+FIDO_DEBUG=1
+
+
+$ export FIDO_DEBUG=1
+$ <command1>
+$ <command2>
+(...)
+$ <commandn>
+
+
+
diff --git a/contrib/libfido2/.github/ISSUE_TEMPLATE/config.yml b/contrib/libfido2/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 000000000000..3ecb227ffeb0
--- /dev/null
+++ b/contrib/libfido2/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+ - name: Feature Request
+ url: https://github.com/Yubico/libfido2/discussions/new
+ about: Share ideas for new features
+ - name: Ask a question about libfido2
+ url: https://github.com/Yubico/libfido2/discussions/new
+ about: Ask the community for help
diff --git a/contrib/libfido2/.github/workflows/alpine_builds.yml b/contrib/libfido2/.github/workflows/alpine_builds.yml
new file mode 100644
index 000000000000..c6d826f39835
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/alpine_builds.yml
@@ -0,0 +1,39 @@
+# Copyright (c) 2022-2023 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: alpine
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ build:
+ runs-on: ubuntu-20.04
+ container: alpine:latest
+ strategy:
+ fail-fast: false
+ matrix:
+ cc: [ gcc, clang ]
+ steps:
+ - name: dependencies
+ run: |
+ apk -q update
+ apk add build-base clang clang-analyzer cmake coreutils eudev-dev
+ apk add git linux-headers openssl-dev sudo zlib-dev pcsc-lite-dev \
+ libcbor-dev
+ - name: fix permissions on workdir
+ run: chown root:wheel "${GITHUB_WORKSPACE}"
+ - name: checkout libfido2
+ uses: actions/checkout@v4
+ - name: build libfido2
+ env:
+ CC: ${{ matrix.cc }}
+ run: ./.actions/build-linux-${CC}
diff --git a/contrib/libfido2/.github/workflows/bsd_builds.yml b/contrib/libfido2/.github/workflows/bsd_builds.yml
new file mode 100644
index 000000000000..366ea2141aca
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/bsd_builds.yml
@@ -0,0 +1,32 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: bsd
+
+on:
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ build:
+ if: github.repository == 'Yubico/libfido2'
+ runs-on: ubuntu-22.04
+ strategy:
+ fail-fast: false
+ matrix:
+ image: [freebsd/13.x, openbsd/7.2]
+ steps:
+ - uses: actions/checkout@v4
+ - name: dependencies
+ run: |
+ sudo apt -q update
+ sudo apt install -q -y curl jq
+ - name: build
+ env:
+ IMAGE: ${{ matrix.image }}
+ SOURCEHUT_TOKEN: ${{ secrets.SOURCEHUT_TOKEN }}
+ run: ./.actions/build-bsd
diff --git a/contrib/libfido2/.github/workflows/cifuzz_oss.yml b/contrib/libfido2/.github/workflows/cifuzz_oss.yml
new file mode 100644
index 000000000000..556d5ad36f7c
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/cifuzz_oss.yml
@@ -0,0 +1,46 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: cifuzz
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ fuzzing:
+ if: github.repository == 'Yubico/libfido2'
+ runs-on: ubuntu-20.04
+ strategy:
+ fail-fast: false
+ matrix:
+ sanitizer: [address, undefined, memory]
+ steps:
+ - name: build fuzzers (${{ matrix.sanitizer }})
+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'libfido2'
+ language: c
+ sanitizer: ${{ matrix.sanitizer }}
+ dry-run: false
+ - name: run fuzzers (${{ matrix.sanitizer }})
+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'libfido2'
+ language: c
+ sanitizer: ${{ matrix.sanitizer }}
+ fuzz-seconds: 600
+ dry-run: false
+ - name: upload crash
+ uses: actions/upload-artifact@v3
+ if: failure()
+ with:
+ name: ${{ matrix.sanitizer }}-artifacts
+ path: ./out/artifacts
diff --git a/contrib/libfido2/.github/workflows/codeql-analysis.yml b/contrib/libfido2/.github/workflows/codeql-analysis.yml
new file mode 100644
index 000000000000..a3a8d54d2daa
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,42 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: "codeql"
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+ schedule:
+ - cron: '0 0 * * 0'
+
+permissions:
+ security-events: write
+
+jobs:
+ codeql-build:
+ if: github.repository == 'Yubico/libfido2'
+ runs-on: ubuntu-22.04
+ steps:
+ - name: checkout
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 2
+ - name: init codeql
+ uses: github/codeql-action/init@v2
+ - name: build
+ env:
+ CC: gcc
+ run: |
+ sudo apt -q update
+ sudo apt install -q -y libcbor-dev libudev-dev libz-dev original-awk \
+ libpcsclite-dev
+ ./.actions/build-linux-gcc
+ - name: perform codeql analysis
+ uses: github/codeql-action/analyze@v2
diff --git a/contrib/libfido2/.github/workflows/cygwin_builds.yml b/contrib/libfido2/.github/workflows/cygwin_builds.yml
new file mode 100644
index 000000000000..d8146c54904e
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/cygwin_builds.yml
@@ -0,0 +1,30 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: cygwin
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ build:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ fail-fast: false
+ matrix:
+ os: [ windows-2022 ]
+ arch: [ x64 ]
+ config: [ "Debug", "Release" ]
+ steps:
+ - uses: actions/checkout@v4
+ - name: build
+ run: |
+ .\windows\cygwin.ps1 -Config ${{ matrix.config }}
diff --git a/contrib/libfido2/.github/workflows/linux_builds.yml b/contrib/libfido2/.github/workflows/linux_builds.yml
new file mode 100644
index 000000000000..ec911cb92d92
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/linux_builds.yml
@@ -0,0 +1,57 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: linux
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ build:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - { os: ubuntu-20.04, cc: gcc-8 }
