From ef081dd82f07b650fce49815168478822d160830ede2de6193d48c4186a2d537 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 14:57:53 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main libfido2 revision 9ebe48169e9c6f33552559f0ea35cd58 --- .gitattributes | 23 +++ libfido2-1.13.0.tar.gz | 3 + libfido2-1.13.0.tar.gz.sig | Bin 0 -> 119 bytes libfido2.changes | 366 +++++++++++++++++++++++++++++++++++++ libfido2.spec | 139 ++++++++++++++ 5 files changed, 531 insertions(+) create mode 100644 .gitattributes create mode 100644 libfido2-1.13.0.tar.gz create mode 100644 libfido2-1.13.0.tar.gz.sig create mode 100644 libfido2.changes create mode 100644 libfido2.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/libfido2-1.13.0.tar.gz b/libfido2-1.13.0.tar.gz new file mode 100644 index 0000000..614ff53 --- /dev/null +++ b/libfido2-1.13.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:51d43727e2a1c4544c7fd0ee47786f443e39f1388ada735a509ad4af0a2459ca +size 652777 diff --git a/libfido2-1.13.0.tar.gz.sig b/libfido2-1.13.0.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..748773b4820585e80d170ecb09556db5da71a6e469d52794daefc0eb41bdf952 GIT binary patch literal 119 zcmeAuWnmEGVvrS6WZ7K6{9klI#uDMD+%mRVo==WE*jCKSl>Ax$Cj%F!08Hf1VMd0= zy7YTCTh@M!n$JEdV@_UMZ0`#WUEkEDk+M5iA5T>K#mMk>BjPnaz>SL0su&#GX?+v literal 0 HcmV?d00001 diff --git a/libfido2.changes b/libfido2.changes new file mode 100644 index 0000000..5203646 --- /dev/null +++ b/libfido2.changes @@ -0,0 +1,366 @@ +------------------------------------------------------------------- +Fri Feb 24 10:08:21 UTC 2023 - Martin Sirringhaus + +- Version 1.13.0 (2023-02-20) + * Support for linking against OpenSSL on Windows; gh#668. + * New API calls: + + fido_assert_empty_allow_list; + + fido_cred_empty_exclude_list. + * fido2-token: fix issue when listing large blobs. + * Improved support for different fuzzing engines. + +------------------------------------------------------------------- +Wed Oct 5 20:40:55 UTC 2022 - Torsten Gruner + +- Version 1.12.0 (2022-09-22) + * Support for COSE_ES384. + * Support for hidraw(4) on FreeBSD; gh#597. + * Improved support for FIDO 2.1 authenticators. + * New API calls: + + es384_pk_free; + + es384_pk_from_EC_KEY; + + es384_pk_from_EVP_PKEY; + + es384_pk_from_ptr; + + es384_pk_new; + + es384_pk_to_EVP_PKEY; + + fido_cbor_info_certs_len; + + fido_cbor_info_certs_name_ptr; + + fido_cbor_info_certs_value_ptr; + + fido_cbor_info_maxrpid_minpinlen; + + fido_cbor_info_minpinlen; + + fido_cbor_info_new_pin_required; + + fido_cbor_info_rk_remaining; + + fido_cbor_info_uv_attempts; + + fido_cbor_info_uv_modality. + * Documentation and reliability fixes. +- Version 1.11.0 (2022-05-03) + * Experimental PCSC support; enable with -DUSE_PCSC. + * Improved OpenSSL 3.0 compatibility. + * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. + * winhello: advertise "uv" instead of "clientPin". + * winhello: support hmac-secret in fido_dev_get_assert(). + * New API calls: + + fido_cbor_info_maxlargeblob. + * Documentation and reliability fixes. + * Separate build and regress targets. + +------------------------------------------------------------------- +Mon Mar 28 16:53:52 UTC 2022 - Torsten Gruner + +- Version 1.10.0 (2022-01-17) + * hid_osx: handle devices with paths > 511 bytes; gh#462. + * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. + * winhello: fallback to GetTopWindow() if GetForegroundWindow() fails. + * winhello: fallback to hid_win.c if webauthn.dll isn’t available. + * New API calls: + - fido_dev_info_set; + - fido_dev_io_handle; + - fido_dev_new_with_info; + - fido_dev_open_with_info. + * Cygwin and NetBSD build