Update to heapless 0.9#133
Closed
sosthene-nitrokey wants to merge 16 commits intomainfrom
Closed
Conversation
Trussed itself already ignored this associated data (trussed-dev/trussed#108), and the unwrapping was already performed with no associated data. Not removing it would lead to breakage once (trussed-dev/trussed#108) is merged. Adding the AD to the unwrapping step would break compatibility with currently registerd credentials. Security: This is not an issue because the credentials stored locally contain the proper app id which is checked when the credential is decrypted.
This patch sets the makeCredUvNotRqd CTAP option to true to indicate that we support makeCredential operations without user verification. See also: https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#getinfo-makecreduvnotrqd Fixes: trussed-dev#26
As required by the Webauthn spec, we now ignore public key credential parameters with a type other than "public-key". Fixes: trussed-dev#28
Users with an empty ID should not be returned by getAssertion to avoid compatibility issues. Fixes: trussed-dev#32
Previously, a PinAuthBlocked error was already returned after two wrong PIN entries. The reason for this as that decrement_retries also checks if the allowed retries are exceeded. This as unnecessary because pin_blocked is always checked before decrement_retries is called. This patch removes the check in decrement_retries. Fixes: trussed-dev#35
The getAssertion command does not use the rk option so we return an InvalidOption error if it is set. Fixes: trussed-dev#31
This patch adds log messages for each request and response (and deserialization or protocol errors) in the dispatch module. This makes it easier to keep track of the executed commands by just looking at the log output from fido_authenticator::dispatch.
This pulls in all changes from the Nitrokey/fido-authenticator repository, improving compliance with the CTAP spec, adding support for CTAP 2.1 and implementing new features like the largeBlob extension.
This makes it possible to publish this crate to crates.io. The reason to use patches was to make it easier to use the crate in other crates, but this is not relevant for dev-dependencies.
sosthene-nitrokey
force-pushed
the
heapless-09
branch
5 times, most recently
from
2f02224 to
a0d6d2a
Compare
Member
|
Shouldn’t we merge this upstream in trussed-dev#48? AFAIR the only reason why this repository is not archived yet is that I still need to transfer some of the issues. |
robin-nitrokey
force-pushed
the
heapless-09
branch
from
a0d6d2a to
838c65a
Compare
Member
|
Closing in favor of trussed-dev#48. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.