Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/libfido2/dist Import libfido2 1.8.0
details: https://anonhg.NetBSD.org/src/rev/ee7a5dbf1764
branches: trunk
changeset: 987352:ee7a5dbf1764
user: christos <christos%NetBSD.org@localhost>
date: Fri Sep 24 12:43:28 2021 +0000
description:
Import libfido2 1.8.0
* Version 1.8.0 (2021-07-22)
** Dropped 'Requires.private' entry from pkg-config file.
** Better support for FIDO 2.1 authenticators.
** Support for Windows's native webauthn API.
** Support for attestation format 'none'.
** New API calls:
- fido_assert_set_clientdata;
- fido_cbor_info_algorithm_cose;
- fido_cbor_info_algorithm_count;
- fido_cbor_info_algorithm_type;
- fido_cbor_info_transports_len;
- fido_cbor_info_transports_ptr;
- fido_cred_set_clientdata;
- fido_cred_set_id;
- fido_credman_set_dev_rk;
- fido_dev_is_winhello.
** fido2-token: new -Sc option to update a resident credential.
** Documentation and reliability fixes.
** HID access serialisation on Linux.
diffstat:
external/bsd/libfido2/dist/CMakeLists.txt | 34 +-
external/bsd/libfido2/dist/NEWS | 20 +
external/bsd/libfido2/dist/README.adoc | 16 +-
external/bsd/libfido2/dist/examples/README.adoc | 2 +-
external/bsd/libfido2/dist/examples/cred.c | 16 +-
external/bsd/libfido2/dist/examples/info.c | 42 +
external/bsd/libfido2/dist/fuzz/Makefile | 2 +-
external/bsd/libfido2/dist/fuzz/export.gnu | 8 +
external/bsd/libfido2/dist/fuzz/functions.txt | 198 +-
external/bsd/libfido2/dist/fuzz/fuzz_assert.c | 9 +-
external/bsd/libfido2/dist/fuzz/fuzz_bio.c | 2 +-
external/bsd/libfido2/dist/fuzz/fuzz_cred.c | 20 +-
external/bsd/libfido2/dist/fuzz/fuzz_credman.c | 44 +-
external/bsd/libfido2/dist/fuzz/fuzz_hid.c | 68 +-
external/bsd/libfido2/dist/fuzz/fuzz_mgmt.c | 13 +
external/bsd/libfido2/dist/fuzz/mutator_aux.c | 12 +-
external/bsd/libfido2/dist/fuzz/mutator_aux.h | 1 -
external/bsd/libfido2/dist/fuzz/report.tgz | Bin
external/bsd/libfido2/dist/fuzz/summary.txt | 35 +-
external/bsd/libfido2/dist/fuzz/udev.c | 269 ++
external/bsd/libfido2/dist/fuzz/wrapped.sym | 16 +
external/bsd/libfido2/dist/man/CMakeLists.txt | 10 +
external/bsd/libfido2/dist/man/fido2-assert.1 | 2 +-
external/bsd/libfido2/dist/man/fido2-cred.1 | 2 +-
external/bsd/libfido2/dist/man/fido2-token.1 | 39 +-
external/bsd/libfido2/dist/man/fido_assert_new.3 | 4 +-
external/bsd/libfido2/dist/man/fido_assert_set_authdata.3 | 15 +
external/bsd/libfido2/dist/man/fido_bio_dev_get_info.3 | 10 +-
external/bsd/libfido2/dist/man/fido_bio_template.3 | 10 +
external/bsd/libfido2/dist/man/fido_cbor_info_new.3 | 45 +-
external/bsd/libfido2/dist/man/fido_cred_set_authdata.3 | 39 +-
external/bsd/libfido2/dist/man/fido_cred_verify.3 | 9 +-
external/bsd/libfido2/dist/man/fido_credman_metadata_new.3 | 40 +-
external/bsd/libfido2/dist/man/fido_dev_enable_entattest.3 | 21 +-
external/bsd/libfido2/dist/man/fido_dev_open.3 | 11 +
external/bsd/libfido2/dist/openbsd-compat/readpassphrase_win32.c | 4 +-
