Merged
Conversation
…irs, add Zlib compression unit tests
- Fix GIDS length guard: data.Length > 4 → data.Length >= 6 to prevent
passing a buffer too small for the zlib header to DecompressZlib
- Move hardcoded exception string in GenerateKeyPair to ExceptionMessages.resx
(adds GenerateKeyPairFailed with {0} placeholder for the response value)
- Document Adler-32 trailer limitation in ZLibStream XML docs: checksum is
written during compression but not verified during decompression
- Add Compress_WritesCorrectAdler32Trailer unit test verifying that the last
4 bytes of compressed output equal the Adler-32 of the original data,
using the well-known "Wikipedia" → 0x11E60398 test vector
Co-authored-by: Dennis Dyallo <DennisDyallo@users.noreply.github.com>
Co-authored-by: Dennis Dyallo <DennisDyallo@users.noreply.github.com>
feat: Add support for Zlib compression/decompression
Bumps nginx from `1d13701` to `5bad1dd`. --- updated-dependencies: - dependency-name: nginx dependency-version: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Enable Fido2Session to accept ScpKeyParameters for encrypted communication over NFC. Add FIDO2 to the SCP03 feature gate, integration tests for both SCP03 and SCP11b with NFC transport, and skip conditions for devices that don't expose FIDO2 over SmartCard. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document that FIDO2 over SCP requires NFC since USB FIDO2 uses HID which is incompatible with SCP's SmartCard-layer protocol. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… tests Move keyParameters to last position in Fido2Session constructor to preserve backwards compatibility with existing (device, token) callers. Fix FIDO2 SCP tests: force NFC transport, remove Fw5Fips+NFC conflict with GetDevice assertion, check AvailableNfcCapabilities instead of AvailableUsbCapabilities. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
… updates Bumps the github-actions group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.15.0` | `2.16.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3.2.0` | `4.1.0` | | [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `5.1.0` | `5.2.0` | | [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.60` | `1.0.73` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.4` | `4.33.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.3` | `4.9.0` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.0.0` | | [danielpalme/ReportGenerator-GitHub-Action](https://github.com/danielpalme/reportgenerator-github-action) | `5.5.1` | `5.5.4` | | [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `2.9.4` | `3.0.2` | Updates `step-security/harden-runner` from 2.15.0 to 2.16.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@a90bcbc...fa2e9d6) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...bbbca2d) Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@c7c5346...ce36039) Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@37930b1...3e5f45b) Updates `actions/attest-build-provenance` from 3.2.0 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@96278af...a2bbfa2) Updates `actions/setup-dotnet` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](actions/setup-dotnet@baa11fb...c2fa09f) Updates `anthropics/claude-code-action` from 1.0.60 to 1.0.73 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](anthropics/claude-code-action@ade221f...1b422b3) Updates `github/codeql-action` from 4.32.4 to 4.33.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@89a39a4...b1bff81) Updates `actions/dependency-review-action` from 4.8.3 to 4.9.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@05fe457...2031cfc) Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@29824e6...f8d387b) Updates `danielpalme/ReportGenerator-GitHub-Action` from 5.5.1 to 5.5.4 - [Release notes](https://github.com/danielpalme/reportgenerator-github-action/releases) - [Commits](danielpalme/ReportGenerator-GitHub-Action@ee0ae77...cf6fe1b) Updates `marocchino/sticky-pull-request-comment` from 2.9.4 to 3.0.2 - [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases) - [Commits](marocchino/sticky-pull-request-comment@7737449...70d2764) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-dotnet dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: anthropics/claude-code-action dependency-version: 1.0.73 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: danielpalme/ReportGenerator-GitHub-Action dependency-version: 5.5.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: marocchino/sticky-pull-request-comment dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps Microsoft.Bcl.AsyncInterfaces from 10.0.3 to 10.0.5 Bumps Microsoft.Bcl.Cryptography from 10.0.3 to 10.0.5 Bumps Microsoft.CodeAnalysis.NetAnalyzers from 10.0.103 to 10.0.201 Bumps Microsoft.Extensions.Configuration.Json from 10.0.3 to 10.0.5 Bumps Microsoft.Extensions.Logging.Abstractions from 10.0.3 to 10.0.5 Bumps Microsoft.Extensions.Options.ConfigurationExtensions from 10.0.3 to 10.0.5 Bumps System.Configuration.ConfigurationManager from 10.0.3 to 10.0.5 Bumps System.Formats.Asn1 from 10.0.3 to 10.0.5 Bumps System.Formats.Cbor from 10.0.3 to 10.0.5 --- updated-dependencies: - dependency-name: Microsoft.Bcl.AsyncInterfaces dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Bcl.AsyncInterfaces dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Bcl.Cryptography dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: System.Formats.Asn1 dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.CodeAnalysis.NetAnalyzers dependency-version: 10.0.201 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.CodeAnalysis.NetAnalyzers dependency-version: 10.0.201 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Extensions.Configuration.Json dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: System.Configuration.ConfigurationManager dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: System.Formats.Asn1 dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: System.Formats.Cbor dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages ... Signed-off-by: dependabot[bot] <support@github.com>
