Merge PR #214

.pre-commit-config.yaml

@@ -8,12 +8,12 @@ repos:
     hooks:
     -   id: black
 -   repo: https://github.com/PyCQA/bandit
-    rev: 1.7.7
+    rev: 1.7.8
     hooks:
     -   id: bandit
         exclude: ^tests/
 -   repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.8.0
+    rev: v1.9.0
     hooks:
     -   id: mypy
         files: ^fido2/

NEWS

@@ -1,3 +1,12 @@
+* Version 1.1.3 (unreleased)
+ ** Fix USB HID issue on MacOS that sometimes caused a pause while waiting for a
+    timeout.
+ ** Fix argument to CredProp extension where an enum value was required instead of
+    also allowing a string.
+ ** Fix parsing of some key types (ES384, ES512) causing signature verification to fail.
+ ** Deprecation: Calling websafe_decode with a bytes argument instead of str.
+    This will raise a TypeError in the next major version of the library.
+
 * Version 1.1.2 (released 2023-07-06)
  ** Fix ClientPin usage for Authenticators that do not support passing a PIN.
  ** Fix: Handle correct CTAP response codes in authenticatorSelection.

fido2/ctap2/base.py

@@ -353,6 +353,7 @@ def make_credential(
         :param options: Optional dict of options.
         :param pin_uv_param: Optional PIN/UV auth parameter.
         :param pin_uv_protocol: The version of PIN/UV protocol used, if any.
+        :param enterprise_attestation: Whether or not to request Enterprise Attestation.
         :param event: Optional threading.Event used to cancel the request.
         :param on_keepalive: Optional callback function to handle keep-alive
             messages from the authenticator.

fido2/hid/macos.py

@@ -317,13 +317,16 @@ def write_packet(self, packet):
             raise OSError(f"Failed to write report to device: {result}")
 
     def read_packet(self):
-        read_thread = threading.Thread(target=_dev_read_thread, args=(self,))
-        read_thread.start()
-        read_thread.join()
         try:
             return self.read_queue.get(False)
         except Empty:
-            raise OSError("Failed reading a response")
+            read_thread = threading.Thread(target=_dev_read_thread, args=(self,))
+            read_thread.start()
+            read_thread.join()
+            try:
+                return self.read_queue.get(False)
+            except Empty:
+                raise OSError("Failed reading a response")
 
 
 def get_int_property(dev, key):

fido2/webauthn.py

@@ -53,8 +53,8 @@
 
 
 class Aaguid(bytes):
-    def __init__(self, data):
-        if len(data) != 16:
+    def __init__(self, data: bytes):
+        if len(self) != 16:
             raise ValueError("AAGUID must be 16 bytes")
 
     def __bool__(self):
@@ -84,7 +84,7 @@ class AttestedCredentialData(bytes):
     credential_id: bytes
     public_key: CoseKey
 
-    def __init__(self, _):
+    def __init__(self, _: bytes):
         super().__init__()
 
         parsed = AttestedCredentialData._parse(self)
@@ -196,7 +196,7 @@ class FLAG(IntFlag):
     credential_data: Optional[AttestedCredentialData]
     extensions: Optional[Mapping]
 
-    def __init__(self, _):
+    def __init__(self, _: bytes):
         super().__init__()
 
         reader = ByteBuffer(self)
@@ -288,7 +288,7 @@ class AttestationObject(bytes):  # , Mapping[str, Any]):
     auth_data: AuthenticatorData
     att_stmt: Mapping[str, Any]
 
-    def __init__(self, _):
+    def __init__(self, _: bytes):
         super().__init__()
 
         data = cast(Mapping[str, Any], cbor.decode(bytes(self)))
@@ -344,7 +344,7 @@ class TYPE(str, Enum):
     origin: str
     cross_origin: bool = False
 
-    def __init__(self, *args):
+    def __init__(self, _: bytes):
         super().__init__()
 
         data = json.loads(self.decode())

pyproject.toml

@@ -32,7 +32,7 @@ include = [
 
 [tool.poetry.dependencies]
 python = "^3.8"
-cryptography = ">=2.6, !=35, <44"
+cryptography = ">=2.6, !=35, <45"
 pyscard = {version = "^1.9 || ^2", optional = true}
 
 [tool.poetry.extras]