Robin Krahl
|
92f3642345
|
Add tests for signature counter
|
2026-05-31 17:00:48 +02:00 |
|
Emanuele Cesena
|
de69cd1ffc
|
ctap2: accept up=true on MakeCredential; LargeBlobs Set accepts both PIN protocols
|
2026-05-28 22:56:20 +02:00 |
|
Emanuele Cesena
|
d64976c5da
|
ctap2.3: getinfo advertises FIDO_2_3
|
2026-05-28 22:56:08 +02:00 |
|
Emanuele Cesena
|
e91fb4779f
|
ctap2.3: advertise smart-card transport when CCID is enabled
|
2026-05-28 22:07:03 +02:00 |
|
Emanuele Cesena
|
bcec723f1b
|
ctap2.2: implement hmac-secret-mc extension at MakeCredential time
Fixes: https://github.com/trussed-dev/fido-authenticator/issues/52
|
2026-05-28 21:58:18 +02:00 |
|
Emanuele Cesena
|
a7e869b8c5
|
ctap2.1: test user field in RK allowlist GetAssertion response
|
2026-05-28 19:24:40 +02:00 |
|
Emanuele Cesena
|
e3c79dfd85
|
ctap2.1: §6.5.5 PIN management — code-point validation + reject same-PIN under forcePINChange + align setPin/getPinToken error codes
Fixes: https://github.com/trussed-dev/fido-authenticator/issues/43
|
2026-05-28 19:23:29 +02:00 |
|
Emanuele Cesena
|
96a96316f0
|
ctap2.1: alwaysUv + toggleAlwaysUv (CTAP 2.1 §6.4, §6.11.2, §7.2) — full implementation
|
2026-05-28 19:11:04 +02:00 |
|
Emanuele Cesena
|
3daba7d8a3
|
ctap2.1: setMinPINLength (§6.11.4) + minPinLength extension at MakeCredential (§10.1.2.1)
|
2026-05-28 19:02:26 +02:00 |
|
Robin Krahl
|
94c439d726
|
Add tests for credBlob extension
|
2026-05-22 16:53:27 +02:00 |
|
Robin Krahl
|
4554cb866e
|
make_credential: Support non-discoverable credentials without PIN
Currently, we always require the PIN to be used for make_credential
operations if it is set. This patch implements the makeCredUvNotRqd
option that allows non-discoverable credentials to be created without
using the PIN according to § 6.1.2 Step 6 of the specification, see:
https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#sctn-makeCred-authnr-alg
https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#getinfo-makecreduvnotrqd
Fixes: https://github.com/Nitrokey/fido-authenticator/issues/34
|
2025-05-07 22:20:20 +02:00 |
|
Robin Krahl
|
223bc11eec
|
Always reject uv = true in make_credential and get_assertion
This changes the error code if uv = true to InvalidOption even if a PIN
is set. Previously, we returned PinRequired if a PIN is set. The new
implementation follows § 6.1.2 Step 5 of the specification more closely.
https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#sctn-makeCred-authnr-alg
|
2025-05-07 21:57:44 +02:00 |
|
Robin Krahl
|
7ff0518b68
|
hmac-secret: Forbid up=false
Fixes: https://github.com/Nitrokey/fido-authenticator/issues/19
|
2025-05-07 16:04:44 +02:00 |
|
Robin Krahl
|
91a57756c0
|
tests: Use hmac-secret extension in TestGetAssertion
|
2025-05-07 15:54:54 +02:00 |
|
Robin Krahl
|
fed17e9b35
|
tests: Remove exhaustive dependency
|
2025-02-19 12:34:23 +01:00 |
|
Robin Krahl
|
2c8efe16c2
|
tests: Inspect filesystem after test runs
|
2025-02-19 12:34:22 +01:00 |
|
Robin Krahl
|
dfcaf94096
|
tests: Add getNextAssertion tests
|
2025-02-18 10:46:12 +01:00 |
|
Robin Krahl
|
f3679b8dd5
|
tests: Add changePin tests
|
2025-02-18 10:46:11 +01:00 |
|
Robin Krahl
|
fd6fc9b8a8
|
tests: Extend setPin tests
|
2025-02-18 10:46:11 +01:00 |
|
Robin Krahl
|
726ce464be
|
tests: Add getPinRetries tests
|
2025-02-18 10:46:11 +01:00 |
|
Robin Krahl
|
add1cebd26
|
tests: Extend getPinToken tests
|
2025-02-18 10:46:11 +01:00 |
|
Robin Krahl
|
9e4cd65e54
|
tests: Extend getAssertion tests
|
2025-02-18 10:46:11 +01:00 |
|
Robin Krahl
|
10b0334fed
|
tests: Extend makeCredential tests
|
2025-02-18 10:46:11 +01:00 |
|
Robin Krahl
|
83477813bf
|
tests: Add helper trait and use exhaustive
|
2025-02-18 10:46:09 +01:00 |
|
Robin Krahl
|
d0885e1ccb
|
Extend credential management tests
This patch adds tests for deleting discoverable credentials and for
updating the user information for existing credentials.
|
2025-01-21 10:23:25 +01:00 |
|