+ - { os: ubuntu-22.04, cc: gcc-9 }
+ - { os: ubuntu-22.04, cc: gcc-10 }
+ - { os: ubuntu-22.04, cc: gcc-11 }
+ - { os: ubuntu-22.04, cc: gcc-12 }
+ - { os: ubuntu-22.04, cc: clang-13 }
+ - { os: ubuntu-22.04, cc: clang-14 }
+ - { os: ubuntu-22.04, cc: clang-15 }
+ - { os: ubuntu-22.04, cc: clang-16 }
+ - { os: ubuntu-20.04, cc: i686-w64-mingw32-gcc-9 }
+ - { os: ubuntu-22.04, cc: i686-w64-mingw32-gcc-10 }
+ steps:
+ - uses: actions/checkout@v4
+ - name: dependencies
+ run: |
+ sudo apt -q update
+ sudo apt install -q -y libcbor-dev libudev-dev libz-dev \
+ original-awk mandoc libpcsclite-dev
+ - name: compiler
+ env:
+ CC: ${{ matrix.cc }}
+ run: |
+ if [ "${CC%-*}" == "clang" ]; then
+ sudo ./.actions/setup_clang "${CC}"
+ elif [ "${CC%-*}" == "i686-w64-mingw32-gcc" ]; then
+ sudo apt install -q -y binutils-mingw-w64-i686 gcc-mingw-w64 \
+ g++-mingw-w64 mingw-w64-i686-dev
+ else
+ sudo apt install -q -y "${CC}"
+ fi
+ - name: build
+ env:
+ CC: ${{ matrix.cc }}
+ run: ./.actions/build-linux-${CC%-*}
diff --git a/contrib/libfido2/.github/workflows/linux_fuzz.yml b/contrib/libfido2/.github/workflows/linux_fuzz.yml
new file mode 100644
index 000000000000..296c0d9fab23
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/linux_fuzz.yml
@@ -0,0 +1,41 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: fuzzer
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ build:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ fail-fast: false
+ matrix:
+ os: [ ubuntu-22.04 ]
+ cc: [ clang-16 ]
+ sanitizer: [ asan, msan ]
+ steps:
+ - uses: actions/checkout@v4
+ - name: dependencies
+ run: |
+ sudo apt -q update
+ sudo apt install -q -y libudev-dev libpcsclite-dev
+ - name: compiler
+ env:
+ CC: ${{ matrix.cc }}
+ run: |
+ sudo ./.actions/setup_clang "${CC}"
+ - name: fuzz
+ env:
+ CC: ${{ matrix.cc }}
+ SANITIZER: ${{ matrix.sanitizer }}
+ run: ./.actions/fuzz-linux "${SANITIZER}"
diff --git a/contrib/libfido2/.github/workflows/macos_builds.yml b/contrib/libfido2/.github/workflows/macos_builds.yml
new file mode 100644
index 000000000000..7d84a750ac37
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/macos_builds.yml
@@ -0,0 +1,32 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: macos
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ build:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ fail-fast: false
+ matrix:
+ os: [ macos-13, macos-12 ]
+ cc: [ clang ]
+ steps:
+ - uses: actions/checkout@v4
+ - name: dependencies
+ run: brew install libcbor llvm mandoc openssl@3.0 pkg-config zlib
+ - name: build
+ env:
+ CC: ${{ matrix.cc }}
+ run: ./.actions/build-osx-clang
diff --git a/contrib/libfido2/.github/workflows/openssl3.yml b/contrib/libfido2/.github/workflows/openssl3.yml
new file mode 100644
index 000000000000..ee70c087d285
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/openssl3.yml
@@ -0,0 +1,51 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: openssl3
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ build:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - os: ubuntu-22.04
+ cc: gcc-11
+ - os: ubuntu-22.04
+ cc: clang-16
+ - os: ubuntu-22.04
+ cc: i686-w64-mingw32-gcc-10
+ steps:
+ - uses: actions/checkout@v4
+ - name: dependencies
+ env:
+ CC: ${{ matrix.cc }}
+ run: |
+ sudo apt -q update
+ sudo apt install -q -y libcbor-dev libudev-dev libz-dev \
+ original-awk mandoc libpcsclite-dev
+ sudo apt remove -y libssl-dev
+ if [ "${CC%-*}" == "clang" ]; then
+ sudo ./.actions/setup_clang "${CC}"
+ elif [ "${CC%-*}" == "i686-w64-mingw32-gcc" ]; then
+ sudo apt install -q -y binutils-mingw-w64-i686 gcc-mingw-w64 \
+ g++-mingw-w64 mingw-w64-i686-dev
+ else
+ sudo apt install -q -y "${CC}"
+ fi
+ - name: build
+ env:
+ CC: ${{ matrix.cc }}
+ run: ./.actions/build-linux-openssl3-${CC%-*}
diff --git a/contrib/libfido2/.github/workflows/windows_builds.yml b/contrib/libfido2/.github/workflows/windows_builds.yml
new file mode 100644
index 000000000000..bfc1eb3c1deb
--- /dev/null
+++ b/contrib/libfido2/.github/workflows/windows_builds.yml
@@ -0,0 +1,32 @@
+# Copyright (c) 2022 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
+
+name: windows
+
+on:
+ pull_request:
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ - '*-ci'
+
+jobs:
+ build:
+ runs-on: ${{ matrix.os }}
+ strategy:
+ fail-fast: false
+ matrix:
+ os: [ windows-2022 ]
+ arch: [ x64, Win32, ARM64, ARM ]
+ type: [ dynamic, static ]
+ config: [ "Release" ]
+ steps:
+ - uses: actions/checkout@v4
+ - name: build
+ run: |
+ .\windows\build.ps1 -Fido2Flags '/analyze' -Arch ${{ matrix.arch }} `
+ -Type ${{ matrix.type }} -Config ${{ matrix.config }}
diff --git a/contrib/libfido2/.gitignore b/contrib/libfido2/.gitignore
new file mode 100644
index 000000000000..0915625a059c
--- /dev/null
+++ b/contrib/libfido2/.gitignore
@@ -0,0 +1,9 @@
+build/
+cscope.out
+fuzz/build/
+fuzz/corpus.tgz-
+fuzz/fuzz_*/
+fuzz/obj/
+fuzz/report
+fuzz/*.so
+output/
diff --git a/contrib/libfido2/CMakeLists.txt b/contrib/libfido2/CMakeLists.txt
index 6fa341a01cc6..c4f7b1b7b51e 100644
--- a/contrib/libfido2/CMakeLists.txt
+++ b/contrib/libfido2/CMakeLists.txt
@@ -1,498 +1,498 @@
# Copyright (c) 2018-2022 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
+cmake_minimum_required(VERSION 3.7)
# detect AppleClang; needs to come before project()
cmake_policy(SET CMP0025 NEW)
project(libfido2 C)
-cmake_minimum_required(VERSION 3.0)
