Releases: polhenarejos/pico-fido
Releases · polhenarejos/pico-fido
Version 5.6 EdDSA 1
v5.6-eddsa1
This tag was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
3b4ac12
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This is an experimental release. It adds support for EdDSA and Ed25519 curve.
Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.
Use with caution.
Version 5.4
v5.4
This tag was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
07729f8
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This release includes support for Yubikey emulation. With this release, Pico Fido key can be used with Yubico tools.
Enhancements:
- Added support for OTP (HOTP and TOTP).
- Added support for OATH (YKOATH protocol).
- Added support for challenge-response generation.
- Added support for emulated keyboard.
- If configured, when BOOTSEL button is pressed, an OTP is typed directly by emulating a keyboard. So, the OTP is introduced in the box where cursor is placed.
- Added support for YKMAN tool.
- Added support for YubiOTP specification.
- Added support for U2F applet selection.
This release brings support to Yubico OTP. In contrast to Yubikey slot selection (short and long button press), slots in Pico Fido are selected by pressing BOOTSEL button multiple times (1 press selects 1st slot, 2 consecutive presses select 2nd slot, etc).
This release jumps from previous v3.0 to v5.4 to enable Yubico compatibility, as it depends on the specific version +5.4.
Full Changelog: v3.0...v5.4
Version 3.0
v3.0
This tag was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
d4ed55b
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This is a major release that includes support for additional interfaces, such as CCID.
New features
- Added support for OATH. It is based on YKOATH protocol specification via CCID interface.
- Added basic support for OTP (not useful yet).
- New HSM SDK.
- Added support for LED drivers based on WS2812, such as waveshare boards.
Enhancements
- Pico FIDO supports local build emulation. It creates an executable that implements CTAP 2.1 stack and allows remote testing.
- Upgraded to Pico SDK 1.5.
- Added interruption endpoint.
- Improved the compatibility with Windows host.
- Increased validity of certificate to 50 years.
- Added support for newer waveshare boards.
Fixes
- Fix AID selection.
- Fix ATR response.
- Fix returned version.
- Fix uninitialized variable.
- Fix increasing counter on make credential.
- Fix crash when missing PubKey type.
- Fix encoding map on credmgmt listing credentials for specific RP.
- Fix cbor processing when unknown command is used.
- Fix sending keepalive on cbor processing.
- Fix potential crash on delete file.
- Fix race condition.
Version 2.10
5e0b0bf
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This release includes the following enhancements and new features:
New Features
- Enterprise attestation
credBlobsextensionlargeBlobKeyextensionlargeBlobssupport (2048 bytes máx.)
Enhancements
- Added support for Entreprise Attestation. Once enabled, it allows to generate a CSR in the device, which is sent to our PKI. If valid, it returns a signed certificate by an intermediate CA that will be used for attestation.
- Upgraded
pico-fido-tool.pyto support Enterprise Attestation by uploading a CSR or a signed certificate. - Added support for
credBlob. - Added
MAX_MSG_SIZEparameter ingetInfo. - Added key derivation for
largeBlob. - Added support for
largeBlobKey. - Added
minPinLengthextension test. - Added
credBlobtest. - Added
largeBlobsupport. - Added
lbwpermission.
and fixes:
Fixes
credProtectis not returned ingetAssertion.- Fixed buffer overflow deriving the credential key.
- Fixed double
free. - Fix
GETpermission ingetAssertion. - Fixed
numberOfCredentialsreturn. - Fix
token rp linkclear. - Fix
credMgmttests.
Version 2.8
v2.8
This tag was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
71c0e86
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This release includes the following enhancements:
Enhancements
- Added Enterprise Attestation support.
- Added vendor subcommand to upload and embed an enterprise certificate.
- Added --filename flag to pico-fido tool.
and the following bug fixes:
Bug fixes
- Fixed UV token request.
- Fixed RP attachment to token.
- Fixed RP enumeration.
- Fixed CM permission in credMgmt preview.
- Fixed memory free.
Version 2.6
v2.6
This tag was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
e5834ff
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This release includes the following enhancements:
Added
- Added minPinLength extension.
- Added support for setMinPinLength.
- Added support for authenticatorConfig verification.
- Added support for permissions.
And the following bug fixes:
Bug fixes
- Fix counting PIN retries.
Version 2.4
54c0769
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This version aims at improving the security of the device.
New
- Added a new feature called Secure Lock, which aims at encrypting the whole device to avoid flash dumpings in case the device is left unattended. Once enabled, the device must be unlocked when plugged.
- Backup with 24 words. Make a backup with 24 words and restore it in another device. With these just 24 words and the backup file you will be able to restore your device in case of damage and recover all your keys and credentials.
- All these features are implemented following the standard, via Vendor and Config Vendor commands.
See python3 pico-fido-tool.py --help for more information.
Version 2.2
v2.2
This tag was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
7f97ea4
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This version includes the following major enhancements:
- Credential management: capability to manage discoverable credentials by listing, updating and deleting.
- Authenticator selection: some applications may require to select a specific authenticator if multiple are attached or at convenience.
- Get assertion also returns userName and userDisplayName.
Developer enhancements:
- Added a test suite which works with python-fido2 package version 1.0, which includes the latest enhancement of CTAP 2.1.
Bug fixes:
- Potential crash on meta edition (albeit pico fido does not use meta data).
- Counting mismatches.
- Consecutive assertion enumerations.
- Changing PIN if not set.
- User data is returned if there are more than 1 discoverable credential for that RP.
- Tons of bug fixes of ProtocolV2 with hmac-secret extension.
- Changing PIN with ProtocolV2.
- Verification of a key if it is U2F.
- Potential overflow on change PIN with ProtocolV2.
- Return numberOfCredentials.
- Public key size in credential id.
- Increasing signature counter.
- Credential creation if
upis absent. - PIN ProtocolV2.
- Severe crash generating internal device certificate.
Version 2.0
v2.0
This tag was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
8338762
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This is a major release that adds support for CTAP 2.1 and WebAuthn.
It maintains compatibility with U2F (CTAP 1).
Version 1.2
7ae80ab
This commit was signed with the committer’s verified signature.
polhenarejos
Pol Henarejos
This version adds the following enhancements:
- Added user presence enforcement for registration and authentication. It requires the user to press the button to confirm.
- Added user presence enforcement flag and global counter on authentication.
- Verify key handle.
- Added SYNC, LOCK, PING commands to HID interface.
Also, many bug fixes.
Full Changelog: v1.0...v1.2