Skip to content

Credential management and credProtect added
Compare
Choose a tag to compare
@conorpp conorpp released this 27 Mar 15:28
· 64 commits to master since this release
4.0.0
This tag was signed with the committer’s verified signature.
conorpp Conor Patrick
GPG key ID: 4638EB2F0CDDBCB5
Learn about vigilant mode.
5f8a9a4

After discussion with @nickray, I'm making this a major version release and deleting the old 3.2.0, because it will likely void any existing RK credentials on your solo device when updating from <4.0.0.

Warning: After this update, any existing RK's on your device will likely not work anymore. If you're not sure about what RK/resident-key is, then you probably do not have any and do not need to worry.

Additional improvements from (now defunct) 3.2.0 release:

  • Bug fixes to credMgmt (#404)
  • Allow depth-first-search when enumerating credentials (#406)

Two big features added in this release:

  • Credential management (able to enumerate and delete resident key credentials).
  • credProtect extension (able to enforce UV on specific credentials)

Changes:

  • add cred protect extension
  • Fix issues with RK buffer handling
  • Fix issue with credentials being ordered incorrectly for getAssertion's
  • Fix issue with extensions not being applied to getNextAssertion assertions.
  • Fix issue with some getNextAssertions not signing correct rpIdHash.
  • Refactor + bugfix credential management
  • Add delete command for credential management
  • Add user presence check if a credential is excluded during makeCredential step
  • Add custom vendor command for rebooting device to allow easier testing.
  • Fix regression with user presence being collected twice in some cases.

This has been successfully tested for Microsoft / Azure AD compatibility.

Public tests have been added to fido2-tests.

Thank you to @rgerganov for his contributions on credential management and fixing bugs (#392, #398, #391, #404).

Thank you to @My1 for help testing and providing logs.

Assets 13
Loading