external/bsd/libfido2/dist/regress/cred.c | 45 +
external/bsd/libfido2/dist/src/CMakeLists.txt | 57 +-
external/bsd/libfido2/dist/src/assert.c | 62 +-
external/bsd/libfido2/dist/src/bio.c | 7 +-
external/bsd/libfido2/dist/src/cbor.c | 3 +-
external/bsd/libfido2/dist/src/config.c | 6 +-
external/bsd/libfido2/dist/src/cred.c | 143 +-
external/bsd/libfido2/dist/src/credman.c | 88 +-
external/bsd/libfido2/dist/src/dev.c | 32 +-
external/bsd/libfido2/dist/src/export.gnu | 10 +
external/bsd/libfido2/dist/src/export.llvm | 10 +
external/bsd/libfido2/dist/src/export.msvc | 10 +
external/bsd/libfido2/dist/src/extern.h | 18 +-
external/bsd/libfido2/dist/src/fido.h | 9 +
external/bsd/libfido2/dist/src/fido/credman.h | 3 +-
external/bsd/libfido2/dist/src/fido/types.h | 14 +
external/bsd/libfido2/dist/src/hid.c | 3 +-
external/bsd/libfido2/dist/src/hid_linux.c | 44 +-
external/bsd/libfido2/dist/src/info.c | 231 +-
external/bsd/libfido2/dist/src/io.c | 4 +-
external/bsd/libfido2/dist/src/largeblob.c | 10 +-
external/bsd/libfido2/dist/src/libfido2.pc.in | 1 -
external/bsd/libfido2/dist/src/log.c | 6 +-
external/bsd/libfido2/dist/src/pin.c | 43 +-
external/bsd/libfido2/dist/src/u2f.c | 21 +-
external/bsd/libfido2/dist/src/winhello.c | 934 ++++++++++
external/bsd/libfido2/dist/tools/credman.c | 56 +
external/bsd/libfido2/dist/tools/extern.h | 4 +-
external/bsd/libfido2/dist/tools/fido2-token.c | 2 +
external/bsd/libfido2/dist/tools/test.sh | 2 +-
external/bsd/libfido2/dist/tools/token.c | 55 +
external/bsd/libfido2/dist/windows/build.ps1 | 24 +-
68 files changed, 2518 insertions(+), 527 deletions(-)
diffs (truncated from 5478 to 300 lines):
diff -r 0de3d5fce329 -r ee7a5dbf1764 external/bsd/libfido2/dist/CMakeLists.txt
--- a/external/bsd/libfido2/dist/CMakeLists.txt Fri Sep 24 08:40:35 2021 +0000
+++ b/external/bsd/libfido2/dist/CMakeLists.txt Fri Sep 24 12:43:28 2021 +0000
@@ -28,19 +28,20 @@
set(CMAKE_COLOR_MAKEFILE OFF)
set(CMAKE_VERBOSE_MAKEFILE ON)
set(FIDO_MAJOR "1")
-set(FIDO_MINOR "7")
+set(FIDO_MINOR "8")
set(FIDO_PATCH "0")
set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
-option(BUILD_EXAMPLES "Build example programs" ON)
-option(BUILD_MANPAGES "Build man pages" ON)
-option(BUILD_SHARED_LIBS "Build the shared library" ON)
-option(BUILD_STATIC_LIBS "Build the static library" ON)
-option(BUILD_TOOLS "Build tool programs" ON)
-option(FUZZ "Enable fuzzing instrumentation" OFF)
-option(LIBFUZZER "Build libfuzzer harnesses" OFF)
-option(USE_HIDAPI "Use hidapi as the HID backend" OFF)
-option(NFC_LINUX "Experimental NFC support on Linux" OFF)
+option(BUILD_EXAMPLES "Build example programs" ON)
+option(BUILD_MANPAGES "Build man pages" ON)
+option(BUILD_SHARED_LIBS "Build the shared library" ON)
+option(BUILD_STATIC_LIBS "Build the static library" ON)
+option(BUILD_TOOLS "Build tool programs" ON)
+option(FUZZ "Enable fuzzing instrumentation" OFF)