--- updated-dependencies: - dependency-name: Serilog.Extensions.Logging dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Extensions.Logging dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
FIDO2+SCP now works over USB CCID on firmware 5.8+ in addition to NFC. Updates docs, integration tests (SCP03 MakeCredential, SCP11b), and adds sandbox probe plugin for USB CCID testing. Pre-5.8 keys gracefully skip with firmware version checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
feat: Add FIDO2 session support for SCP03 and SCP11 secure channels
Replace Serilog with the built-in AddSimpleConsole from Microsoft.Extensions.Logging.Console, which is already referenced in both projects. Removes 3 NuGet packages (Serilog, Serilog.Extensions.Logging, Serilog.Sinks.Console) from both IntegrationTests.csproj and TestApp.csproj. Co-authored-by: Dennis Dyallo <DennisDyallo@users.noreply.github.com>
…all_packages-79786f011f Bump the all_packages group with 9 updates
…egration/multi-bb9bb716c0
--- updated-dependencies: - dependency-name: Microsoft.SourceLink.GitHub dependency-version: 10.0.201 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.SourceLink.GitHub dependency-version: 10.0.201 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…actions-4141438109 chore(deps): bump the github-actions group across 1 directory with 12 updates
chore(deps): bump nginx from `1d13701` to `5bad1dd`
…multi-cbcc17bcd3 Bump Microsoft.SourceLink.GitHub from 8.0.0 to 10.0.201
…ests/integration/multi-bb9bb716c0 deps: Remove Serilog.Extensions.Logging
Bumps nginx from `5bad1dd` to `e7257f1`. --- updated-dependencies: - dependency-name: nginx dependency-version: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the github-actions group with 2 updates: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `anthropics/claude-code-action` from 1.0.73 to 1.0.78 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](anthropics/claude-code-action@1b422b3...0ee1bee) Updates `github/codeql-action` from 4.33.0 to 4.34.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b1bff81...3869755) --- updated-dependencies: - dependency-name: anthropics/claude-code-action dependency-version: 1.0.78 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps CommunityToolkit.Diagnostics from 8.4.0 to 8.4.1 Bumps Microsoft.Extensions.Logging.Console from 10.0.3 to 10.0.5 Bumps System.Configuration.ConfigurationManager from 10.0.3 to 10.0.5 --- updated-dependencies: - dependency-name: CommunityToolkit.Diagnostics dependency-version: 8.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: CommunityToolkit.Diagnostics dependency-version: 8.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: CommunityToolkit.Diagnostics dependency-version: 8.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: CommunityToolkit.Diagnostics dependency-version: 8.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Extensions.Logging.Console dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Extensions.Logging.Console dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: Microsoft.Extensions.Logging.Console dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages - dependency-name: System.Configuration.ConfigurationManager dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all_packages ... Signed-off-by: dependabot[bot] <support@github.com>
--- updated-dependencies: - dependency-name: Microsoft.SourceLink.GitHub dependency-version: 10.0.201 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…rc/Microsoft.SourceLink.GitHub-10.0.201 Bump Microsoft.SourceLink.GitHub from 8.0.0 to 10.0.201
…all_packages-b806b60655 Bump the all_packages group with 3 updates
…actions-5ee61f6feb chore(deps): bump the github-actions group with 2 updates
chore(deps): bump nginx from `5bad1dd` to `e7257f1`
- Changed PROJECT_VERSION from 1.14.0 to 1.0.0 in CMakeLists.txt - Set default value for $Version parameter in build-windows.ps1 to "1.0.0" - Updated CommonVersion in Versions.props to "0.0.0-dev" with clarification on usage
Brings PR #427 (static CRT linking, CMake fixes) and 1.15.2 release bookkeeping into develop. Resolved conflict in build-nativeshims.yml by keeping both the CRT verification step (from main) and the updated upload-artifact v7.0.0 (from develop). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added features for SCP03 and SCP11 support in FIDO2 application. - Introduced ZLib compression support via new ZlibStream class. - Fixed MSVC C runtime linking in Yubico.NativeShims. - Enhanced documentation with NFC requirements and SCP usage examples. - Removed Serilog dependency from integration tests and sandbox app. - Updated several dependencies across Yubico.Core and Yubico.YubiKey.
Contributor
Test Results: Windows 2 files 2 suites 16s ⏱️ Results for commit f7457b7. |
Contributor
Test Results: Ubuntu 2 files 2 suites 47s ⏱️ Results for commit f7457b7. |
Contributor
Test Results: MacOS 4 files 4 suites 28s ⏱️ Results for commit f7457b7. |
Contributor
Minimum allowed line rate is |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
1.16.0
Release date: March 31st, 2026
Features:
The FIDO2 application now supports SCP03 and SCP11 secure channels over USB CCID on YubiKeys with firmware version 5.8 and above. This enables encrypted communication with the FIDO2 application, matching the SCP support already available for PIV, OATH, OTP, and YubiHSM Auth. (#428)
ZLib compression and decompression support has been added via a new
ZlibStreamclass. ThePivSession.KeyPairsproperty now correctly handles compressed certificate formats. (#417)Bug Fixes:
cmake_minimum_requiredhas been bumped to 3.15 for proper CMP0091 policy support, and an explicitexit /b 0has been added to preventfindstrexit codes from leaking into the build process. (#427)Documentation:
NFC requirements and SCP usage examples have been added to the
Fido2Sessiondocumentation. (#428)Comments and logical grouping have been added to the NativeShims CMakeLists and readme. (#427)
Miscellaneous:
Dependencies: