt): Yubikey error when NextCred is not handled statefully by @Nisker in #264
- chore(release): 0.7.1 by @AlfioEmanueleFresta in #268
New Contributors
Full Changelog: libwebauthn-v0.7.0...libwebauthn-v0.7.1
libwebauthn v0.7.0
Highlights
Features
- largeBlob extension: read, write, and delete (#206, #261)
- Persistent
pinUvAuthTokenfor read-only credential management, the CTAP 2.2perCredMgmtROfeature, with a caller-supplied token store and invalidation on rejection or PIN change (#231-#234) - Enforce
userVerification=requiredon the shared-secret path (#248)
Fixes
- base64url-decode
excludeCredentialsids (#242) - order
crossOriginbeforetopOriginin clientDataJSON (#241) - scope
rp.idto the registrable domain under multi-label suffixes (#240) - emit makeCredential extensions in canonical CBOR order (#243)
- preserve raw
authenticatorData,rpIDHash, andtemplateId(#245, #249) - decode
unsignedExtensionOutputsat GetAssertion (#244) - full-length
U2F_REGISTERresponse and preserved APDU status words on NFC (#246, #247)
What's Changed
- feat(pin): add pcmr permission and rename ephemeral token source (1/5) by @AlfioEmanueleFresta in #231
- feat(pin): add persistent token store trait and HID plumbing (2/5) by @AlfioEmanueleFresta in #232
- feat(pin): acquire and reuse persistent tokens via encIdentifier recognition (3/5) by @AlfioEmanueleFresta in #233
- feat(pin): invalidate persistent tokens on rejection and PIN change (4/5) by @AlfioEmanueleFresta in #234
- docs(credmgmt): document persistent token usage and add example (5/5) by @AlfioEmanueleFresta in #235
- fix(webauthn): scope rp.id to the registrable domain under multi-label suffixes by @AlfioEmanueleFresta in #240
- fix(webauthn): order crossOrigin before topOrigin in clientDataJSON by @AlfioEmanueleFresta in #241
- fix(ctap2): emit makeCredential extensions in canonical CBOR order by @AlfioEmanueleFresta in #243
- fix(ctap2): return raw rpIDHash and templateId from management by @AlfioEmanueleFresta in #245
- fix(ctap1): request full-length response for U2F_REGISTER by @AlfioEmanueleFresta in #246
- fix(nfc): preserve APDU status words on the U2F path by @AlfioEmanueleFresta in #247
- fix(webauthn): enforce userVerification=required on the shared-secret path by @AlfioEmanueleFresta in #248
- fix(webauthn): base64url-decode excludeCredentials ids by @AlfioEmanueleFresta in #242
- fix(ctap2): decode unsignedExtensionOutputs at GetAssertion 0x08 by @AlfioEmanueleFresta in #244
- fix(ctap2): preserve raw authenticatorData bytes by @AlfioEmanueleFresta in #249
- feat(webauthn): largeBlob read via authenticatorLargeBlobs by @AlfioEmanueleFresta in #206
- feat(webauthn): largeBlob write and delete by @AlfioEmanueleFresta in #261
- chore(release): 0.7.0 by @AlfioEmanueleFresta in #262
Full Changelog: libwebauthn-v0.6.0...libwebauthn-v0.7.0
libwebauthn v0.6.0
Highlights
Features
- Related origins: assertions can now validate against related origins per WebAuthn L3 §5.11, with an optional reqwest-backed
.well-known/webauthnfetcher behind thereqwest-related-origins-sourcefeature. - SubjectPublicKeyInfo:
getPublicKey()now returns a DER-encoded SubjectPublicKeyInfo.
Bugfixes
- Credential public keys are stored as opaque COSE bytes, preserving the authenticator's exact encoding.
- Arbitrary COSE algorithm identifiers are passed through instead of being rejected.