# Set PIE flags for POSITION_INDEPENDENT_CODE targets, added in CMake 3.14.
if(POLICY CMP0083)
cmake_policy(SET CMP0083 NEW)
endif()
include(CheckCCompilerFlag)
include(CheckFunctionExists)
include(CheckLibraryExists)
include(CheckSymbolExists)
include(CheckIncludeFiles)
include(CheckTypeSize)
include(GNUInstallDirs)
include(CheckPIESupported OPTIONAL RESULT_VARIABLE CHECK_PIE_SUPPORTED)
if(CHECK_PIE_SUPPORTED)
check_pie_supported(LANGUAGES C)
endif()
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_COLOR_MAKEFILE OFF)
set(CMAKE_VERBOSE_MAKEFILE ON)
set(FIDO_MAJOR "1")
-set(FIDO_MINOR "13")
+set(FIDO_MINOR "14")
set(FIDO_PATCH "0")
set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
option(BUILD_TESTS "Build the regress tests" ON)
option(BUILD_EXAMPLES "Build example programs" ON)
option(BUILD_MANPAGES "Build man pages" ON)
option(BUILD_SHARED_LIBS "Build a shared library" ON)
option(BUILD_STATIC_LIBS "Build a static library" ON)
option(BUILD_TOOLS "Build tool programs" ON)
option(FUZZ "Enable fuzzing instrumentation" OFF)
option(USE_HIDAPI "Use hidapi as the HID backend" OFF)
option(USE_PCSC "Enable experimental PCSC support" OFF)
option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" ON)
option(NFC_LINUX "Enable NFC support on Linux" ON)
add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
if(BUILD_SHARED_LIBS)
set(_FIDO2_LIBRARY fido2_shared)
elseif(BUILD_STATIC_LIBS)
set(_FIDO2_LIBRARY fido2)
else()
message(FATAL_ERROR "Nothing to build (BUILD_*_LIBS=OFF)")
endif()
if(CYGWIN OR MSYS OR MINGW)
set(WIN32 1)
endif()
if(WIN32)
add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600)
endif()
if(APPLE)
set(CMAKE_INSTALL_NAME_DIR
"${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
endif()
if(NOT MSVC)
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_POSIX_C_SOURCE=200809L")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_BSD_SOURCE")
if(APPLE)
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1")
elseif((CMAKE_SYSTEM_NAME STREQUAL "Linux") OR MINGW OR CYGWIN)
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE")
elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__BSD_VISIBLE=1")
elseif(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_NETBSD_SOURCE")
endif()
set(FIDO_CFLAGS "${FIDO_CFLAGS} -std=c99")
set(CMAKE_C_FLAGS "${FIDO_CFLAGS} ${CMAKE_C_FLAGS}")
endif()
check_c_compiler_flag("-Wshorten-64-to-32" HAVE_SHORTEN_64_TO_32)
check_c_compiler_flag("-Werror -fstack-protector-all" HAVE_STACK_PROTECTOR_ALL)
check_include_files(cbor.h HAVE_CBOR_H)
check_include_files(endian.h HAVE_ENDIAN_H)
check_include_files(err.h HAVE_ERR_H)
check_include_files(openssl/opensslv.h HAVE_OPENSSLV_H)
check_include_files(signal.h HAVE_SIGNAL_H)
check_include_files(sys/random.h HAVE_SYS_RANDOM_H)
check_include_files(unistd.h HAVE_UNISTD_H)
check_symbol_exists(arc4random_buf stdlib.h HAVE_ARC4RANDOM_BUF)
check_symbol_exists(asprintf stdio.h HAVE_ASPRINTF)
check_symbol_exists(clock_gettime time.h HAVE_CLOCK_GETTIME)
check_symbol_exists(explicit_bzero string.h HAVE_EXPLICIT_BZERO)
check_symbol_exists(freezero stdlib.h HAVE_FREEZERO)
check_symbol_exists(getline stdio.h HAVE_GETLINE)
check_symbol_exists(getopt unistd.h HAVE_GETOPT)
check_symbol_exists(getpagesize unistd.h HAVE_GETPAGESIZE)
check_symbol_exists(getrandom sys/random.h HAVE_GETRANDOM)
check_symbol_exists(memset_s string.h HAVE_MEMSET_S)
check_symbol_exists(readpassphrase readpassphrase.h HAVE_READPASSPHRASE)
check_symbol_exists(recallocarray stdlib.h HAVE_RECALLOCARRAY)
check_symbol_exists(strlcat string.h HAVE_STRLCAT)
check_symbol_exists(strlcpy string.h HAVE_STRLCPY)
check_symbol_exists(strsep string.h HAVE_STRSEP)
check_symbol_exists(sysconf unistd.h HAVE_SYSCONF)
check_symbol_exists(timespecsub sys/time.h HAVE_TIMESPECSUB)
check_symbol_exists(timingsafe_bcmp string.h HAVE_TIMINGSAFE_BCMP)
