Skip to content

v0.8.0
Compare
Choose a tag to compare
@synaptic-cleft synaptic-cleft released this 27 Jul 14:40
· 1006 commits to master since this release
v0.8.0
0c153a9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release contains several large new features. In particular, the shoulder surf prevention feature brings a number of breaking changes in the API, mainly within the irmaserver package.

Added

  • Support for chained IRMA sessions
  • A Go rewrite of the keyshare server (see the new irma keyshare commands), succeeding the now deprecated irma_keyshare_server
  • Added a function SessionStatus in the irmaserver package returning a channel with status updates of an IRMA session
  • Added --api-prefix parameter to the IRMA server for prefixing its API endpoints with a string
  • Added --max-session-lifetime parameter to the IRMA server for setting the session expiry (default 5 minutes)
  • Shoulder surfing prevention: support for device pairing to prevent shoulder surfing (i.e. make it impossible for someone in close physical proximity to a user to scan the QR code that was meant for the user)
    • Introduced new endpoints used by the frontend to manage device pairing
    • The API of the irmaserver package has two new functions SetFrontendOptions and PairingCompleted
    • A new server status "PAIRING" is introduced

Changes

  • During scheme parsing, folders found in the scheme folder not present in the assets (when configured) are removed
  • Shoulder surfing prevention:
    • The server.SessionPackage struct now contains a new struct FrontendRequest of type *irma.FrontendSessionRequest, containing the following:
      • A boolean PairingRecommended (named pairingHint when being marshalled to JSON) that is set to true when pairing is recommended for that session, as indication to the frontend
      • An Authorization token used by the frontend to set pairing options
      • Fields called MinProtocolVersion and MaxProtocolVersion indicating the frontend protocol version range supported by the IRMA server.
    • The return values of the StartSession function from the API of the irmaserver package have changed as follows:
      • The type of the second return parameter, the requestor token, has changed from string to irma.RequestorToken
      • A new return parameter (type *irma.FrontendSessionRequest) has been added containing the frontend pairing settings (corresponding to the FrontendRequest field in the server.SessionPackage mentioned above)
    • The token parameter, as used by most functions in the API of the irmaserver package, now has the type irma.RequestorToken
    • The server.Status type has been moved to irma.ServerStatus; the related constants are also moved, e.g. from server.StatusInitialized to irma.ServerStatusInitialized

Fixed

  • Bug causing IRMA server startup to fail when revocation is enabled
  • Bug causing sessions to fail when revocation is enabled and the issuer has multiple revocation-enabled keys
  • Incorrectly cased SQL column name used in revocation data lookup
  • Bug causing issuance time in revocation records being floored to credential validity epoch boundaries
  • Fixed bug when loading private key of issuer if another issuer with a similar name exists
Assets 7
Loading