What's Changed
- fix(ctap2): pass through arbitrary COSE algorithm identifiers by @AlfioEmanueleFresta in #228
- fix(ctap2): store credential public keys as opaque COSE bytes by @AlfioEmanueleFresta in #229
- feat(webauthn): emit SubjectPublicKeyInfo from getPublicKey() by @AlfioEmanueleFresta in #230
- docs: document full API on docs.rs and guard the build in CI by @AlfioEmanueleFresta in #236
- chore(clippy): enforce production denies in CI by @AlfioEmanueleFresta in #238
- feat(webauthn): related-origins validation (WebAuthn L3 §5.11) by @AlfioEmanueleFresta in #219
- chore(release): 0.6.0 by @AlfioEmanueleFresta in #239
Full Changelog: libwebauthn-v0.5.1...libwebauthn-v0.6.0
libwebauthn v0.5.1
What's Changed
- chore(cargo): tidy package metadata by @AlfioEmanueleFresta in #221
- fix(cable): return ConnectionFailed for both Terminated paths by @AlfioEmanueleFresta in #222
- fix(cable): GetInfo timing out before BLE handshake completes by @AlfioEmanueleFresta in #226
- chore(release): 0.5.1 by @AlfioEmanueleFresta in #227
Full Changelog: libwebauthn-v0.5.0...libwebauthn-v0.5.1
libwebauthn v0.5.0
Highlights
Transport
- CTAP 2.3 hybrid over a direct BLE L2CAP channel (#216)
Extensions
Features
- DAFSA-format Public Suffix List reader (#215)
Bugfixes
- BLE spec conformance: notify, write-with-response, bonded check (#202)
- Hybrid: omit QR key 6 by default to keep legacy caBLE clients happy (#216)
largeBlob.readno longer leakslargeBlobKeyto RP (#198)- PRF inputs of any length per WebAuthn L3 (#211)
Hardening
- HID wall-clock timeouts and continuation-packet validation (#205)
- Broad input hardening against hostile authenticator input (#203, #207)
What's Changed
- chore(release): 0.3.1 with workspace split by @AlfioEmanueleFresta in #186
- refactor(webauthn): use RequestOrigin instead of RelyingPartyId in WebAuthnIDL (fix #185) by @AlfioEmanueleFresta in #188
- fix(webauthn): validate rp.id as a registrable domain suffix (fix #187) by @AlfioEmanueleFresta in #190
- fix(webauthn): largeBlob.read no longer leaks largeBlobKey to RP by @AlfioEmanueleFresta in #198
- fix(webauthn): strip transports from CTAP2 PublicKeyCredentialDescriptor by @AlfioEmanueleFresta in #192
- fix(nfc): require backend feature; rename to nfc-backend-{pcsc,libnfc} by @AlfioEmanueleFresta in #193
- refactor(examples): unify, simplify, group examples by @AlfioEmanueleFresta in #194
- fix(nfc): recognise FIDO_2_1, FIDO_2_1_PRE, FIDO_2_2 in select_fido2 by @AlfioEmanueleFresta in #197
- refactor(webauthn): remove private methods with underscore prefix by @AlfioEmanueleFresta in #179
- fix(webauthn): escape clientDataJSON strings per CCDToString by @AlfioEmanueleFresta in #196
- fix(ctap2): check status code in getNextAssertion by @AlfioEmanueleFresta in #199
- fix(ctap1): emit Le on U2F APDUs to support case 4 by @AlfioEmanueleFresta in #200
- fix(webauthn): refuse U2F downgrade when credProtect enforce or largeBlob required by @AlfioEmanueleFresta in #201
- fix(security): bound panics on hostile authenticator inputs by @AlfioEmanueleFresta in #203
- chore(clippy): enable stricter lints by @AlfioEmanueleFresta in #207
- fix(webauthn): allow PRF inputs of any length (fix #209) by @AlfioEmanueleFresta in #211
- fix(deps): bump publicsuffix to 2.3 to drop vulnerable idna 0.2.3 by @AlfioEmanueleFresta in #214
- feat(webauthn): force UV=required when PRF extension is requested (fix #183) by @AlfioEmanueleFresta in #213
- feat(webauthn): support hmac-secret-mc CTAP 2.2 extension (fix #147) by @AlfioEmanueleFresta in #212
- fix(ble): notifications, write-with-response, LE secure connections check by @AlfioEmanueleFresta in #202
- feat(webauthn): support appid and appidExclude extensions by @AlfioEmanueleFresta in #204
- fix(hid): wall-clock timeout and continuation-packet validation by @AlfioEmanueleFresta in #205
- feat(psl): add DAFSA-format Public Suffix List reader by @AlfioEmanueleFresta in #215
- feat(cable): hybrid transport over a direct BLE L2CAP channel by @AlfioEmanueleFresta in #216
- fix(cable): propagate post-handshake errors from protocol::connection by @AlfioEmanueleFresta in #217
- fix(cable): preserve I/O error kind on the WebSocket data channel by @AlfioEmanueleFresta in #218
- chore(release): 0.5.0 by @AlfioEmanueleFresta in #220
Full Changelog: libwebauthn-v0.3.0...libwebauthn-v0.5.0
libwebauthn-v0.3.0
See README.md for all features supported in v0.3.0.
