More extensions #93
Merged
More extensions #93
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AlfioEmanueleFresta
merged commit 5eaaec9
into
linux-credentials:master
3 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Credential protection policy:
a) Stop exposing
ctap_typesin our API and use our own implementation for the webauthn-layer (the CTAP layer still usesctap_types)b) Also support
enforce_policy, which we can only do from the inside, as we needCtap2GetInfoResponsefor that. Error out, if it can't be enforced.Support
credPropsextension.a) Pretty straight forward, except that CTAP 2.0 devices are allowed to create discoverable credentials even if they are not requested. CTAP 2.1 devices are not allowed to do that anymore. So we need
Ctap2GetInfoResponseonce again to decideSwitch from LargeBlobKeys extension to LargeBlob extension.
a) LargeBlob extension has "Preferred"-mode as well, so we need
Ctap2GetInfoResponseagain for deciding, if we can request it or not.b) LargeBlobKey-requests can easily be mapped into LargeBlob requests, by simply using LargeBlob
support = "required", so I'm not supporting both in the API.c)
GetAssertionLargeBlobExtension::Write()is not yet supported, as we need the corresponding CTAP commands to store large blobs for that, which we don't have yet.