fixes. + * Documentation and reliability fixes. + * Support for TPM 2.0 attestation of COSE_ES256 credentials. + +------------------------------------------------------------------- +Mon Jan 10 17:22:01 UTC 2022 - Guillaume GARDET + +- Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x + is now supported. + +------------------------------------------------------------------- +Mon Nov 1 14:39:51 UTC 2021 - Torsten Gruner + +- Version 1.9.0 (2021-10-27) + * Enabled NFC support on Linux. + * Added OpenSSL 3.0 compatibility. + * Removed OpenSSL 1.0 compatibility. + * Support for FIDO 2.1 "minPinLength" extension. + * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. + * Support for TPM 2.0 attestation. + * Support for device timeouts; see fido_dev_set_timeout(). + * New API calls: + - es256_pk_from_EVP_PKEY; + - fido_cred_attstmt_len; + - fido_cred_attstmt_ptr; + - fido_cred_pin_minlen; + - fido_cred_set_attstmt; + - fido_cred_set_pin_minlen; + - fido_dev_set_pin_minlen_rpid; + - fido_dev_set_timeout; + - rs256_pk_from_EVP_PKEY. + * Reliability and portability fixes. + * Better handling of HID devices without identification strings; gh#381. + * Fixed detection of Windows’s native webauthn API; gh#382. + +------------------------------------------------------------------- +Tue Sep 21 08:33:36 UTC 2021 - Paolo Perego + +- Removed fix-cmake-linking.patch because no longer needed + +------------------------------------------------------------------- +Tue Sep 14 13:49:56 UTC 2021 - Paolo Perego + +- Update to version 1.8.0: + * Dropped 'Requires.private' entry from pkg-config file. + * Better support for FIDO 2.1 authenticators. + * Support for Windows's native webauthn API. + * Support for attestation format 'none'. + * New API calls: + - fido_assert_set_clientdata; + - fido_cbor_info_algorithm_cose; + - fido_cbor_info_algorithm_count; + - fido_cbor_info_algorithm_type; + - fido_cbor_info_transports_len; + - fido_cbor_info_transports_ptr; + - fido_cred_set_clientdata; + - fido_cred_set_id; + - fido_credman_set_dev_rk; + - fido_dev_is_winhello. + * fido2-token: new -Sc option to update a resident credential. + * Documentation and reliability fixes. + * HID access serialisation on Linux. +- disable fix-cmake-linking.patch, not needed currently + +------------------------------------------------------------------- +Sat Apr 17 01:41:49 UTC 2021 - Ferdinand Thiessen + +- Update to version 1.7.0: + * hid_win: detect devices with vendor or product IDs > 0x7fff + * Support for FIDO 2.1 authenticator configuration. + * Support for FIDO 2.1 UV token permissions. + * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. + * New API calls + * New fido_init flag to disable fido_dev_open’s U2F fallback + * Experimental NFC support on Linux. +- Enabled hidapi again, issues related to hidapi are fixed upstream + * Added fix-cmake-linking.patch to fix linking + +------------------------------------------------------------------- +Wed Jan 20 09:46:41 UTC 2021 - Martin Pluskal + +- Update to version 1.6.0: + * Fix OpenSSL 1.0 and Cygwin builds. + * hid_linux: fix build on 32-bit systems. + * hid_osx: allow reads from spawned threads. + * Documentation and reliability fixes. + * New API calls: + + fido_cred_authdata_raw_len; + + fido_cred_authdata_raw_ptr; + + fido_cred_sigcount; + + fido_dev_get_uv_retry_count; + + fido_dev_supports_credman. + * Hardened Windows build. + * Native FreeBSD and NetBSD support. + * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. +- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch +- Do not build examples as their build fails + +------------------------------------------------------------------- +Tue