From nobody Wed Feb 09 23:58:15 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D639519C59B6; Wed, 9 Feb 2022 23:58:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JvGzW7160z4kVw; Wed, 9 Feb 2022 23:58:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644451096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XyYfKIC8/nWrPZ8nDJHG3SE9FOLcSO0495hQ6FKIUTY=; b=vs1UPvjp+LsE4yoqr2mgT9RnLukM53v5VDy3zQOKK3ZP7SEGn6N8Qsxi/suDTZF8uPZ/IP 5gJx3bygo2hdpNCSqLfycWfB03RyC5FFpVHgU8nh2EIe+ZBRQ6dpK2Sn8vM1BLBb/KJcA3 lkoiMZrBP250EQt0mdz9GzxKX9dP/uklNM8SlFAtVveFpcNL/YJ30882KcN5qob1lDQDGu lwNXAZs7gfgOCizq241QKiaI5wwgDyQ3uPPvgX+2E2bmKw7tVq7qMCQLlAiIOui5Y0WibK wyn6fToQqlx6N3g6ttOZPz67UNq2cQJM9YLEgZTOzrI378cdTCxIjGqrJ5U++g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 79000168D2; Wed, 9 Feb 2022 23:58:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 219NwFQ4043656; Wed, 9 Feb 2022 23:58:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 219NwFx1043655; Wed, 9 Feb 2022 23:58:15 GMT (envelope-from git) Date: Wed, 9 Feb 2022 23:58:15 GMT Message-Id: <202202092358.219NwFx1043655@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: a32212fb595a - stable/13 - Import libfido2 at 'contrib/libfido2/' List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a32212fb595a58ee56972c0fc8b55b05ca5e82c5 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644451096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XyYfKIC8/nWrPZ8nDJHG3SE9FOLcSO0495hQ6FKIUTY=; b=GWsZasQUVviUd8z1MS3NAlKKhdFV3CyNYngUPjO5Yme7AoKl//jhgQAo/oKgzfIKM2bPpt 4SmIEgrJKZZWCFPCnADUF6Q9IFEIElsQxKMDefIG7Z8/fF3vtV01JSX9OnzCpMgqUuNxtz UMfBzrbbO+l1fOuogT8sgzQIirNKwNc4yuPaH0e1/XFBAlwUm/xoJJesuA3WKD+z+Q0RYf rtChyavxSSA7GjpTgOeZE6FdZRYRbCmD0UBtSg8sv4GsYG7mkAdL1mZTnZjMeK1kS1PHCg T7y86CSILZ5Ig8DD6+rZ/qIE/DZaUNjZIiZwKOSTr4PJV2TY/paNj01hvLJUwQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1644451096; a=rsa-sha256; cv=none; b=Ge0rl0LrqVBnrvEp2wI58taAQIq69GUvkA2XhUJI0kSGbH6ZWQGOfgA6CxGIQF8YNalWTO ZZpBENhHbucEjxujaVEXIdI0mn/EOeuSOAIryoBVo1pdYE/Osn8RXZ9im1/wKFa1bgDG0w hmjikLrhspBxhi/Q+13KoIYnlRahubhNfwQJMNeyUAB9xwPsyU9bv8OfooRcN/ZM2IyBiR mn9ieQuRL6GTDNk/ssXsE2h3KToCLPiKwYFq37g/22yUB3CANCGqd9NBjkCnQ2fCT5genU UnosVH4DZyXJohBhIcrUMakRnfn+SiHpMcHUhjgeH26yqxV9hKxKOCb4d8crnQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=a32212fb595a58ee56972c0fc8b55b05ca5e82c5 commit a32212fb595a58ee56972c0fc8b55b05ca5e82c5 Author: Ed Maste AuthorDate: 2021-10-07 01:27:02 +0000 Commit: Ed Maste CommitDate: 2022-02-09 21:23:53 +0000 Import libfido2 at 'contrib/libfido2/' git-subtree-dir: contrib/libfido2 git-subtree-mainline: d586c978b9b4216869e589daa5bbcc33225a0e35 git-subtree-split: a58dee945a5da64d0e97f35a508928e0d17c9cc7 (cherry picked from commit 0afa8e065e14bb8fd338d75690e0238c00167d40) --- contrib/libfido2/CMakeLists.txt | 418 +++++ contrib/libfido2/LICENSE | 24 + contrib/libfido2/NEWS | 179 +++ contrib/libfido2/README.adoc | 93 ++ contrib/libfido2/examples/CMakeLists.txt | 69 + contrib/libfido2/examples/README.adoc | 98 ++ contrib/libfido2/examples/assert.c | 342 ++++ contrib/libfido2/examples/cred.c | 346 +++++ contrib/libfido2/examples/extern.h | 33 + contrib/libfido2/examples/info.c | 293 ++++ contrib/libfido2/examples/manifest.c | 41 + contrib/libfido2/examples/reset.c | 55 + contrib/libfido2/examples/retries.c | 48 + contrib/libfido2/examples/select.c | 214 +++ contrib/libfido2/examples/setpin.c | 54 + contrib/libfido2/examples/util.c | 413 +++++ contrib/libfido2/fuzz/CMakeLists.txt | 63 + contrib/libfido2/fuzz/Dockerfile | 12 + contrib/libfido2/fuzz/Makefile | 79 + contrib/libfido2/fuzz/README | 33 + contrib/libfido2/fuzz/build-coverage | 31 + contrib/libfido2/fuzz/dummy.h | 96 ++ contrib/libfido2/fuzz/export.gnu | 242 +++ contrib/libfido2/fuzz/functions.txt | 807 ++++++++++ contrib/libfido2/fuzz/fuzz_assert.c | 471 ++++++ contrib/libfido2/fuzz/fuzz_bio.c | 440 ++++++ contrib/libfido2/fuzz/fuzz_cred.c | 455 ++++++ contrib/libfido2/fuzz/fuzz_credman.c | 405 +++++ contrib/libfido2/fuzz/fuzz_hid.c | 215 +++ contrib/libfido2/fuzz/fuzz_largeblob.c | 270 ++++ contrib/libfido2/fuzz/fuzz_mgmt.c | 480 ++++++ contrib/libfido2/fuzz/fuzz_netlink.c | 249 +++ contrib/libfido2/fuzz/libfuzzer.c | 177 +++ contrib/libfido2/fuzz/mutator_aux.c | 326 ++++ contrib/libfido2/fuzz/mutator_aux.h | 96 ++ contrib/libfido2/fuzz/preload-fuzz.c | 104 ++ contrib/libfido2/fuzz/preload-snoop.c | 217 +++ contrib/libfido2/fuzz/prng.c | 113 ++ contrib/libfido2/fuzz/report.tgz | Bin 0 -> 303082 bytes contrib/libfido2/fuzz/summary.txt | 51 + contrib/libfido2/fuzz/udev.c | 269 ++++ contrib/libfido2/fuzz/uniform_random.c | 57 + contrib/libfido2/fuzz/wiredata_fido2.h | 633 ++++++++ contrib/libfido2/fuzz/wiredata_u2f.h | 152 ++ contrib/libfido2/fuzz/wrap.c | 582 +++++++ contrib/libfido2/fuzz/wrapped.sym | 83 + contrib/libfido2/man/CMakeLists.txt | 371 +++++ contrib/libfido2/man/NOTES | 7 + contrib/libfido2/man/dyc.css | 14 + contrib/libfido2/man/eddsa_pk_new.3 | 122 ++ contrib/libfido2/man/es256_pk_new.3 | 126 ++ contrib/libfido2/man/fido2-assert.1 | 256 +++ contrib/libfido2/man/fido2-cred.1 | 267 ++++ contrib/libfido2/man/fido2-token.1 | 388 +++++ contrib/libfido2/man/fido_assert_allow_cred.3 | 47 + contrib/libfido2/man/fido_assert_new.3 | 243 +++ contrib/libfido2/man/fido_assert_set_authdata.3 | 221 +++ contrib/libfido2/man/fido_assert_verify.3 | 79 + contrib/libfido2/man/fido_bio_dev_get_info.3 | 122 ++ contrib/libfido2/man/fido_bio_enroll_new.3 | 95 ++ contrib/libfido2/man/fido_bio_info_new.3 | 81 + contrib/libfido2/man/fido_bio_template.3 | 179 +++ contrib/libfido2/man/fido_cbor_info_new.3 | 231 +++ contrib/libfido2/man/fido_cred_exclude.3 | 60 + contrib/libfido2/man/fido_cred_new.3 | 257 +++ contrib/libfido2/man/fido_cred_set_authdata.3 | 307 ++++ contrib/libfido2/man/fido_cred_verify.3 | 69 + contrib/libfido2/man/fido_credman_metadata_new.3 | 326 ++++ contrib/libfido2/man/fido_dev_enable_entattest.3 | 98 ++ contrib/libfido2/man/fido_dev_get_assert.3 | 76 + contrib/libfido2/man/fido_dev_get_touch_begin.3 | 73 + contrib/libfido2/man/fido_dev_info_manifest.3 | 143 ++ contrib/libfido2/man/fido_dev_largeblob_get.3 | 194 +++ contrib/libfido2/man/fido_dev_make_cred.3 | 77 + contrib/libfido2/man/fido_dev_open.3 | 250 +++ contrib/libfido2/man/fido_dev_set_io_functions.3 | 134 ++ contrib/libfido2/man/fido_dev_set_pin.3 | 103 ++ contrib/libfido2/man/fido_init.3 | 52 + contrib/libfido2/man/fido_strerr.3 | 27 + contrib/libfido2/man/rs256_pk_new.3 | 122 ++ contrib/libfido2/man/style.css | 24 + contrib/libfido2/openbsd-compat/bsd-getline.c | 115 ++ contrib/libfido2/openbsd-compat/bsd-getpagesize.c | 27 + contrib/libfido2/openbsd-compat/clock_gettime.c | 32 + contrib/libfido2/openbsd-compat/endian_win32.c | 51 + contrib/libfido2/openbsd-compat/err.h | 85 + contrib/libfido2/openbsd-compat/explicit_bzero.c | 57 + .../libfido2/openbsd-compat/explicit_bzero_win32.c | 19 + contrib/libfido2/openbsd-compat/freezero.c | 30 + contrib/libfido2/openbsd-compat/getopt.h | 74 + contrib/libfido2/openbsd-compat/getopt_long.c | 523 +++++++ contrib/libfido2/openbsd-compat/hkdf.c | 124 ++ contrib/libfido2/openbsd-compat/hkdf.h | 65 + contrib/libfido2/openbsd-compat/openbsd-compat.h | 119 ++ .../libfido2/openbsd-compat/posix_ioctl_check.c | 7 + contrib/libfido2/openbsd-compat/posix_win.c | 61 + contrib/libfido2/openbsd-compat/posix_win.h | 47 + contrib/libfido2/openbsd-compat/readpassphrase.c | 214 +++ contrib/libfido2/openbsd-compat/readpassphrase.h | 44 + .../libfido2/openbsd-compat/readpassphrase_win32.c | 131 ++ contrib/libfido2/openbsd-compat/recallocarray.c | 91 ++ contrib/libfido2/openbsd-compat/strlcat.c | 63 + contrib/libfido2/openbsd-compat/strlcpy.c | 59 + contrib/libfido2/openbsd-compat/time.h | 61 + contrib/libfido2/openbsd-compat/timingsafe_bcmp.c | 35 + contrib/libfido2/openbsd-compat/types.h | 69 + contrib/libfido2/regress/CMakeLists.txt | 16 + contrib/libfido2/regress/assert.c | 553 +++++++ contrib/libfido2/regress/cred.c | 988 ++++++++++++ contrib/libfido2/regress/dev.c | 266 ++++ contrib/libfido2/src/CMakeLists.txt | 136 ++ contrib/libfido2/src/aes256.c | 215 +++ contrib/libfido2/src/assert.c | 1134 ++++++++++++++ contrib/libfido2/src/authkey.c | 97 ++ contrib/libfido2/src/bio.c | 841 ++++++++++ contrib/libfido2/src/blob.c | 133 ++ contrib/libfido2/src/blob.h | 41 + contrib/libfido2/src/buf.c | 33 + contrib/libfido2/src/cbor.c | 1635 ++++++++++++++++++++ contrib/libfido2/src/compress.c | 49 + contrib/libfido2/src/config.c | 191 +++ contrib/libfido2/src/cred.c | 1086 +++++++++++++ contrib/libfido2/src/credman.c | 767 +++++++++ contrib/libfido2/src/dev.c | 732 +++++++++ contrib/libfido2/src/diff_exports.sh | 26 + contrib/libfido2/src/ecdh.c | 207 +++ contrib/libfido2/src/eddsa.c | 172 ++ contrib/libfido2/src/err.c | 136 ++ contrib/libfido2/src/es256.c | 453 ++++++ contrib/libfido2/src/export.gnu | 234 +++ contrib/libfido2/src/export.llvm | 229 +++ contrib/libfido2/src/export.msvc | 230 +++ contrib/libfido2/src/extern.h | 240 +++ contrib/libfido2/src/fido.h | 228 +++ contrib/libfido2/src/fido/bio.h | 111 ++ contrib/libfido2/src/fido/config.h | 34 + contrib/libfido2/src/fido/credman.h | 91 ++ contrib/libfido2/src/fido/eddsa.h | 54 + contrib/libfido2/src/fido/err.h | 84 + contrib/libfido2/src/fido/es256.h | 48 + contrib/libfido2/src/fido/param.h | 117 ++ contrib/libfido2/src/fido/rs256.h | 36 + contrib/libfido2/src/fido/types.h | 281 ++++ contrib/libfido2/src/hid.c | 179 +++ contrib/libfido2/src/hid_freebsd.c | 253 +++ contrib/libfido2/src/hid_hidapi.c | 268 ++++ contrib/libfido2/src/hid_linux.c | 375 +++++ contrib/libfido2/src/hid_netbsd.c | 338 ++++ contrib/libfido2/src/hid_openbsd.c | 260 ++++ contrib/libfido2/src/hid_osx.c | 571 +++++++ contrib/libfido2/src/hid_unix.c | 76 + contrib/libfido2/src/hid_win.c | 540 +++++++ contrib/libfido2/src/info.c | 553 +++++++ contrib/libfido2/src/io.c | 288 ++++ contrib/libfido2/src/iso7816.c | 64 + contrib/libfido2/src/iso7816.h | 49 + contrib/libfido2/src/largeblob.c | 881 +++++++++++ contrib/libfido2/src/libfido2.pc.in | 12 + contrib/libfido2/src/log.c | 121 ++ contrib/libfido2/src/netlink.c | 782 ++++++++++ contrib/libfido2/src/netlink.h | 44 + contrib/libfido2/src/nfc_linux.c | 631 ++++++++ contrib/libfido2/src/packed.h | 22 + contrib/libfido2/src/pin.c | 690 +++++++++ contrib/libfido2/src/random.c | 82 + contrib/libfido2/src/reset.c | 43 + contrib/libfido2/src/rs256.c | 200 +++ contrib/libfido2/src/u2f.c | 820 ++++++++++ contrib/libfido2/src/winhello.c | 934 +++++++++++ contrib/libfido2/tools/CMakeLists.txt | 77 + contrib/libfido2/tools/assert_get.c | 316 ++++ contrib/libfido2/tools/assert_verify.c | 192 +++ contrib/libfido2/tools/base64.c | 134 ++ contrib/libfido2/tools/bio.c | 277 ++++ contrib/libfido2/tools/config.c | 149 ++ contrib/libfido2/tools/cred_make.c | 242 +++ contrib/libfido2/tools/cred_verify.c | 181 +++ contrib/libfido2/tools/credman.c | 329 ++++ contrib/libfido2/tools/extern.h | 99 ++ contrib/libfido2/tools/fido2-assert.c | 54 + contrib/libfido2/tools/fido2-attach.sh | 14 + contrib/libfido2/tools/fido2-cred.c | 52 + contrib/libfido2/tools/fido2-detach.sh | 12 + contrib/libfido2/tools/fido2-token.c | 107 ++ contrib/libfido2/tools/fido2-unprot.sh | 75 + contrib/libfido2/tools/include_check.sh | 21 + contrib/libfido2/tools/largeblob.c | 593 +++++++ contrib/libfido2/tools/pin.c | 143 ++ contrib/libfido2/tools/test.sh | 296 ++++ contrib/libfido2/tools/token.c | 576 +++++++ contrib/libfido2/tools/util.c | 591 +++++++ contrib/libfido2/udev/70-u2f.rules | 217 +++ contrib/libfido2/udev/CMakeLists.txt | 7 + contrib/libfido2/udev/check.sh | 31 + contrib/libfido2/udev/fidodevs | 126 ++ contrib/libfido2/udev/genrules.awk | 55 + contrib/libfido2/windows/build.ps1 | 272 ++++ contrib/libfido2/windows/libressl.gpg | Bin 0 -> 16425 bytes 198 files changed, 43610 insertions(+) diff --git a/contrib/libfido2/CMakeLists.txt b/contrib/libfido2/CMakeLists.txt new file mode 100644 index 000000000000..101b7b33e2fc --- /dev/null +++ b/contrib/libfido2/CMakeLists.txt @@ -0,0 +1,418 @@ +# Copyright (c) 2018 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +# detect AppleClang; needs to come before project() +cmake_policy(SET CMP0025 NEW) + +project(libfido2 C) +cmake_minimum_required(VERSION 3.0) +# Set PIE flags for POSITION_INDEPENDENT_CODE targets, added in CMake 3.14. +if(POLICY CMP0083) + cmake_policy(SET CMP0083 NEW) +endif() + +include(CheckCCompilerFlag) +include(CheckFunctionExists) +include(CheckLibraryExists) +include(CheckSymbolExists) +include(CheckIncludeFiles) +include(CheckTypeSize) +include(GNUInstallDirs) +include(CheckPIESupported OPTIONAL RESULT_VARIABLE CHECK_PIE_SUPPORTED) +if(CHECK_PIE_SUPPORTED) + check_pie_supported(LANGUAGES C) +endif() + +set(CMAKE_POSITION_INDEPENDENT_CODE ON) +set(CMAKE_COLOR_MAKEFILE OFF) +set(CMAKE_VERBOSE_MAKEFILE ON) +set(FIDO_MAJOR "1") +set(FIDO_MINOR "8") +set(FIDO_PATCH "0") +set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH}) + +option(BUILD_EXAMPLES "Build example programs" ON) +option(BUILD_MANPAGES "Build man pages" ON) +option(BUILD_SHARED_LIBS "Build the shared library" ON) +option(BUILD_STATIC_LIBS "Build the static library" ON) +option(BUILD_TOOLS "Build tool