set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY)
try_compile(HAVE_POSIX_IOCTL
"${CMAKE_CURRENT_BINARY_DIR}/posix_ioctl_check.o"
"${CMAKE_CURRENT_SOURCE_DIR}/openbsd-compat/posix_ioctl_check.c"
COMPILE_DEFINITIONS "-Werror -Woverflow -Wsign-conversion")
list(APPEND CHECK_VARIABLES
HAVE_ARC4RANDOM_BUF
HAVE_ASPRINTF
HAVE_CBOR_H
HAVE_CLOCK_GETTIME
HAVE_ENDIAN_H
HAVE_ERR_H
HAVE_FREEZERO
HAVE_GETLINE
HAVE_GETOPT
HAVE_GETPAGESIZE
HAVE_GETRANDOM
HAVE_MEMSET_S
HAVE_OPENSSLV_H
HAVE_POSIX_IOCTL
HAVE_READPASSPHRASE
HAVE_RECALLOCARRAY
HAVE_SIGNAL_H
HAVE_STRLCAT
HAVE_STRLCPY
HAVE_STRSEP
HAVE_SYSCONF
HAVE_SYS_RANDOM_H
HAVE_TIMESPECSUB
HAVE_TIMINGSAFE_BCMP
HAVE_UNISTD_H
)
foreach(v ${CHECK_VARIABLES})
if (${v})
add_definitions(-D${v})
endif()
endforeach()
if(HAVE_EXPLICIT_BZERO AND NOT FUZZ)
add_definitions(-DHAVE_EXPLICIT_BZERO)
endif()
if(UNIX)
add_definitions(-DHAVE_DEV_URANDOM)
endif()
if(MSVC)
if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR
(NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR
(NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS))
message(FATAL_ERROR "please define "
"{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY}_DIRS when "
"building under msvc")
endif()
if(BUILD_TESTS AND BUILD_SHARED_LIBS AND
((NOT CBOR_BIN_DIRS) OR (NOT ZLIB_BIN_DIRS) OR (NOT CRYPTO_BIN_DIRS)))
message(FATAL_ERROR "please define {CBOR,CRYPTO,ZLIB}_BIN_DIRS "
"when building tests")
endif()
if(NOT CBOR_LIBRARIES)
set(CBOR_LIBRARIES cbor)
endif()
if(NOT ZLIB_LIBRARIES)
set(ZLIB_LIBRARIES zlib1)
endif()
if(NOT CRYPTO_LIBRARIES)
set(CRYPTO_LIBRARIES crypto)
endif()
set(MSVC_DISABLED_WARNINGS_LIST
"C4152" # nonstandard extension used: function/data pointer
# conversion in expression;
"C4200" # nonstandard extension used: zero-sized array in
# struct/union;
"C4201" # nonstandard extension used: nameless struct/union;
"C4204" # nonstandard extension used: non-constant aggregate
# initializer;
"C4706" # assignment within conditional expression;
"C4996" # The POSIX name for this item is deprecated. Instead,
# use the ISO C and C++ conformant name;
"C6287" # redundant code: the left and right subexpressions are identical
)
# The construction in the following 3 lines was taken from LibreSSL's
# CMakeLists.txt.
string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
${MSVC_DISABLED_WARNINGS_LIST})
string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}")
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Od /Z7 /guard:cf /sdl /RTCcsu")
set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl")
if(USE_WINHELLO)
add_definitions(-DUSE_WINHELLO)
endif()
set(NFC_LINUX OFF)
else()
include(FindPkgConfig)
pkg_search_module(CBOR libcbor)
pkg_search_module(CRYPTO libcrypto)
pkg_search_module(ZLIB zlib)
if(NOT CBOR_FOUND AND NOT HAVE_CBOR_H)
message(FATAL_ERROR "could not find libcbor")
endif()
if(NOT CRYPTO_FOUND AND NOT HAVE_OPENSSLV_H)
message(FATAL_ERROR "could not find libcrypto")
endif()
if(NOT ZLIB_FOUND)
message(FATAL_ERROR "could not find zlib")
endif()
if(NOT CBOR_LIBRARIES)
set(CBOR_LIBRARIES "cbor")
endif()
if(NOT CRYPTO_LIBRARIES)
set(CRYPTO_LIBRARIES "crypto")
endif()
if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
pkg_search_module(UDEV libudev REQUIRED)
set(UDEV_NAME "udev")
# If using hidapi, use hidapi-hidraw.
set(HIDAPI_SUFFIX -hidraw)
if(NOT HAVE_CLOCK_GETTIME)
# Look for clock_gettime in librt.
check_library_exists(rt clock_gettime "time.h"
HAVE_CLOCK_GETTIME)
if (HAVE_CLOCK_GETTIME)
add_definitions(-DHAVE_CLOCK_GETTIME)
set(BASE_LIBRARIES ${BASE_LIBRARIES} rt)
endif()
endif()
else()
set(NFC_LINUX OFF)
endif()
if(MINGW)
# MinGW is stuck with a flavour of C89.
add_definitions(-DFIDO_NO_DIAGNOSTIC)
add_definitions(-DWC_ERR_INVALID_CHARS=0x80)
add_compile_options(-Wno-unused-parameter)
endif()
if(FUZZ)
set(USE_PCSC ON)
add_definitions(-DFIDO_FUZZ)
endif()