Nov 17 17:59:21 UTC 2020 - Hans Petter Jansson + +- Add Conflicts: to supersede version 1.0.0. This is needed for + a clean upgrade path on SLE. + +------------------------------------------------------------------- +Wed Sep 9 13:33:47 UTC 2020 - Ismail Dönmez + +- Add 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch from upstream + to fix 32bit compilation issues. + +------------------------------------------------------------------- +Tue Sep 1 11:17:49 UTC 2020 - Ismail Dönmez + +- Update to version 1.5.0 + * hid_linux: return FIDO_OK if no devices are found. + * hid_osx: + + repair communication with U2F tokens, gh#166; + + reliability fixes. + * fido2-{assert,cred}: new options to explicitly toggle UP, UV. + * Support for configurable report lengths. + * New API calls: + + fido_cbor_info_maxcredcntlst + + fido_cbor_info_maxcredidlen + + fido_cred_aaguid_len + + fido_cred_aaguid_ptr + + fido_dev_get_touch_begin + + fido_dev_get_touch_status + * Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154. + * Allow CTAP messages up to 2048 bytes; gh#171. + * Ensure we only list USB devices by default. + +------------------------------------------------------------------- +Fri Jul 24 19:33:15 UTC 2020 - Stefan Brüns + +- Cleanup udev rules, trying to use the Debian specific plugdev + group fills up the journal. +- Make the udev rules package noarch, correct Summary + +------------------------------------------------------------------- +Fri Jul 3 09:11:31 UTC 2020 - Ismail Dönmez + +- Create a udev subpackage and ship the udev rule + +------------------------------------------------------------------- +Thu Jul 2 13:03:31 UTC 2020 - Ismail Dönmez + +- Don't build with hidapi support to fix issues with Yubikey 5Ci + https://github.com/Yubico/libfido2/issues/190 + +------------------------------------------------------------------- +Mon May 25 08:11:27 UTC 2020 - Ismail Dönmez + +- Update to version 1.4.0 + * hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. + * Fall back to U2F if the key claims to, but does not support FIDO2. + * FIDO2 credential protection (credprot) support. + * New API calls: + + fido_cbor_info_fwversion; + + fido_cred_prot; + + fido_cred_set_prot; + + fido_dev_set_transport_functions; + + fido_set_log_handler. + * Fixed EdDSA and RSA self-attestation. + +------------------------------------------------------------------- +Sun Mar 1 00:28:37 UTC 2020 - Marcus Rueckert + +- Version 1.3.1 + - fix zero-ing of le1 and le2 when talking to a U2F device. + - dropping sk-libfido2 middleware, please find it in the openssh + tree. + +------------------------------------------------------------------- +Sun Dec 8 23:00:20 UTC 2019 - Karol Babioch + +- Version 1.3.0 (2019-11-28) + * assert/hmac: encode public key as per spec, gh#60. + * fido2-cred: fix creation of resident keys. + * fido2-{assert,cred}: support for hmac-secret extension. + * hid_osx: detect device removal, gh#56. + * hid_osx: fix device detection in MacOS Catalina. + * New API calls: + - fido_assert_set_authdata_raw; + - fido_assert_sigcount; + - fido_cred_set_authdata_raw; + - fido_dev_cancel. + * Middleware library for use by OpenSSH. + * Support for biometric enrollment. + * Support for OpenBSD. + * Support for self-attestation. + +------------------------------------------------------------------- +Mon Sep 16 13:51:47 UTC 2019 - simmphonie@opensuse.org + +- Version 1.2.0 (released 2019-07-26) + * Credential management support. + * New API reflecting FIDO’s 3-state booleans (true, false, absent): + - fido_assert_set_up; + - fido_assert_set_uv; + - fido_cred_set_rk; + - fido_cred_set_uv. + * Command-line