Support credProps

Yubico · Aug 1, 2024 · 14ef3c8 · 14ef3c8
1 parent c64258f
commit 14ef3c8
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 0 deletions.
diff --git a/fido2/client.py b/fido2/client.py
@@ -629,6 +629,9 @@ def do_make_credential(
 
         # Process extenstion outputs
         extension_outputs = {}
+        # credProps is manually handled since it requires no Authenticator interaction
+        if client_inputs.get("credProps"):
+            extension_outputs["credProps"] = {"rk": rk}
         try:
             for ext in used_extensions:
                 output = ext.process_create_output(att_obj, pin_token, pin_protocol)

diff --git a/fido2/ctap2/extensions.py b/fido2/ctap2/extensions.py
@@ -262,3 +262,6 @@ def is_supported(self):  # NB: There is no key in the extensions field.
     def process_create_input(self, inputs):
         if self.is_supported() and inputs.get(self.NAME) is True:
             return True
+
+
+# NOTE: credProps is handled in fido2.client.Fido2Client
diff --git a/fido2/win_api.py b/fido2/win_api.py
@@ -1080,6 +1080,8 @@ def make_credential(
 
         extensions_out = att_obj.auth_data.extensions or {}
         extension_outputs = {}
+        if extensions.get("credProps"):
+            extension_outputs["credProps"] = {"rk": bool(obj.bResidentKey)}
         if "hmac-secret" in extensions_out:
             if enable_prf:
                 extension_outputs["prf"] = {"enabled": extensions_out["hmac-secret"]}