Merge branch 'develop' into dennisdyallo/tests

Author: DennisDyallo

.github/ISSUE_TEMPLATE/2-bug-report.yml

@@ -2,6 +2,7 @@ name: 🐞 Bug
 description: File a bug/issue.
 title: "[BUG] <title>"
 labels: ["bug"]
+type: Bug
 projects: []
 assignees: []
 body:

.github/ISSUE_TEMPLATE/3-feature-request.yml

@@ -2,6 +2,7 @@ name: 💡 Feature Request
 description: Suggest an idea for this project.
 title: "[Feature]: <title>"
 labels: ["enhancement"]
+type: Feature
 projects: []
 body:
   - type: markdown

Yubico.YubiKey/src/Yubico/YubiKey/Fido2/MakeCredentialData.cs

@@ -16,7 +16,6 @@
 using System.Collections.Generic;
 using System.Formats.Cbor;
 using System.Globalization;
-using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using Yubico.YubiKey.Cryptography;
 using Yubico.YubiKey.Fido2.Cbor;
@@ -167,6 +166,12 @@ public class MakeCredentialData
         /// </summary>
         public ReadOnlyMemory<byte>? LargeBlobKey { get; private set; }
 
+
+        /// <summary>
+        /// This returns the raw CBOR encoded credential data from the YubiKey, as returned by the MakeCredential operation.
+        /// </summary>
+        public ReadOnlyMemory<byte> RawData { get; }
+
         // The default constructor explicitly defined. We don't want it to be
         // used.
         private MakeCredentialData()
@@ -193,10 +198,11 @@ private MakeCredentialData()
         /// </exception>
         public MakeCredentialData(ReadOnlyMemory<byte> cborEncoding)
         {
+            RawData = cborEncoding;
+            var map = new CborMap<int>(RawData);
+            
             try
             {
-                var map = new CborMap<int>(cborEncoding);
-
                 Format = map.ReadTextString(KeyFormat);
                 AuthenticatorData = new AuthenticatorData(map.ReadByteString(KeyAuthData));
                 if (!(AuthenticatorData.CredentialPublicKey is CoseEcPublicKey)

Yubico.YubiKey/tests/unit/Yubico/YubiKey/Fido2/CredentialDataTests.cs

@@ -18,6 +18,15 @@ namespace Yubico.YubiKey.Fido2
 {
     public class CredentialDataTests
     {
+        [Fact]
+        public void RawCredentialData_Is_Set()
+        {
+            byte[] encoding = GetSampleEncoding();
+            var cData = new MakeCredentialData(encoding);
+            Assert.Equal(encoding, cData.RawData);
+        }
+        
+        
         [Fact]
         public void Decode_Format_Correct()
         {

build/Versions.props

@@ -43,7 +43,7 @@ for external milestones.
 
     This project can, and should, use pre-release suffixes for development milestones.
     -->
-    <YubicoCoreVersion>1.13.0</YubicoCoreVersion>
+    <YubicoCoreVersion>1.13.1</YubicoCoreVersion>
 
     <!--
     Yubico.Authenticator project
@@ -57,6 +57,6 @@ for external milestones.
 
     This project can, and should, use pre-release suffixes for development milestones.
     -->
-    <YubicoYubiKeyVersion>1.13.0</YubicoYubiKeyVersion>
+    <YubicoYubiKeyVersion>1.13.1</YubicoYubiKeyVersion>
   </PropertyGroup>
 </Project>

docs/users-manual/application-piv/pin-puk-mgmt-key.md

@@ -53,17 +53,16 @@ data is 192 bits long, but because of the "parity bits", only 168 bits supply th
 strength. In addition, because of certain attacks on Triple-DES, the actual effective bit
 strength of a key is 112.
 
