diff --git a/core/src/apps/webauthn/fido2.py b/core/src/apps/webauthn/fido2.py index 5b1c6248f6..0948f18bd2 100644 --- a/core/src/apps/webauthn/fido2.py +++ b/core/src/apps/webauthn/fido2.py @@ -211,6 +211,7 @@ _KEY_AGREEMENT_PUBKEY = nist256p1.publickey(_KEY_AGREEMENT_PRIVKEY, False) # FIDO2 configuration. _ALLOW_FIDO2 = True _ALLOW_RESIDENT_CREDENTIALS = True +_ALLOW_WINK = False # The default attestation type to use in MakeCredential responses. If false, then basic attestation will be used by default. _DEFAULT_USE_SELF_ATTESTATION = True @@ -1043,7 +1044,7 @@ def dispatch_cmd(req: Cmd, dialog_mgr: DialogManager) -> Optional[Cmd]: if __debug__: log.debug(__name__, "_CMD_PING") return req - elif req.cmd == _CMD_WINK: + elif req.cmd == _CMD_WINK and _ALLOW_WINK: if __debug__: log.debug(__name__, "_CMD_WINK") return cmd_wink(req) @@ -1105,7 +1106,7 @@ def cmd_init(req: Cmd) -> Cmd: resp.versionMajor = 2 resp.versionMinor = 0 resp.versionBuild = 0 - resp.capFlags = _CAPFLAG_WINK | _CAPFLAG_CBOR + resp.capFlags = (_CAPFLAG_WINK * _ALLOW_WINK) | _CAPFLAG_CBOR return Cmd(req.cid, req.cmd, bytes(buf)) diff --git a/vendor/fido2-tests b/vendor/fido2-tests index f81bb68dab..6f24317273 160000 --- a/vendor/fido2-tests +++ b/vendor/fido2-tests @@ -1 +1 @@ -Subproject commit f81bb68dabf90d76ebe57e665363370bf56b77f9 +Subproject commit 6f243172737418d91ad094b104166530b5d37356