# If building with PCSC, look for pcsc-lite.
if(USE_PCSC AND NOT (APPLE OR CYGWIN OR MSYS OR MINGW))
pkg_search_module(PCSC libpcsclite REQUIRED)
set(PCSC_LIBRARIES pcsclite)
endif()
if(USE_HIDAPI)
add_definitions(-DUSE_HIDAPI)
pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED)
set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
endif()
if(NFC_LINUX)
add_definitions(-DUSE_NFC)
endif()
if(WIN32)
if(USE_WINHELLO)
add_definitions(-DUSE_WINHELLO)
endif()
else()
set(USE_WINHELLO OFF)
endif()
add_compile_options(-Wall)
add_compile_options(-Wextra)
add_compile_options(-Werror)
add_compile_options(-Wshadow)
add_compile_options(-Wcast-qual)
add_compile_options(-Wwrite-strings)
add_compile_options(-Wmissing-prototypes)
add_compile_options(-Wbad-function-cast)
add_compile_options(-Wimplicit-fallthrough)
add_compile_options(-pedantic)
add_compile_options(-pedantic-errors)
set(EXTRA_CFLAGS "-Wconversion -Wsign-conversion")
if(WIN32)
add_compile_options(-Wno-type-limits)
add_compile_options(-Wno-cast-function-type)
endif()
if(HAVE_SHORTEN_64_TO_32)
add_compile_options(-Wshorten-64-to-32)
endif()
if(HAVE_STACK_PROTECTOR_ALL)
add_compile_options(-fstack-protector-all)
endif()
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -g2")
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fno-omit-frame-pointer")
set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -D_FORTIFY_SOURCE=2")
if(CRYPTO_VERSION VERSION_GREATER_EQUAL 3.0)
add_definitions(-DOPENSSL_API_COMPAT=0x10100000L)
endif()
if(NOT FUZZ)
set(EXTRA_CFLAGS "${EXTRA_CFLAGS} -Wframe-larger-than=2047")
endif()
endif()
# Avoid https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
if(CMAKE_COMPILER_IS_GNUCC)
add_compile_options(-Wno-unused-result)
endif()
# Decide which keyword to use for thread-local storage.
if(CMAKE_COMPILER_IS_GNUCC OR
CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
CMAKE_C_COMPILER_ID STREQUAL "AppleClang")
set(TLS "__thread")
elseif(WIN32)
set(TLS "__declspec(thread)")
endif()
add_definitions(-DTLS=${TLS})
if(USE_PCSC)
add_definitions(-DUSE_PCSC)
endif()
# export list
if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
# clang + lld
string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
" -exported_symbols_list ${CMAKE_CURRENT_SOURCE_DIR}/src/export.llvm")
elseif(NOT MSVC)
# clang/gcc + gnu ld
if(FUZZ)
string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
" -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/export.gnu")
else()
string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
" -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/export.gnu")
endif()
if(NOT WIN32)
string(CONCAT CMAKE_SHARED_LINKER_FLAGS
${CMAKE_SHARED_LINKER_FLAGS}
" -Wl,-z,noexecstack -Wl,-z,relro,-z,now")
string(CONCAT CMAKE_EXE_LINKER_FLAGS
${CMAKE_EXE_LINKER_FLAGS}
" -Wl,-z,noexecstack -Wl,-z,relro,-z,now")
if(FUZZ)
file(STRINGS fuzz/wrapped.sym WRAPPED_SYMBOLS)
foreach(s ${WRAPPED_SYMBOLS})
string(CONCAT CMAKE_SHARED_LINKER_FLAGS
${CMAKE_SHARED_LINKER_FLAGS}
" -Wl,--wrap=${s}")
endforeach()
endif()
endif()
else()
string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
" /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"")
endif()
include_directories(${PROJECT_SOURCE_DIR}/src)
include_directories(${CBOR_INCLUDE_DIRS})
include_directories(${CRYPTO_INCLUDE_DIRS})
include_directories(${HIDAPI_INCLUDE_DIRS})
include_directories(${PCSC_INCLUDE_DIRS})
include_directories(${UDEV_INCLUDE_DIRS})
include_directories(${ZLIB_INCLUDE_DIRS})
link_directories(${CBOR_LIBRARY_DIRS})
link_directories(${CRYPTO_LIBRARY_DIRS})
link_directories(${HIDAPI_LIBRARY_DIRS})
link_directories(${PCSC_LIBRARY_DIRS})
link_directories(${UDEV_LIBRARY_DIRS})
link_directories(${ZLIB_LIBRARY_DIRS})
message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}")
message(STATUS "BUILD_EXAMPLES: ${BUILD_EXAMPLES}")
message(STATUS "BUILD_MANPAGES: ${BUILD_MANPAGES}")
message(STATUS "BUILD_SHARED_LIBS: ${BUILD_SHARED_LIBS}")
message(STATUS "BUILD_STATIC_LIBS: ${BUILD_STATIC_LIBS}")
message(STATUS "BUILD_TOOLS: ${BUILD_TOOLS}")
message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
if(BUILD_TESTS)
message(STATUS "CBOR_BIN_DIRS: ${CBOR_BIN_DIRS}")
endif()
message(STATUS "CBOR_VERSION: ${CBOR_VERSION}")
message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}")
message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}")
message(STATUS "CMAKE_C_FLAGS: ${CMAKE_C_FLAGS}")
message(STATUS "CMAKE_CROSSCOMPILING: ${CMAKE_CROSSCOMPILING}")
message(STATUS "CMAKE_GENERATOR_PLATFORM: ${CMAKE_GENERATOR_PLATFORM}")
message(STATUS "CMAKE_HOST_SYSTEM_NAME: ${CMAKE_HOST_SYSTEM_NAME}")
message(STATUS "CMAKE_HOST_SYSTEM_PROCESSOR: ${CMAKE_HOST_SYSTEM_PROCESSOR}")
message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}")
message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
message(STATUS "CMAKE_SYSTEM_NAME: ${CMAKE_SYSTEM_NAME}")
message(STATUS "CMAKE_SYSTEM_PROCESSOR: ${CMAKE_SYSTEM_PROCESSOR}")
message(STATUS "CMAKE_SYSTEM_VERSION: ${CMAKE_SYSTEM_VERSION}")
message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
if(BUILD_TESTS)
message(STATUS "CRYPTO_BIN_DIRS: ${CRYPTO_BIN_DIRS}")
endif()
message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}")
