d53f29a1be
Release v0.2.0
2025-09-02 09:38:53 +02:00
1c2ac73c9a
ci: Add workflow for publishing to crates.io
2025-09-02 09:32:09 +02:00
0aea58624f
Cleanup Cargo.toml
2025-09-02 09:30:10 +02:00
728a9c2b97
Use Git dependencies instead of patches
...
This makes it possible to publish this crate to crates.io. The reason
to use patches was to make it easier to use the crate in other crates,
but this is not relevant for dev-dependencies.
2025-09-02 09:30:10 +02:00
4b45601c5e
Merge remote-tracking branch 'nitrokey/main'
...
This pulls in all changes from the Nitrokey/fido-authenticator
repository, improving compliance with the CTAP spec, adding support for
CTAP 2.1 and implementing new features like the largeBlob extension.
2025-08-22 17:35:09 +02:00
01a2653c37
Update trussed to use new virtual store
2025-05-15 11:52:59 +02:00
cb30a2cc64
Remove usbip example
...
Instead, the nitrokey-3-firmware usbip runner should be used.
2025-05-15 09:34:19 +02:00
5ebb4a4830
clientPin: Support getRetries without PIN protocol
...
This fixes compatibility with CTAP 2.1.
Fixes: https://github.com/Nitrokey/fido-authenticator/issues/118
2025-05-12 17:42:26 +02:00
4554cb866e
make_credential: Support non-discoverable credentials without PIN
...
Currently, we always require the PIN to be used for make_credential
operations if it is set. This patch implements the makeCredUvNotRqd
option that allows non-discoverable credentials to be created without
using the PIN according to § 6.1.2 Step 6 of the specification, see:
https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#sctn-makeCred-authnr-alg
https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#getinfo-makecreduvnotrqd
Fixes: https://github.com/Nitrokey/fido-authenticator/issues/34
2025-05-07 22:20:20 +02:00
223bc11eec
Always reject uv = true in make_credential and get_assertion
...
This changes the error code if uv = true to InvalidOption even if a PIN
is set. Previously, we returned PinRequired if a PIN is set. The new
implementation follows § 6.1.2 Step 5 of the specification more closely.
https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#sctn-makeCred-authnr-alg
2025-05-07 21:57:44 +02:00
7ff0518b68
hmac-secret: Forbid up=false
...
Fixes: https://github.com/Nitrokey/fido-authenticator/issues/19
2025-05-07 16:04:44 +02:00
91a57756c0
tests: Use hmac-secret extension in TestGetAssertion
2025-05-07 15:54:54 +02:00
ba17bc506c
Replace core::iter::repeat(_).take(_) with core::iter::repeat_n(_, _)
...
This fixes a new clippy lint.
2025-05-06 21:48:40 +02:00
8b8a773831
Reduce duplicated key generation and signing logic
...
This patch moves the key generation and signing logic into the
SigningAlgorithm enum, removing some duplicated code from the ctap2 and
ctap2::credential_management modules.
2025-05-06 21:47:02 +02:00
e21d8687fc
Remove references to totp signing algorithm
2025-05-06 21:29:13 +02:00
443eca1787
Make credential: change the path of rks to rp_id_hash.credential_id_hash from rp_id_hash/credential_id_hash
...
The goal is to make credential storage more efficient, by making use of littlefs's
ability to inline file contents into the directory metadata when the file is small.
2025-02-20 13:44:22 +01:00
6f260ea49a
tests: Set opt-level to 2
2025-02-19 12:34:23 +01:00
fed17e9b35
tests: Remove exhaustive dependency
2025-02-19 12:34:23 +01:00
2c8efe16c2
tests: Inspect filesystem after test runs
2025-02-19 12:34:22 +01:00
dfcaf94096
tests: Add getNextAssertion tests
2025-02-18 10:46:12 +01:00
f3679b8dd5
tests: Add changePin tests
2025-02-18 10:46:11 +01:00
fd6fc9b8a8
tests: Extend setPin tests
2025-02-18 10:46:11 +01:00
726ce464be
tests: Add getPinRetries tests
2025-02-18 10:46:11 +01:00
add1cebd26
tests: Extend getPinToken tests
2025-02-18 10:46:11 +01:00
9e4cd65e54
tests: Extend getAssertion tests
2025-02-18 10:46:11 +01:00
Robin Krahl
Sosthène Guédon