-The YubiKey is manufactured with the standard default PIN, PUK, and managment key values:
+The YubiKey is manufactured with the following default PIN, PUK, and management key values:
 
 * PIN: "123456"
 * PUK: "12345678"
-* Management Key: (Firmware Version 5.6 and below: Triple-DES / 5.7 and above: AES-192),
-  0x010203040506070801020304050607080102030405060708\
-  0102030405060708 three times
+* Management Key: "010203040506070801020304050607080102030405060708"
 
-Note that the PIV standard specifies these default/initial values. For firmware 5.4 YubiKeys that allow AES, the default
-management key is Triple-DES. For firmware 5.7 and above
-YubiKeys, the default management key is AES-192.
+Note that the PIV standard specifies these default values. And while the management key value is 
+consistent across YubiKeys, the management key *algorithm* depends on a key's firmware version.
+For firmware 5.6 and earlier, the default management key algorithm is Triple-DES; for firmware 
+5.7 and later, the default algorithm is AES-192.
 
 Upon receipt of the YubiKey, it is a good idea to change the PIN, PUK, and management key from the default values. See
 [PivSession.TryChangePin](xref:Yubico.YubiKey.Piv.PivSession.TryChangePin%2a), [PivSession.TryChangePuk](xref:Yubico.YubiKey.Piv.PivSession.TryChangePuk),

docs/users-manual/application-piv/slots.md

@@ -64,21 +64,16 @@ keys.
 
 ## Attestation Key
 
-The attestation key (in slot `F9`) will be used to create an attestation statement (which
-is an X.509 certificate) that attests a key in slot `9A`, `9C`, `9D`, or `9E` was
-generated on the YubiKey.
-
-Upon manufacture, a private key and cert pair is loaded into slot `F9`. This key is
-generated by Yubico, the cert is signed by a Yubico CA and chains to a Yubico root. The
-same key and cert are loaded onto many different YubiKeys. See the article on
-[PIV attestation](attestation.md) for more information on this topic.
-
-Note that if a private key was imported into one of those slots, it will not be possible
-to create an attestation statement for that slot.
-
-It is possible to have the YubiKey generate a key pair for one of the retired slots
-(`82` - `95`). However, the attestation key will not generate an attestation statement for
-a key in one of those slots, even if it was generated by the YubiKey.
+The attestation key (in slot `F9`) is used to create an attestation statement (an X.509 
+certificate), which attests that a key in slot `9A`, `9C`, `9D`, `9E`, or one of the 
+retired slots (`82` - `95`) was *generated* on the YubiKey. If a private key was *imported* 
+into one of those slots, it will not be possible to create an attestation statement for 
+that slot. 
+
+Upon manufacture, the attestation key (a private key and certificate pair) is loaded into slot
+ `F9`. This key is generated by Yubico, and the cert is signed by a Yubico CA and chains 
+to a Yubico root. The same key and cert are loaded onto many different YubiKeys. See the 
+article on [PIV attestation](attestation.md) for more information on this topic.
 
 ## Generate and import asymmetric keys
 

docs/users-manual/getting-started/whats-new.md

@@ -18,36 +18,55 @@ Here you can find all of the updates and release notes for published versions of
 
 ## 1.13.x Releases
 
+### 1.13.1
+
+Release date: April 28th, 2025
+
+This release mainly adresses an issue that was affecting FIDO2 on YubiKey 5.7.4 and greater as well as adds support for compressed certificates within the PIV application. It also contains miscellaneous and documentation updates. 
+
+Features: 
+- Support for compressed certificates in the PIV application [#219](https://github.com/Yubico/Yubico.NET.SDK/pull/219)
+- Ability to create a FirmwareVersion object through parsing a version string (e.g. 1.0.0) [#220](https://github.com/Yubico/Yubico.NET.SDK/pull/220)
+
+Bug Fixes: 
+- PinUvAuthParam was erroneously truncated which caused failures on multiple FIDO2 commands for YubiKey v 5.7.4 [#222](https://github.com/Yubico/Yubico.NET.SDK/pull/222)
+
+Documentation:
+- Updates to challenge-response documentation to improve clarity [#221](https://github.com/Yubico/Yubico.NET.SDK/pull/221)
+
+Miscellaneous:
+- Integration tests will now run on Bio USB C keys as well [a4c4df](https://github.com/Yubico/Yubico.NET.SDK/commit/a4c4df10047bedf507e4ce36b80ed5001b996b9a). 
+
 ### 1.13.0
 
