Update to ctap-types v0.6.0-rc.1 and extend get_info response

CHANGELOG.md

@@ -6,7 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
--
+- Update to `ctap-types` v0.6.0-rc.1.
+- Set `algorithms`, `firmware_version` and `remaining_discoverable_credentials` in `get_info` and add `firmware_version` to `Config`.
 
 ## [v0.3.0](https://github.com/trussed-dev/fido-authenticator/releases/tag/v0.3.0) (2026-03-25)
 

Cargo.toml

@@ -12,7 +12,7 @@ description = "FIDO authenticator Trussed app"
 apdu-app = { version = "0.2", optional = true }
 cbor-smol = "0.5"
 cosey = "0.4"
-ctap-types = { version = "0.5", features = ["get-info-full", "large-blobs", "third-party-payment"] }
+ctap-types = { version = "=0.6.0-rc.1", features = ["get-info-full", "large-blobs", "third-party-payment"] }
 ctaphid-app = { version = "0.2", optional = true }
 delog = "0.1"
 heapless = "0.9"

fuzz/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2021"
 cargo-fuzz = true
 
 [dependencies]
-ctap-types = { version = "0.5", features = ["arbitrary"] }
+ctap-types = { version = "=0.6.0-rc.1", features = ["arbitrary"] }
 libfuzzer-sys = "0.4"
 trussed = { version = "0.1", features = ["certificate-client", "crypto-client", "filesystem-client", "management-client", "aes256-cbc", "ed255", "p256", "sha256"] }
 trussed-staging = { version = "0.4.0", features = ["chunked", "hkdf", "virt", "fs-info"] }

fuzz/fuzz_targets/ctap.rs

@@ -18,6 +18,7 @@ fuzz_target!(|requests: Vec<Request<'_>>| {
                 max_resident_credential_count: None,
                 large_blobs: None,
                 nfc_transport: false,
+                firmware_version: Some(0),
             },
         );
 

src/ctap2.rs

@@ -10,7 +10,10 @@ use ctap_types::{
     heapless::{String, Vec},
     heapless_bytes::Bytes,
     sizes,
-    webauthn::PublicKeyCredentialUserEntity,
+    webauthn::{
+        FilteredPublicKeyCredentialParameters, KnownPublicKeyCredentialParameters,
+        PublicKeyCredentialUserEntity, ED_DSA, ES256,
+    },
     ByteArray, Error,
 };
 use littlefs2_core::{path, Path, PathBuf};
@@ -93,6 +96,17 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
 
         let (_, aaguid) = self.state.identity.attestation(&mut self.trussed);
 
+        let mut algorithms = Vec::new();
+        algorithms
+            .push(KnownPublicKeyCredentialParameters { alg: ES256 })
+            .unwrap();
+        algorithms
+            .push(KnownPublicKeyCredentialParameters { alg: ED_DSA })
+            .unwrap();
+        let algorithms = FilteredPublicKeyCredentialParameters(algorithms);
+
+        let remaining_discoverable_credentials = self.estimate_remaining();
+
         let mut response = ctap2::get_info::Response::default();
         response.versions = versions;
         response.extensions = Some(extensions);
@@ -104,6 +118,10 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
         response.pin_protocols = Some(pin_protocols);
         response.max_creds_in_list = Some(ctap_types::sizes::MAX_CREDENTIAL_COUNT_IN_LIST);
         response.max_cred_id_length = Some(ctap_types::sizes::MAX_CREDENTIAL_ID_LENGTH);
+        response.algorithms = Some(algorithms);
+        response.firmware_version = self.config.firmware_version;
+        response.remaining_discoverable_credentials =
+            remaining_discoverable_credentials.map(|count| count as usize);
         response.attestation_formats = Some(attestation_formats);
         response
     }
@@ -196,7 +214,9 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
         let mut algorithm: Option<SigningAlgorithm> = None;
         for param in parameters.pub_key_cred_params.0.iter() {
             match param.alg {
-                -7 => {
+                -7 =>
+                {
+                    #[allow(clippy::collapsible_match)]
                     if algorithm.is_none() {
                         algorithm = Some(SigningAlgorithm::P256);
                     }
@@ -409,7 +429,7 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
 
             extensions: {
                 if hmac_secret_requested.is_some() || cred_protect_requested.is_some() {
-                    let mut extensions = ctap2::make_credential::Extensions::default();
+                    let mut extensions = ctap2::make_credential::ExtensionsOutput::default();
                     extensions.cred_protect = parameters.extensions.as_ref().unwrap().cred_protect;
                     extensions.hmac_secret = parameters.extensions.as_ref().unwrap().hmac_secret;
                     Some(extensions)

src/lib.rs

@@ -126,6 +126,10 @@ pub struct Config {
     pub large_blobs: Option<ctap2::large_blobs::Config>,
     /// Whether the authenticator supports the NFC transport.
     pub nfc_transport: bool,
+    /// Firmware version reported by `authenticatorGetInfo` (CTAP 2.1 §6.4 0x0E).
+    ///
+    /// The runner is expected to plumb its own version constant in here.
+    pub firmware_version: Option<usize>,
 }
 
 impl Config {

tests/virt/mod.rs

@@ -74,6 +74,7 @@ where
                     max_resident_credential_count: options.max_resident_credential_count,
                     large_blobs: None,
                     nfc_transport: false,
+                    firmware_version: Some(0),
                 },
             );