Releases: trussed-dev/fido-authenticator
Releases · trussed-dev/fido-authenticator
Release list
v0.4.0-rc.3
- Update to
ctap-typesv0.6.0-rc.4.
v0.4.0-rc.2
- Fix signature counter to improve spec compliance:
- Set the initial signature counter to 1.
- Correctly handle signature counter overflows by returning 0.
- Increment the signature counter by a positive random number per assertion.
- Add the
Config::newmethod to create an instance with the default values. - Add support for multiple credential ID versions and add the
credential_id_versionfield toConfig. - Add
CredentialIdVersion::V2using AES-256-GCM. - Make firmware version configurable depending on the current credential ID format.
v0.4.0-rc.1
- Update to
ctap-typesv0.6.0-rc.2. - Set
algorithms,authenticator_config_commands,firmware_version,max_serialized_large_blob_arrayandremaining_discoverable_credentialsinget_infoand addfirmware_versiontoConfig. - Implement these new extensions:
credBlobhmac-secret-mcminPinLength
- Implement the
alwaysUvfeature. - Implement the
configcommand with these subcommands:toggleAlwaysUvsetMinPINLength
- Add
ccid_transporttoConfigand settransportsinget_infoaccordingly. - Indicate support for
FIDO_2_3inget_info. - Load full credential from filesstem for getAssertion if an allow list is used with a discoverable credential.
- Use UTF-8 code points instead of bytes when checking the minimum length for PINs.
- Accept
up = truein makeCredential. - Fix PIN verification in
large_blobs_set.
v0.3.0
v0.2.0
Changelog
- Set the
makeCredUvNotRqdCTAP option totrueto indicate that we support
makeCredential operations without user verification (#26) - Ignore public key credential paramters with an unknown type, as required by
the Webauthn spec (#28) - Reject
rkoption in getAssertion (#31) - Ignore user data with empty ID in getAssertion (#32)
- Allow three instead of two PIN retries per boot (#35)
- Add log messages for requests, responses and errors
- Add config option for setting a maximum number of resident credentials.
- Reduce ID length for new credentials (#37)
- Update apdu-dispatch and reject calls to
select(#40) - Implement the
largeBlobKeyextension and thelargeBlobscommand (#38) - Fix error type for third invalid PIN entry (#60)
- Fix error type for cancelled user presence (#61)
- PIN protocol changes:
- Implement UpdateUserInformation subcommand for CredentialManagement
- Support CTAP 2.1
- Serialize PIN hash with
serde-bytes(#52) - Reduce the space taken by credential serialization (#59)
- Update dependencies:
- Replace
trusseddependency withtrussed-core - Replace
ctaphid-dispatchdependeny withctaphid-app
- Replace
- Remove the per-relying party directory to save space (#55)