 Release date: April 9th, 2025
 
 Features:
 
-- Curve25519 support has been added for PIV [#210](https://github.com/Yubico/Yubico.NET.SDK/pull/210):
+- Curve25519 support has been added for PIV [(#210)](https://github.com/Yubico/Yubico.NET.SDK/pull/210):
 
    - Keys can now be imported or generated using the Ed25519 and X25519 algorithms. 
    - The key agreement operation can be performed with an X25519 key.
    - Digital signatures can now be created with a Ed25519 key.
    - New related unit tests have been added.
 
-- Unit tests have been added for RSA-3072 and RSA-4096 keys [#197](https://github.com/Yubico/Yubico.NET.SDK/pull/197).
+- Unit tests have been added for RSA-3072 and RSA-4096 keys. [(#197)](https://github.com/Yubico/Yubico.NET.SDK/pull/197)
 
-- Support for large APDUs has been improved [#208](https://github.com/Yubico/Yubico.NET.SDK/pull/208):
+- Support for large APDUs has been improved [(#208)](https://github.com/Yubico/Yubico.NET.SDK/pull/208):
 
-   - When sending large APDU commands to a YubiKey via the smartcard connection, the CommandChainingTransform will now throw an exception when the cumulative APDU data (sent in chunks of up to 255 bytes) exceeds the max APDU size for the given YubiKey (varies based on firmware version; see SmartCardMaxApduSizes).
+   - When sending large APDU commands to a YubiKey via the smartcard connection, the CommandChainingTransform will now throw an exception when the cumulative APDU data (sent in chunks of up to 255 bytes) exceeds the max APDU size for the given YubiKey (varies based on firmware version; see [SmartCardMaxApduSizes](xref:Yubico.YubiKey.SmartCardMaxApduSizes)).
 
-- Support for Ed25519 and P384 credentials has been added for FIDO [#186](https://github.com/Yubico/Yubico.NET.SDK/pull/186).
+- Support for Ed25519 and P384 credentials has been added for FIDO. [(#186)](https://github.com/Yubico/Yubico.NET.SDK/pull/186)
 
-- Ubuntu runners have been upgraded from version 20.04 to 22.04 to support the compilation of Yubico.NativeShims [#188](https://github.com/Yubico/Yubico.NET.SDK/pull/188).
+- Ubuntu runners have been upgraded from version 20.04 to 22.04 to support the compilation of Yubico.NativeShims. [(#188)](https://github.com/Yubico/Yubico.NET.SDK/pull/188)
 
 Bug Fixes:
 
-- The default logger now only writes output for the "Error" log level unless another level is specified [#185](https://github.com/Yubico/Yubico.NET.SDK/pull/185). Previously, the logger wrote output for all log levels, which could become overly long and difficult to evaluate.
+- The default logger now only writes output for the "Error" log level unless another level is specified. Previously, the logger wrote output for all log levels, which could become overly long and difficult to evaluate. [(#185)](https://github.com/Yubico/Yubico.NET.SDK/pull/185)
 
 Miscellaneous: 
 
-- The [License](https://github.com/Yubico/Yubico.NET.SDK/blob/develop/LICENSE.txt) was updated to remove the information for the AesCmac.cs file from the Bouncy Castle library [#196](https://github.com/Yubico/Yubico.NET.SDK/pull/196).
+- The [License](https://github.com/Yubico/Yubico.NET.SDK/blob/develop/LICENSE.txt) was updated to remove the information for the AesCmac.cs file from the Bouncy Castle library. [(#196)](https://github.com/Yubico/Yubico.NET.SDK/pull/196)
 
 ## 1.12.x Releases