+option(LIBFUZZER "Build libfuzzer harnesses" OFF)
+option(USE_HIDAPI "Use hidapi as the HID backend" OFF)
+option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" OFF)
+option(NFC_LINUX "Experimental NFC support on Linux" OFF)
add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
@@ -67,6 +68,7 @@
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1")
elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+ set(NFC_LINUX OFF)
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE")
elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
@@ -86,6 +88,7 @@
check_include_files(signal.h HAVE_SIGNAL_H)
check_include_files(sys/random.h HAVE_SYS_RANDOM_H)
check_include_files(unistd.h HAVE_UNISTD_H)
+check_include_files("windows.h;webauthn.h" HAVE_WEBAUTHN_H)
check_symbol_exists(arc4random_buf stdlib.h HAVE_ARC4RANDOM_BUF)
check_symbol_exists(clock_gettime time.h HAVE_CLOCK_GETTIME)
@@ -140,6 +143,7 @@
HAVE_TIMESPECSUB
HAVE_TIMINGSAFE_BCMP
HAVE_UNISTD_H
+ HAVE_WEBAUTHN_H
)
foreach(v ${CHECK_VARIABLES})
@@ -178,7 +182,8 @@
# initializer;
"C4706" # assignment within conditional expression;
"C4996" # The POSIX name for this item is deprecated. Instead,
- # use the ISO C and C++ conformant name
+ # use the ISO C and C++ conformant name;
+ "C6287" # redundant code: the left and right subexpressions are identical
)
# The construction in the following 3 lines was taken from LibreSSL's
# CMakeLists.txt.
@@ -188,6 +193,10 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}")
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7 /guard:cf /sdl /RTCcsu")
set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl")
+ if (HAVE_WEBAUTHN_H)
+ add_definitions(-DUSE_WINHELLO)
+ set(USE_WINHELLO ON)
+ endif()
else()
include(FindPkgConfig)
pkg_search_module(CBOR libcbor)
@@ -354,6 +363,8 @@
message(STATUS "CMAKE_C_FLAGS: ${CMAKE_C_FLAGS}")
message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}")
message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
+message(STATUS "CMAKE_SYSTEM_NAME: ${CMAKE_SYSTEM_NAME}")
+message(STATUS "CMAKE_SYSTEM_VERSION: ${CMAKE_SYSTEM_VERSION}")
message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
@@ -378,6 +389,7 @@
message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
message(STATUS "UDEV_VERSION: ${UDEV_VERSION}")
message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
+message(STATUS "USE_WINHELLO: ${USE_WINHELLO}")
message(STATUS "NFC_LINUX: ${NFC_LINUX}")
subdirs(src)
diff -r 0de3d5fce329 -r ee7a5dbf1764 external/bsd/libfido2/dist/NEWS
--- a/external/bsd/libfido2/dist/NEWS Fri Sep 24 08:40:35 2021 +0000
+++ b/external/bsd/libfido2/dist/NEWS Fri Sep 24 12:43:28 2021 +0000
@@ -1,3 +1,23 @@
+* Version 1.8.0 (2021-07-22)
+ ** Dropped 'Requires.private' entry from pkg-config file.
+ ** Better support for FIDO 2.1 authenticators.
+ ** Support for Windows's native webauthn API.
+ ** Support for attestation format 'none'.