message(STATUS "FIDO_VERSION: ${FIDO_VERSION}")
message(STATUS "FUZZ: ${FUZZ}")
if(FUZZ)
message(STATUS "FUZZ_LDFLAGS: ${FUZZ_LDFLAGS}")
endif()
message(STATUS "ZLIB_INCLUDE_DIRS: ${ZLIB_INCLUDE_DIRS}")
message(STATUS "ZLIB_LIBRARIES: ${ZLIB_LIBRARIES}")
message(STATUS "ZLIB_LIBRARY_DIRS: ${ZLIB_LIBRARY_DIRS}")
if(BUILD_TESTS)
message(STATUS "ZLIB_BIN_DIRS: ${ZLIB_BIN_DIRS}")
endif()
message(STATUS "ZLIB_VERSION: ${ZLIB_VERSION}")
if(USE_HIDAPI)
message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}")
message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}")
message(STATUS "HIDAPI_LIBRARY_DIRS: ${HIDAPI_LIBRARY_DIRS}")
message(STATUS "HIDAPI_VERSION: ${HIDAPI_VERSION}")
endif()
message(STATUS "PCSC_INCLUDE_DIRS: ${PCSC_INCLUDE_DIRS}")
message(STATUS "PCSC_LIBRARIES: ${PCSC_LIBRARIES}")
message(STATUS "PCSC_LIBRARY_DIRS: ${PCSC_LIBRARY_DIRS}")
message(STATUS "PCSC_VERSION: ${PCSC_VERSION}")
message(STATUS "TLS: ${TLS}")
message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
message(STATUS "UDEV_VERSION: ${UDEV_VERSION}")
message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
message(STATUS "USE_PCSC: ${USE_PCSC}")
message(STATUS "USE_WINHELLO: ${USE_WINHELLO}")
message(STATUS "NFC_LINUX: ${NFC_LINUX}")
if(BUILD_TESTS)
enable_testing()
endif()
add_subdirectory(src)
if(BUILD_TESTS)
add_subdirectory(regress)
endif()
if(BUILD_EXAMPLES)
add_subdirectory(examples)
endif()
if(BUILD_TOOLS)
add_subdirectory(tools)
endif()
if(BUILD_MANPAGES)
add_subdirectory(man)
endif()
if(NOT WIN32)
if(FUZZ)
add_subdirectory(fuzz)
endif()
if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
add_subdirectory(udev)
endif()
endif()
diff --git a/contrib/libfido2/NEWS b/contrib/libfido2/NEWS
index bf648aabfd92..58387ffd72bf 100644
--- a/contrib/libfido2/NEWS
+++ b/contrib/libfido2/NEWS
@@ -1,256 +1,266 @@
+* Version 1.14.0 (2023-11-13)
+ ** fido2-cred -M, fido2-token -G: support raw client data via -w flag.
+ ** winhello: support U2F AppID extension for assertions.
+ ** winhello: fix restrictive parsing of the hmac-secret on assertions.
+ ** winhello: translate NTE_USER_CANCELLED to FIDO_ERR_OPERATION_DENIED; gh#685.
+ ** New API calls:
+ ** fido_assert_authdata_raw_len;
+ ** fido_assert_authdata_raw_ptr;
+ ** fido_assert_set_winhello_appid.
+
* Version 1.13.0 (2023-02-20)
** Support for linking against OpenSSL on Windows; gh#668.
** New API calls:
- fido_assert_empty_allow_list;
- fido_cred_empty_exclude_list.
** fido2-token: fix issue when listing large blobs.
** Improved support for different fuzzing engines.
* Version 1.12.0 (2022-09-22)
** Support for COSE_ES384.
** Support for hidraw(4) on FreeBSD; gh#597.
** Improved support for FIDO 2.1 authenticators.
** New API calls:
- es384_pk_free;
- es384_pk_from_EC_KEY;
- es384_pk_from_EVP_PKEY;
- es384_pk_from_ptr;
- es384_pk_new;
- es384_pk_to_EVP_PKEY;
- fido_cbor_info_certs_len;
- fido_cbor_info_certs_name_ptr;
- fido_cbor_info_certs_value_ptr;
- fido_cbor_info_maxrpid_minpinlen;
- fido_cbor_info_minpinlen;
- fido_cbor_info_new_pin_required;
- fido_cbor_info_rk_remaining;
- fido_cbor_info_uv_attempts;
- fido_cbor_info_uv_modality.
** Documentation and reliability fixes.
* Version 1.11.0 (2022-05-03)
** Experimental PCSC support; enable with -DUSE_PCSC.
** Improved OpenSSL 3.0 compatibility.
** Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
** winhello: advertise "uv" instead of "clientPin".
** winhello: support hmac-secret in fido_dev_get_assert().
** New API calls:
- fido_cbor_info_maxlargeblob.
** Documentation and reliability fixes.
** Separate build and regress targets.
* Version 1.10.0 (2022-01-17)
** hid_osx: handle devices with paths > 511 bytes; gh#462.
** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
** winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
** winhello: fallback to hid_win.c if webauthn.dll isn't available.
** New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
** Cygwin and NetBSD build fixes.
** Documentation and reliability fixes.
** Support for TPM 2.0 attestation of COSE_ES256 credentials.
* Version 1.9.0 (2021-10-27)
** Enabled NFC support on Linux.
** Added OpenSSL 3.0 compatibility.
** Removed OpenSSL 1.0 compatibility.
** Support for FIDO 2.1 "minPinLength" extension.
** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
** Support for TPM 2.0 attestation.
** Support for device timeouts; see fido_dev_set_timeout().
** New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
** Reliability and portability fixes.
** Better handling of HID devices without identification strings; gh#381.
** Fixed detection of Windows's native webauthn API; gh#382.
* Version 1.8.0 (2021-07-22)
** Dropped 'Requires.private' entry from pkg-config file.
** Better support for FIDO 2.1 authenticators.
** Support for Windows's native webauthn API.
** Support for attestation format 'none'.
** New API calls:
- fido_assert_set_clientdata;
- fido_cbor_info_algorithm_cose;
- fido_cbor_info_algorithm_count;
- fido_cbor_info_algorithm_type;
- fido_cbor_info_transports_len;
- fido_cbor_info_transports_ptr;
- fido_cred_set_clientdata;
- fido_cred_set_id;
- fido_credman_set_dev_rk;
- fido_dev_is_winhello.