We're working towards our first production-ready release. You can track our progress on the GitHub project (Passkeys for the Linux Desktop).
What's Changed
- Support attested_credential and extensions both be present in AuthenticatorData by @jo-bitsch in #136
- extended the tests for AuthData deserialization by @jo-bitsch in #139
- Fix PadError when doing HMAC calculation by @msirringhaus in #140
- Add SECURITY.md by @AlfioEmanueleFresta in #145
- README.md: credentialsd link & Matrix room by @AlfioEmanueleFresta in #144
- Switch to fido-authenticator from Nitrokey for virtual HID device by @msirringhaus in #143
- Allow for shared secret to be created even if no PIN is set on the device by @msirringhaus in #146
- Add more UV-negotiation tests by @msirringhaus in #149
- Switch virt device to RAM only and use message passing to allow for state to be kept across device lifetime by @msirringhaus in #150
- Implement pin protocol tests by @msirringhaus in #151
- Implement NFC by @msirringhaus in #152
- Log when CTAP2 bio_enrollment responses return None fields by @jkaiwar in #153
- README.md: Add NFC support by @AlfioEmanueleFresta in #163
- Remove unused aws-lc-rs dependency by @iinuwa in #164
- Web IDL support 1/N: GA, MC basic parsing by @AlfioEmanueleFresta in #138
- Web IDL support 2/N: drop HMAC from WebAuthn ops by @AlfioEmanueleFresta in #166
- Fix #157: userVerification to default to Preferred by @AlfioEmanueleFresta in #158
- Fix #137: Add RP ID validation with IDNA normalization by @AlfioEmanueleFresta in #162
- Web IDL support 3/N: response JSON serialization by @AlfioEmanueleFresta in #155
- Rename to_inner_model to to_idl_model by @AlfioEmanueleFresta in #170
- Set default timeout to 300 seconds by @iinuwa in #172
- Add
to_json_valuetoWebAuthnIDLResponse, renameto_json→to_json_stringby @Copilot in #169 - Always return credential ID in GetAssertion response by @AlfioEmanueleFresta in #174
- chore(clippy): Fix all clippy warnings by @AlfioEmanueleFresta in #176
- feat(cable): add transport availability API (fix #142) by @AlfioEmanueleFresta in #177
- refactor(clippy): do not panic in production code paths by @AlfioEmanueleFresta in #178
- chore(ci): add code formatting checks by @AlfioEmanueleFresta in #180
- feat(ble): support FIDO2 for BLE transport, chooses best protocol available (fix #27) by @AlfioEmanueleFresta in #175
- Make PinNotSet errors an interactive flow by @msirringhaus in #181
- Release 0.3.0 by @AlfioEmanueleFresta in #184
New Contributors
- @jo-bitsch made their first contribution in #136
- @jkaiwar made their first contribution in #153
Full Changelog: libwebauthn-v0.2.2...libwebauthn-v0.3.0
libwebauthn v0.2.2
See README.md for all features supported in v0.2.2.
We're working towards our first production-ready release. You can track our progress on the GitHub project (Passkeys for the Linux Desktop).