tools for Windows. + * Documentation and reliability fixes. + * fido_{assert,cred}_set_options() are now marked as deprecated. + +------------------------------------------------------------------- +Tue May 28 21:26:35 UTC 2019 - Karol Babioch + +- Version 1.1.0 (released 2019-05-08) + * EdDSA (Ed25519) support. + * fido_dev_make_cred: fix order of CBOR map keys. + * fido_dev_get_assert: plug memory leak when operating on U2F devices. + +------------------------------------------------------------------- +Sat Apr 20 18:50:23 UTC 2019 - Jan Engelhardt + +- Use automatic dependency discovery for + libfido2-utils -> libfido2-1_0-0. + +------------------------------------------------------------------- +Tue Apr 16 06:52:58 UTC 2019 - Karol Babioch + +- Added Conflicts to libfido2-0_4_0 to make sure upgrade goes smoothly as + outline in sr#690566 + +------------------------------------------------------------------- +Tue Apr 2 07:05:19 UTC 2019 - Karol Babioch + +- Split utilities into sub-package libfido2-utils and package man pages + correctly (bsc#1131163) + +------------------------------------------------------------------- +Thu Mar 21 09:10:24 UTC 2019 - Karol Babioch + +- Version 1.0.0 (released 2019-03-21) + * Native HID support on Linux, MacOS, and Windows. + * fido2-{assert,cred}: new -u option to force U2F on dual authenticators. + * fido2-assert: support for multiple resident keys with the same RP. + * Strict checks for CTAP2 compliance on received CBOR payloads. + * Better fuzzing harnesses. + * Documentation and reliability fixes. + +------------------------------------------------------------------- +Wed Jan 9 09:32:01 UTC 2019 - Karol Babioch + +- Version 0.4.0 (released 2019-01-07) + * fido2-assert: print the user id for resident credentials. + * Fix encoding of COSE algorithms when making a credential. + * Rework purpose of fido_cred_set_type; no ABI change. + * Minor documentation and code fixes. +- Dropped patch that is included upstream now: fix-release-build.patch + +------------------------------------------------------------------- +Mon Oct 1 16:35:14 UTC 2018 - Karol Babioch + +- Added patch: + * fix-release-build.patch: Disables regression tests as proposed by upstream + +------------------------------------------------------------------- +Mon Oct 1 06:56:58 UTC 2018 - Karol Babioch + +- Applied spec-cleaner + +------------------------------------------------------------------- +Sun Sep 30 08:41:05 UTC 2018 - t.gruner@katodev.de + +- Build package without regression tests +- Version 0.3.0 (released 2018-09-11) + - Various reliability fixes. + - Merged fuzzing instrumentation. + - Added regress tests. + - Added support for FIDO 2’s hmac-secret extension. + - New API calls: + * fido_assert_hmac_secret_len; + * fido_assert_hmac_secret_ptr; + * fido_assert_set_extensions; + * fido_assert_set_hmac_salt; + * fido_cred_set_extensions; + * fido_dev_force_fido2. + - Support for native builds with Microsoft Visual Studio 17. + +------------------------------------------------------------------- +Fri Sep 28 19:05:32 UTC 2018 - Jan Engelhardt + +- Fix RPM group. Wrap description. + +------------------------------------------------------------------- +Thu Jun 21 08:51:47 UTC 2018 - t.gruner@katodev.de + +- Version 0.2.0 (released 2018-06-20) + - Added command-line tools. + - Added a couple of missing get functions. + +- Version 0.1.1 (released 2018-06-05) + - Added documentation. + - Added OpenSSL 1.0 support. + - Minor fixes. + +------------------------------------------------------------------- +Sun May 27 20:10:41 UTC 2018 - t.gruner@katodev.de + +- update to version 0.1.0 + +------------------------------------------------------------------- +Mon Apr 30 20:03:20 UTC 2018 - t.gruner@katodev.de + +- Initial release version 0_git diff --git a/libfido2.spec b/libfido2.spec new file mode 100644 index 0000000..15d3172 --- /dev/null +++ b/libfido2.spec @@ -0,0 +1,139 @@ +# +# spec file for package libfido2 +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define sover 1 +Name: libfido2 +Version: 1.13.0 +Release: 0 +Summary: FIDO U2F and FIDO 2.0 protocols +License: BSD-2-Clause +Group: Development/Libraries/C and C++ +URL: https://developers.yubico.com/ +Source0: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz +Source1: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz.sig +BuildRequires: cmake +BuildRequires: gcc-c++ +%if 0%{?suse_version} >= 1540 || 0%{?sle_version} >= 150400 +BuildRequires: libopenssl-3-devel +%else +BuildRequires: pkgconfig(openssl) +%endif +BuildRequires: ninja +BuildRequires: pkgconfig +BuildRequires: pkgconfig(hidapi-hidraw) +BuildRequires: pkgconfig(libcbor) +BuildRequires: pkgconfig(libudev) +BuildRequires: pkgconfig(zlib) + +%description +Provides library functionality for communicating with a FIDO device +over USB as well as verifying attestation and assertion signatures. + +%package -n %{name}-%{sover} +Summary: FIDO U2F and FIDO 2.0 protocols +Group: Development/Libraries/C and C++ +Provides: %{name} = %{version} +Obsoletes: %{name} < %{version} + +%description -n %{name}-%{sover} +This library supports the FIDO U2F and FIDO 2.0 protocols for +communicating with a USB authenticator via the +Client-to-Authenticator Protocol (CTAP 1 and 2). + +%package -n %{name}-devel +Summary: Development files for FIDO U2F and FIDO 2.0 protocols +Group: Development/Libraries/C and C++ +Requires: %{name}-%{sover} = %{version} +Requires: openssl-devel +Conflicts: libfido2-0_4_0 +Conflicts: libfido2-1_0_0 + +%description -n %{name}-devel +This package contains the header file needed to develop applications that +use FIDO U2F and FIDO 2.0 protocols. + +%package -n %{name}-utils +Summary: Utility programs making use of libfido2, a library for FIDO U2F and FIDO 2.0 +Group: Hardware/Other +Conflicts: libfido2-0_4_0 +Conflicts: libfido2-1_0_0 + +%description -n %{name}-utils +This package contains utilities to use FIDO U2F and FIDO 2.0 protocols. + +%package -n %{name}-udev +Summary: Udev rules for libfido2 +Group: Development/Libraries/C and C++ +BuildArch: noarch + +%description -n %{name}-udev +This package contains the udev rules for FIDO2 compatible devices. + +%prep +%autosetup -p1 + +%build +%define __builder ninja +%cmake \ + -DCBOR_LIBRARY_DIRS=%{_libdir} \ + -DBUILD_EXAMPLES=OFF \ + -DUSE_HIDAPI=ON \ + -DNFC_LINUX=ON +%cmake_build + +%install +%cmake_install + +# Remove Debian specific plugdev setting from udev rules +sed -i -e 's/, GROUP="plugdev"//g ; s/, MODE="0660"//g' udev/70-u2f.rules +# u2f-host has the same udev rule, use a different name +mkdir -p %{buildroot}%{_udevrulesdir} +install -m 0644 udev/70-u2f.rules %{buildroot}%{_udevrulesdir}/70-fido2.rules + +find %{buildroot} -type f -name "*.a" -delete -print + +%post -n %{name}-%{sover} -p /sbin/ldconfig +%postun -n %{name}-%{sover} -p /sbin/ldconfig + +%post udev +%{udev_rules_update} + +%postun udev +%{udev_rules_update} + +%files -n %{name}-%{sover} +%license LICENSE +%doc README.adoc +%{_libdir}/%{name}.so.* + +%files -n %{name}-devel +%{_includedir}/*.h +%dir %{_includedir}/fido +%{_includedir}/fido/*.h +%{_libdir}/%{name}.so +%{_mandir}/man3/* +%{_libdir}/pkgconfig/* + +%files udev +%{_udevrulesdir}/70-fido2.rules + +%files -n %{name}-utils +%{_bindir}/fido2-* +%{_mandir}/man1/* + +%changelog