** fido2-token: new -Sc option to update a resident credential.
** Documentation and reliability fixes.
** HID access serialisation on Linux.
* Version 1.7.0 (2021-03-29)
** New dependency on zlib.
** Fixed musl build; gh#259.
** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264.
** Support for FIDO 2.1 authenticator configuration.
** Support for FIDO 2.1 UV token permissions.
** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
** New API calls:
- fido_assert_blob_len;
- fido_assert_blob_ptr;
- fido_assert_largeblob_key_len;
- fido_assert_largeblob_key_ptr;
- fido_assert_set_hmac_secret;
- fido_cbor_info_maxcredbloblen;
- fido_cred_largeblob_key_len;
- fido_cred_largeblob_key_ptr;
- fido_cred_set_blob;
- fido_dev_enable_entattest;
- fido_dev_force_pin_change;
- fido_dev_has_uv;
- fido_dev_largeblob_get;
- fido_dev_largeblob_get_array;
- fido_dev_largeblob_remove;
- fido_dev_largeblob_set;
- fido_dev_largeblob_set_array;
- fido_dev_set_pin_minlen;
- fido_dev_set_sigmask;
- fido_dev_supports_credman;
- fido_dev_supports_permissions;
- fido_dev_supports_uv;
- fido_dev_toggle_always_uv.
** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282.
** Experimental NFC support on Linux; enable with -DNFC_LINUX.
* Version 1.6.0 (2020-12-22)
** Fix OpenSSL 1.0 and Cygwin builds.
** hid_linux: fix build on 32-bit systems.
** hid_osx: allow reads from spawned threads.
** Documentation and reliability fixes.
** New API calls:
- fido_cred_authdata_raw_len;
- fido_cred_authdata_raw_ptr;
- fido_cred_sigcount;
- fido_dev_get_uv_retry_count;
- fido_dev_supports_credman.
** Hardened Windows build.
** Native FreeBSD and NetBSD support.
** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
* Version 1.5.0 (2020-09-01)
** hid_linux: return FIDO_OK if no devices are found.
** hid_osx:
- repair communication with U2F tokens, gh#166;
- reliability fixes.
** fido2-{assert,cred}: new options to explicitly toggle UP, UV.
** Support for configurable report lengths.
** New API calls:
- fido_cbor_info_maxcredcntlst;
- fido_cbor_info_maxcredidlen;
- fido_cred_aaguid_len;
- fido_cred_aaguid_ptr;
- fido_dev_get_touch_begin;
- fido_dev_get_touch_status.
** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
** Allow CTAP messages up to 2048 bytes; gh#171.
** Ensure we only list USB devices by default.
* Version 1.4.0 (2020-04-15)
** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
** Fall back to U2F if the key claims to, but does not support FIDO2.
** FIDO2 credential protection (credprot) support.
** New API calls:
- fido_cbor_info_fwversion;
- fido_cred_prot;
- fido_cred_set_prot;
- fido_dev_set_transport_functions;
- fido_set_log_handler.
** Support for FreeBSD.
** Support for C++.
** Support for MSYS.
** Fixed EdDSA and RSA self-attestation.
* Version 1.3.1 (2020-02-19)
** fix zero-ing of le1 and le2 when talking to a U2F device.
** dropping sk-libfido2 middleware, please find it in the openssh tree.
* Version 1.3.0 (2019-11-28)
** assert/hmac: encode public key as per spec, gh#60.
** fido2-cred: fix creation of resident keys.
** fido2-{assert,cred}: support for hmac-secret extension.
** hid_osx: detect device removal, gh#56.
** hid_osx: fix device detection in MacOS Catalina.
** New API calls:
- fido_assert_set_authdata_raw;
- fido_assert_sigcount;
- fido_cred_set_authdata_raw;
- fido_dev_cancel.
** Middleware library for use by OpenSSH.
** Support for biometric enrollment.
** Support for OpenBSD.
** Support for self-attestation.
* Version 1.2.0 (released 2019-07-26)
** Credential management support.
** New API reflecting FIDO's 3-state booleans (true, false, absent):
- fido_assert_set_up;
- fido_assert_set_uv;
- fido_cred_set_rk;
- fido_cred_set_uv.
** Command-line tools for Windows.
** Documentation and reliability fixes.
** fido_{assert,cred}_set_options() are now marked as deprecated.
* Version 1.1.0 (released 2019-05-08)
** MacOS: fix IOKit crash on HID read.
** Windows: fix contents of release file.
** EdDSA (Ed25519) support.
** fido_dev_make_cred: fix order of CBOR map keys.
** fido_dev_get_assert: plug memory leak when operating on U2F devices.
* Version 1.0.0 (released 2019-03-21)
** Native HID support on Linux, MacOS, and Windows.
** fido2-{assert,cred}: new -u option to force U2F on dual authenticators.
** fido2-assert: support for multiple resident keys with the same RP.
** Strict checks for CTAP2 compliance on received CBOR payloads.
** Better fuzzing harnesses.
** Documentation and reliability fixes.
* Version 0.4.0 (released 2019-01-07)
** fido2-assert: print the user id for resident credentials.
** Fix encoding of COSE algorithms when making a credential.
** Rework purpose of fido_cred_set_type; no ABI change.
** Minor documentation and code fixes.
* Version 0.3.0 (released 2018-09-11)
** Various reliability fixes.
** Merged fuzzing instrumentation.
** Added regress tests.
** Added support for FIDO 2's hmac-secret extension.
** New API calls:
- fido_assert_hmac_secret_len;
- fido_assert_hmac_secret_ptr;
- fido_assert_set_extensions;
- fido_assert_set_hmac_salt;
- fido_cred_set_extensions;
- fido_dev_force_fido2.