+ ** New API calls:
+ - fido_assert_set_clientdata;
+ - fido_cbor_info_algorithm_cose;
+ - fido_cbor_info_algorithm_count;
+ - fido_cbor_info_algorithm_type;
+ - fido_cbor_info_transports_len;
+ - fido_cbor_info_transports_ptr;
+ - fido_cred_set_clientdata;
+ - fido_cred_set_id;
+ - fido_credman_set_dev_rk;
+ - fido_dev_is_winhello.
+ ** fido2-token: new -Sc option to update a resident credential.
+ ** Documentation and reliability fixes.
+ ** HID access serialisation on Linux.
+
* Version 1.7.0 (2021-03-29)
** New dependency on zlib.
** Fixed musl build; gh#259.
diff -r 0de3d5fce329 -r ee7a5dbf1764 external/bsd/libfido2/dist/README.adoc
--- a/external/bsd/libfido2/dist/README.adoc Fri Sep 24 08:40:35 2021 +0000
+++ b/external/bsd/libfido2/dist/README.adoc Fri Sep 24 12:43:28 2021 +0000
@@ -21,7 +21,7 @@
=== Supported Platforms
-*libfido2* is known to work on Linux, MacOS, Windows, OpenBSD, and FreeBSD.
+*libfido2* is known to work on Linux, macOS, Windows, OpenBSD, and FreeBSD.
=== Documentation
@@ -40,7 +40,7 @@
==== Releases
-The current release of *libfido2* is 1.7.0. Please consult Yubico's
+The current release of *libfido2* is 1.8.0. Please consult Yubico's
https://developers.yubico.com/libfido2/Releases[release page] for source
and binary releases.
@@ -51,16 +51,16 @@
$ sudo apt install libfido2-doc
Alternatively, newer versions of *libfido2* are available in Yubico's PPA.
-Follow the instructions for Ubuntu 18.04 (Bionic) and 16.04 (Xenial) below.
+Follow the instructions for Ubuntu 18.04 (Bionic) below.
-==== Ubuntu 18.04 (Bionic) and 16.04 (Xenial)
+==== Ubuntu 18.04 (Bionic)
$ sudo apt install software-properties-common
$ sudo apt-add-repository ppa:yubico/stable
$ sudo apt update
$ sudo apt install libfido2-dev
-==== MacOS
+==== macOS
$ brew install libfido2
@@ -80,7 +80,7 @@
required.
For complete, OS-specific installation instructions, please refer to the
-`.actions/` (Linux, MacOS) and `windows/` directories.
+`.actions/` (Linux, macOS) and `windows/` directories.
On Linux, you will need to add a udev rule to be able to access the FIDO
device, or run as root. For example, the udev rule may contain the following:
@@ -91,7 +91,3 @@
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
----
-
-On Windows 1903 and newer versions, access to FIDO devices has been restricted
-to applications using the operating system's native API. Use of *libfido2*
-is still possible in privileged applications.
diff -r 0de3d5fce329 -r ee7a5dbf1764 external/bsd/libfido2/dist/examples/README.adoc
--- a/external/bsd/libfido2/dist/examples/README.adoc Fri Sep 24 08:40:35 2021 +0000
+++ b/external/bsd/libfido2/dist/examples/README.adoc Fri Sep 24 12:43:28 2021 +0000
@@ -25,7 +25,7 @@
- <blobkey>
- A credential's associated FIDO2.1 "largeBlob" symmetric key.
+ A credential's associated FIDO 2.1 "largeBlob" symmetric key.
