You've already forked fido-authenticator
mirror of
https://github.com/trussed-dev/fido-authenticator.git
synced 2026-06-20 04:16:16 -07:00
5.2 KiB
5.2 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
v0.4.0-rc.3 (2026-06-01)
- Update to
ctap-typesv0.6.0-rc.4.
v0.4.0-rc.2 (2026-05-31)
- Fix signature counter to improve spec compliance:
- Set the initial signature counter to 1.
- Correctly handle signature counter overflows by returning 0.
- Increment the signature counter by a positive random number per assertion.
- Add the
Config::newmethod to create an instance with the default values. - Add support for multiple credential ID versions and add the
credential_id_versionfield toConfig. - Add
CredentialIdVersion::V2using AES-256-GCM. - Make firmware version configurable depending on the current credential ID format.
v0.4.0-rc.1 (2026-05-29)
- Update to
ctap-typesv0.6.0-rc.2. - Set
algorithms,authenticator_config_commands,firmware_version,max_serialized_large_blob_arrayandremaining_discoverable_credentialsinget_infoand addfirmware_versiontoConfig. - Implement these new extensions:
credBlobhmac-secret-mcminPinLength
- Implement the
alwaysUvfeature. - Implement the
configcommand with these subcommands:toggleAlwaysUvsetMinPINLength
- Add
ccid_transporttoConfigand settransportsinget_infoaccordingly. - Indicate support for
FIDO_2_3inget_info. - Load full credential from filesstem for getAssertion if an allow list is used with a discoverable credential.
- Use UTF-8 code points instead of bytes when checking the minimum length for PINs.
- Accept
up = truein makeCredential. - Fix PIN verification in
large_blobs_set.
v0.3.0 (2026-03-25)
- Update dependencies:
apdu-appv0.2coseyv0.4ctap-typesv0.5ctaphid-appv0.2heaplessv0.9heapless-bytesv0.5iso7816v0.2trussed-chunkedv0.3trussed-corev0.2trussed-fs-infov0.3trussed-hkdfv0.4
v0.2.0 (2025-09-02)
- Set the
makeCredUvNotRqdCTAP option totrueto indicate that we support makeCredential operations without user verification (#26) - Ignore public key credential paramters with an unknown type, as required by the Webauthn spec (#28)
- Reject
rkoption in getAssertion (#31) - Ignore user data with empty ID in getAssertion (#32)
- Allow three instead of two PIN retries per boot (#35)
- Add log messages for requests, responses and errors
- Add config option for setting a maximum number of resident credentials.
- Reduce ID length for new credentials (#37)
- Update apdu-dispatch and reject calls to
select(#40) - Implement the
largeBlobKeyextension and thelargeBlobscommand (#38) - Fix error type for third invalid PIN entry (#60)
- Fix error type for cancelled user presence (#61)
- PIN protocol changes:
- Implement UpdateUserInformation subcommand for CredentialManagement
- Support CTAP 2.1
- Serialize PIN hash with
serde-bytes(#52) - Reduce the space taken by credential serialization (#59)
- Update dependencies:
- Replace
trusseddependency withtrussed-core - Replace
ctaphid-dispatchdependeny withctaphid-app
- Replace
- Remove the per-relying party directory to save space (#55)
[0.1.1] - 2022-08-22
- Fix bug that treated U2F payloads as APDU over APDU in NFC transport @conorpp
- Add config option to skip UP when device was just booted, as insertion is a kind of UP check @robin-nitrokey
[0.1.0] - 2022-03-17
- use 2021 edition
- use @szszszsz's credential ID shortening
- get rid of the two big heaps, only cache timestamp + filename in GetAssertion
- bump to the released dependencies
- integrate
dispatch-fido