** Support for native builds with Microsoft Visual Studio 17.
* Version 0.2.0 (released 2018-06-20)
** Added command-line tools.
** Added a couple of missing get functions.
* Version 0.1.1 (released 2018-06-05)
** Added documentation.
** Added OpenSSL 1.0 support.
** Minor fixes.
* Version 0.1.0 (released 2018-05-18)
** First beta release.
diff --git a/contrib/libfido2/README.adoc b/contrib/libfido2/README.adoc
index 44d559894dac..fb6f3d3eb004 100644
--- a/contrib/libfido2/README.adoc
+++ b/contrib/libfido2/README.adoc
@@ -1,144 +1,144 @@
== libfido2
image:https://github.com/yubico/libfido2/workflows/linux/badge.svg["Linux Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
image:https://github.com/yubico/libfido2/workflows/macos/badge.svg["macOS Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
image:https://github.com/yubico/libfido2/workflows/windows/badge.svg["Windows Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
image:https://github.com/yubico/libfido2/workflows/fuzzer/badge.svg["Fuzz Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fuzz Status (oss-fuzz)", link="https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libfido2"]
*libfido2* provides library functionality and command-line tools to
communicate with a FIDO device over USB or NFC, and to verify attestation and
assertion signatures.
*libfido2* supports the FIDO U2F (CTAP 1) and FIDO2 (CTAP 2) protocols.
For usage, see the `examples/` directory.
=== License
*libfido2* is licensed under the BSD 2-clause license. See the LICENSE
file for the full license text.
=== Supported Platforms
*libfido2* is known to work on Linux, macOS, Windows, OpenBSD, and FreeBSD.
=== Documentation
Documentation is available in troff and HTML formats. An
https://developers.yubico.com/libfido2/Manuals/[online mirror of *libfido2*'s documentation]
is also available.
=== Bindings
* .NET: https://github.com/borrrden/Fido2Net[Fido2Net]
* Go: https://github.com/keys-pub/go-libfido2[go-libfido2]
* Perl: https://github.com/jacquesg/p5-FIDO-Raw[p5-FIDO-Raw]
* Rust: https://github.com/PvdBerg1998/libfido2[libfido2]
=== Releases
-The current release of *libfido2* is 1.13.0. Signed release tarballs are
+The current release of *libfido2* is 1.14.0. Signed release tarballs are
available at Yubico's
https://developers.yubico.com/libfido2/Releases[release page].
=== Dependencies
*libfido2* depends on https://github.com/pjk/libcbor[libcbor],
https://www.openssl.org[OpenSSL] 1.1 or newer, and https://zlib.net[zlib].
On Linux, libudev
(part of https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also
required.
=== Installation
==== Fedora 35 and 34
$ sudo dnf install libfido2 libfido2-devel fido2-tools
==== Ubuntu 22.04 (Jammy) and 20.04 (Focal)
$ sudo apt install libfido2-1 libfido2-dev libfido2-doc fido2-tools
Alternatively, newer versions of *libfido2* are available in Yubico's PPA.
Follow the instructions for Ubuntu 18.04 (Bionic) below.
==== Ubuntu 18.04 (Bionic)
$ sudo apt install software-properties-common
$ sudo apt-add-repository ppa:yubico/stable
$ sudo apt update
$ sudo apt install libfido2-1 libfido2-dev libfido2-doc fido2-tools
On Linux, you may need to add a udev rule to be able to access the FIDO
device. For example, the udev rule may contain the following:
----
#udev rule for allowing HID access to Yubico devices for FIDO support.
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
----
==== macOS
$ brew install libfido2
==== Windows
Please consult Yubico's
https://developers.yubico.com/libfido2/Releases[release page] for ARM, ARM64,
Win32, and Win64 artefacts.
=== Building from source
On UNIX-like systems:
$ cmake -B build
$ make -C build
$ sudo make -C build install
Depending on the platform,
https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to
be installed, or the PKG_CONFIG_PATH environment variable set. For complete,
OS-specific build instructions, please refer to the `.actions/`
(Linux, macOS, BSD) and `windows/` directories.
=== Build-time Customisation
*libfido2* supports a number of CMake options. Some of the options require
additional dependencies. Options that are disabled by default are not
officially supported.
[%autowidth.stretch]
|===
|*Option* |*Description* |*Default*
| BUILD_EXAMPLES | Build example programs | ON
| BUILD_MANPAGES | Build man pages | ON
| BUILD_SHARED_LIBS | Build a shared library | ON
| BUILD_STATIC_LIBS | Build a static library | ON
| BUILD_TOOLS | Build auxiliary tools | ON
| FUZZ | Enable fuzzing instrumentation | OFF
| NFC_LINUX | Enable netlink NFC support on Linux | ON
| USE_HIDAPI | Use hidapi as the HID backend | OFF
| USE_PCSC | Enable experimental PCSC support | OFF
| USE_WINHELLO | Abstract Windows Hello as a FIDO device | ON
|===
The USE_HIDAPI option requires https://github.com/libusb/hidapi[hidapi]. The
USE_PCSC option requires https://github.com/LudovicRousseau/PCSC[pcsc-lite] on
Linux.
=== Development
Please use https://github.com/Yubico/libfido2/discussions[GitHub Discussions]
to ask questions and suggest features, and
https://github.com/Yubico/libfido2/pulls[GitHub pull-requests] for code
contributions.
=== Reporting bugs
Please use https://github.com/Yubico/libfido2/issues[GitHub Issues] to report
bugs. To report security issues, please contact security@yubico.com. A PGP
public key can be found at
https://www.yubico.com/support/security-advisories/issue-rating-system/.
diff --git a/contrib/libfido2/examples/README.adoc b/contrib/libfido2/examples/README.adoc
index d44218c2cf87..6151b70bd91e 100644
--- a/contrib/libfido2/examples/README.adoc
+++ b/contrib/libfido2/examples/README.adoc
@@ -1,99 +1,100 @@
= Examples
=== Definitions
The following definitions are used in the description below:
-