Release Notes

What's New in Crescendo SDK 2.1

This version provides the following improvements with respect to the previous version:

New Features

  • Introduced a new token-centric public API for USB-HID and PC/SC device discovery, monitoring, and device pairing on Windows and macOS:

    • Added the following API components: Token (object representation of a device), TokenDiscovery (one-time device discovery), TokenManager (related to monitoring), TokenChange, and DeviceMonitoringStatus.

    • Added a new SDK construction path based on token objects: SDKCore(Token).

    • Marked the following legacy reader-centric discovery/monitoring API functions and members as obsolete, with removal planned after a one-major-release migration period:

      • SDKCore.StartMonitoring()

      • SDKCore.EndMonitoring()

      • SDKCore.OnReadersChanged

      • SDKCore.GetAllAvailableTokens()

      • SDKCore.GetAllReaderInfo()

      • SDKCore(string token)

      • CrescendoDLL.PCSC.ReaderInfo

      • CrescendoDLL.PCSC.ChangeType

      • CrescendoDLL.PCSC.ReaderChangeInfo

    • Updated all Examples to use the new token-centric API and removed references to the legacy reader-centric API.

    • Added the token-monitor CLI Tool command for real-time token and reader monitoring, including token insertion and removal events and the ATR of inserted tokens.

  • Added support for the FIDO largeBlob extension, including the FIDOLargeBlobWrite and FIDOLargeBlobRead SDK commands and related code examples.

    • The FIDOLargeBlobWrite command allows the fragment size to be specified manually. This can be useful with some FIDO authenticators that accept a smaller fragment size for authenticatorLargeBlobWrite operations than the value reported in their authenticatorGetInfo response.

  • Implemented documentation improvements and minor fixes.

Bug Fixes

  • FIDO: Fixed an issue where AuthenticatorReset() used an incorrect P1 value in the APDU command, causing the operation to fail on generic FIDO tokens. The command now uses the correct P1 = 0x00 value, improving compatibility with FIDO tokens.

  • FIDO: Fixed an issue where the AuthenticatorData class in FIDODataStructures did not correctly parse COSE public OKP keys because it incorrectly expected the y coordinate to be present. The parser now correctly handles OKP keys that contain only the x coordinate.

  • FIDO: Fixed APDU chaining for FIDO commands so that the Le parameter is included only when required, in accordance with the ISO/IEC 7816-4 specification.

  • FIDO: Fixed an issue in FIDODataStructures.CredentialManagementResponse where the LargeBlobKey field was incorrectly parsed as CredentialID, causing the parsing to fail.

  • FIDO: Fixed issues affecting U2F command processing over the USB-HID interface.

    • Fixed an issue that prevented U2F commands from working over the USB-HID interface due to a missing user verification loop. The SDK now correctly retries requests until user presence is verified by pressing the authenticator button.

    • Fixed an issue with U2F messaging over the USB-HID interface by using extended APDU framing. Previously, U2F messages were sent using short APDUs, causing the operations to fail.

  • CLI: Removed the option to specify a PIN as a parameter for the xauth command. This option was not applicable because the PIN is not used in the XAUTH challenge-response operation.

  • CLI: Removed the logout command. Since each CLI command automatically invokes SDKCore.Logout() when necessary, users are already logged out when a command completes, making a dedicated logout command unnecessary.

  • Fixed an issue where the default PACS ATR (3B8580018073C821100E) was used to identify Crescendo 3000 CL FIDO devices, even though the same ATR may be reported by other devices. The SDK now selects the proprietary Crescendo FIDO Attestation applet to uniquely identify the device.