=== Description
diff -r 0de3d5fce329 -r ee7a5dbf1764 external/bsd/libfido2/dist/examples/cred.c
--- a/external/bsd/libfido2/dist/examples/cred.c Fri Sep 24 08:40:35 2021 +0000
+++ b/external/bsd/libfido2/dist/examples/cred.c Fri Sep 24 12:43:28 2021 +0000
@@ -86,6 +86,16 @@
if (uv && (r = fido_cred_set_uv(cred, FIDO_OPT_TRUE)) != FIDO_OK)
errx(1, "fido_cred_set_uv: %s (0x%x)", fido_strerr(r), r);
+ /* fmt */
+ r = fido_cred_set_fmt(cred, fmt);
+ if (r != FIDO_OK)
+ errx(1, "fido_cred_set_fmt: %s (0x%x)", fido_strerr(r), r);
+
+ if (!strcmp(fido_cred_fmt(cred), "none")) {
+ warnx("no attestation data, skipping credential verification");
+ goto out;
+ }
+
/* x509 */
r = fido_cred_set_x509(cred, x509_ptr, x509_len);
if (r != FIDO_OK)
@@ -96,15 +106,11 @@
if (r != FIDO_OK)
errx(1, "fido_cred_set_sig: %s (0x%x)", fido_strerr(r), r);
- /* fmt */
- r = fido_cred_set_fmt(cred, fmt);
- if (r != FIDO_OK)
- errx(1, "fido_cred_set_fmt: %s (0x%x)", fido_strerr(r), r);
-
r = fido_cred_verify(cred);
if (r != FIDO_OK)
errx(1, "fido_cred_verify: %s (0x%x)", fido_strerr(r), r);
+out:
if (key_out != NULL) {
/* extract the credential pubkey */
if (type == COSE_ES256) {
diff -r 0de3d5fce329 -r ee7a5dbf1764 external/bsd/libfido2/dist/examples/info.c
--- a/external/bsd/libfido2/dist/examples/info.c Fri Sep 24 08:40:35 2021 +0000
+++ b/external/bsd/libfido2/dist/examples/info.c Fri Sep 24 12:43:28 2021 +0000
@@ -104,6 +104,41 @@
}
/*
+ * Auxiliary function to print a list of supported COSE algorithms on stdout.
+ */
+static void
+print_algorithms(const fido_cbor_info_t *ci)
+{
+ const char *cose, *type;
+ size_t len;
+
+ if ((len = fido_cbor_info_algorithm_count(ci)) == 0)
+ return;
+
+ printf("algorithms: ");
+
+ for (size_t i = 0; i < len; i++) {
+ cose = type = "unknown";
+ switch (fido_cbor_info_algorithm_cose(ci, i)) {
+ case COSE_EDDSA:
+ cose = "eddsa";
+ break;
+ case COSE_ES256:
+ cose = "es256";
+ break;
+ case COSE_RS256:
+ cose = "rs256";
+ break;
+ }
+ if (fido_cbor_info_algorithm_type(ci, i) != NULL)
+ type = fido_cbor_info_algorithm_type(ci, i);
+ printf("%s%s (%s)", i > 0 ? ", " : "", cose, type);
+ }
+
+ printf("\n");
+}
+
+/*
* Auxiliary function to print an authenticator's AAGUID on stdout.
*/
static void
@@ -204,6 +239,13 @@
print_str_array("extension", fido_cbor_info_extensions_ptr(ci),
fido_cbor_info_extensions_len(ci));
+ /* print supported transports */
+ print_str_array("transport", fido_cbor_info_transports_ptr(ci),
+ fido_cbor_info_transports_len(ci));
+
+ /* print supported algorithms */
+ print_algorithms(ci);
+
/* print aaguid */
print_aaguid(fido_cbor_info_aaguid_ptr(ci),
fido_cbor_info_aaguid_len(ci));
diff -r 0de3d5fce329 -r ee7a5dbf1764 external/bsd/libfido2/dist/fuzz/Makefile
--- a/external/bsd/libfido2/dist/fuzz/Makefile Fri Sep 24 08:40:35 2021 +0000
+++ b/external/bsd/libfido2/dist/fuzz/Makefile Fri Sep 24 12:43:28 2021 +0000
@@ -2,7 +2,7 @@
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
-IMAGE := libfido2-coverage:1.7.0
+IMAGE := libfido2-coverage:1.8.0
RUNNER := libfido2-runner
PROFDATA := llvm-profdata-11
Home |
Main Index |
Thread Index |
Old Index