Merge PR #214

.pre-commit-config.yaml

@@ -8,12 +8,12 @@ repos:
     hooks:
     -   id: black
 -   repo: https://github.com/PyCQA/bandit
-    rev: 1.7.7
+    rev: 1.7.8
     hooks:
     -   id: bandit
         exclude: ^tests/
 -   repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.8.0
+    rev: v1.9.0
     hooks:
     -   id: mypy
         files: ^fido2/

NEWS

@@ -1,3 +1,12 @@
+* Version 1.1.3 (unreleased)
+ ** Fix USB HID issue on MacOS that sometimes caused a pause while waiting for a
+    timeout.
+ ** Fix argument to CredProp extension where an enum value was required instead of
+    also allowing a string.
+ ** Fix parsing of some key types (ES384, ES512) causing signature verification to fail.
+ ** Deprecation: Calling websafe_decode with a bytes argument instead of str.
+    This will raise a TypeError in the next major version of the library.
+
 * Version 1.1.2 (released 2023-07-06)
  ** Fix ClientPin usage for Authenticators that do not support passing a PIN.
  ** Fix: Handle correct CTAP response codes in authenticatorSelection.

examples/server/poetry.lock

@@ -164,7 +164,7 @@ files = []
 develop = false
 
 [package.dependencies]
-cryptography = ">=2.6, !=35, <44"
+cryptography = ">=2.6, !=35, <45"
 
 [package.extras]
 pcsc = ["pyscard (>=1.9,<3)"]
@@ -198,22 +198,22 @@ dotenv = ["python-dotenv"]
 
 [[package]]
 name = "importlib-metadata"
-version = "7.0.1"
+version = "7.0.2"
 description = "Read metadata from Python packages"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "importlib_metadata-7.0.1-py3-none-any.whl", hash = "sha256:4805911c3a4ec7c3966410053e9ec6a1fecd629117df5adee56dfc9432a1081e"},
-    {file = "importlib_metadata-7.0.1.tar.gz", hash = "sha256:f238736bb06590ae52ac1fab06a3a9ef1d8dce2b7a35b5ab329371d6c8f5d2cc"},
+    {file = "importlib_metadata-7.0.2-py3-none-any.whl", hash = "sha256:f4bc4c0c070c490abf4ce96d715f68e95923320370efb66143df00199bb6c100"},
+    {file = "importlib_metadata-7.0.2.tar.gz", hash = "sha256:198f568f3230878cb1b44fbd7975f87906c22336dba2e4a7f05278c281fbd792"},
 ]
 
 [package.dependencies]
 zipp = ">=0.5"
 
 [package.extras]
-docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (<7.2.5)", "sphinx (>=3.5)", "sphinx-lint"]
+docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"]
 perf = ["ipython"]
-testing = ["flufl.flake8", "importlib-resources (>=1.3)", "packaging", "pyfakefs", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-mypy (>=0.9.1)", "pytest-perf (>=0.9.2)", "pytest-ruff"]
+testing = ["flufl.flake8", "importlib-resources (>=1.3)", "packaging", "pyfakefs", "pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-mypy", "pytest-perf (>=0.9.2)", "pytest-ruff (>=0.2.1)"]
 
 [[package]]
 name = "itsdangerous"

fido2/ctap2/base.py

@@ -353,6 +353,7 @@ class Ctap2:
         :param options: Optional dict of options.
         :param pin_uv_param: Optional PIN/UV auth parameter.
         :param pin_uv_protocol: The version of PIN/UV protocol used, if any.
+        :param enterprise_attestation: Whether or not to request Enterprise Attestation.
         :param event: Optional threading.Event used to cancel the request.
         :param on_keepalive: Optional callback function to handle keep-alive
             messages from the authenticator.

fido2/hid/macos.py

@@ -317,13 +317,16 @@ class MacCtapHidConnection(CtapHidConnection):
             raise OSError(f"Failed to write report to device: {result}")
 
     def read_packet(self):
-        read_thread = threading.Thread(target=_dev_read_thread, args=(self,))
-        read_thread.start()
-        read_thread.join()
         try:
             return self.read_queue.get(False)
         except Empty:
-            raise OSError("Failed reading a response")
+            read_thread = threading.Thread(target=_dev_read_thread, args=(self,))
+            read_thread.start()
+            read_thread.join()
+            try:
+                return self.read_queue.get(False)
+            except Empty:
+                raise OSError("Failed reading a response")
 
 
 def get_int_property(dev, key):

fido2/webauthn.py

@@ -53,8 +53,8 @@ See the specification for a description and details on their usage.
 
 
 class Aaguid(bytes):
-    def __init__(self, data):
-        if len(data) != 16:
+    def __init__(self, data: bytes):
+        if len(self) != 16:
             raise ValueError("AAGUID must be 16 bytes")
 
     def __bool__(self):
@@ -84,7 +84,7 @@ class AttestedCredentialData(bytes):
     credential_id: bytes
     public_key: CoseKey
 
-    def __init__(self, _):
+    def __init__(self, _: bytes):
         super().__init__()
 
         parsed = AttestedCredentialData._parse(self)
@@ -196,7 +196,7 @@ class AuthenticatorData(bytes):
     credential_data: Optional[AttestedCredentialData]
     extensions: Optional[Mapping]
 
-    def __init__(self, _):
+    def __init__(self, _: bytes):
         super().__init__()
 
         reader = ByteBuffer(self)
@@ -288,7 +288,7 @@ class AttestationObject(bytes):  # , Mapping[str, Any]):
     auth_data: AuthenticatorData
     att_stmt: Mapping[str, Any]
 
-    def __init__(self, _):
+    def __init__(self, _: bytes):
         super().__init__()
 
         data = cast(Mapping[str, Any], cbor.decode(bytes(self)))
@@ -344,7 +344,7 @@ class CollectedClientData(bytes):
     origin: str
     cross_origin: bool = False
 
-    def __init__(self, *args):
+    def __init__(self, _: bytes):
         super().__init__()
 
         data = json.loads(self.decode())

pyproject.toml

@@ -32,7 +32,7 @@ include = [
 
 [tool.poetry.dependencies]
 python = "^3.8"
-cryptography = ">=2.6, !=35, <44"
+cryptography = ">=2.6, !=35, <45"
 pyscard = {version = "^1.9 || ^2", optional = true}
 
 [tool.poetry.extras]