programs" ON) +option(FUZZ "Enable fuzzing instrumentation" OFF) +option(LIBFUZZER "Build libfuzzer harnesses" OFF) +option(USE_HIDAPI "Use hidapi as the HID backend" OFF) +option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" OFF) +option(NFC_LINUX "Experimental NFC support on Linux" OFF) + +add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR}) +add_definitions(-D_FIDO_MINOR=${FIDO_MINOR}) +add_definitions(-D_FIDO_PATCH=${FIDO_PATCH}) + +if(CYGWIN OR MSYS) + set(WIN32 1) + add_definitions(-DWINVER=0x0a00) +endif() + +if(WIN32) + add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600) +endif() + +if(APPLE) + set(CMAKE_INSTALL_NAME_DIR + "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") +endif() + +if(NOT MSVC) + set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_POSIX_C_SOURCE=200809L") + set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_BSD_SOURCE") + if(APPLE) + set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE") + set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1") + elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux") + set(NFC_LINUX OFF) + set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE") + set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE") + elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") + set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__BSD_VISIBLE=1") + endif() + set(FIDO_CFLAGS "${FIDO_CFLAGS} -std=c99") + set(CMAKE_C_FLAGS "${FIDO_CFLAGS} ${CMAKE_C_FLAGS}") +endif() + +check_c_compiler_flag("-Wshorten-64-to-32" HAVE_SHORTEN_64_TO_32) +check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL) + +check_include_files(cbor.h HAVE_CBOR_H) +check_include_files(endian.h HAVE_ENDIAN_H) +check_include_files(err.h HAVE_ERR_H) +check_include_files(openssl/opensslv.h HAVE_OPENSSLV_H) +check_include_files(signal.h HAVE_SIGNAL_H) +check_include_files(sys/random.h HAVE_SYS_RANDOM_H) +check_include_files(unistd.h HAVE_UNISTD_H) +check_include_files("windows.h;webauthn.h" HAVE_WEBAUTHN_H) + +check_symbol_exists(arc4random_buf stdlib.h HAVE_ARC4RANDOM_BUF) +check_symbol_exists(clock_gettime time.h HAVE_CLOCK_GETTIME) +check_symbol_exists(explicit_bzero string.h HAVE_EXPLICIT_BZERO) +check_symbol_exists(freezero stdlib.h HAVE_FREEZERO) +check_symbol_exists(getline stdio.h HAVE_GETLINE) +check_symbol_exists(getopt unistd.h HAVE_GETOPT) +check_symbol_exists(getpagesize unistd.h HAVE_GETPAGESIZE) +check_symbol_exists(getrandom sys/random.h HAVE_GETRANDOM) +check_symbol_exists(memset_s string.h HAVE_MEMSET_S) +check_symbol_exists(readpassphrase readpassphrase.h HAVE_READPASSPHRASE) +check_symbol_exists(recallocarray stdlib.h HAVE_RECALLOCARRAY) +check_symbol_exists(sigaction signal.h HAVE_SIGACTION) +check_symbol_exists(strlcat string.h HAVE_STRLCAT) +check_symbol_exists(strlcpy string.h HAVE_STRLCPY) +check_symbol_exists(sysconf unistd.h HAVE_SYSCONF) +check_symbol_exists(timespecsub sys/time.h HAVE_TIMESPECSUB) +check_symbol_exists(timingsafe_bcmp string.h HAVE_TIMINGSAFE_BCMP) + +set(CMAKE_EXTRA_INCLUDE_FILES signal.h) +check_type_size("sig_atomic_t" HAVE_SIG_ATOMIC_T) +set(CMAKE_EXTRA_INCLUDE_FILES) + +set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) +try_compile(HAVE_POSIX_IOCTL + "${CMAKE_CURRENT_BINARY_DIR}/posix_ioctl_check.o" + "${CMAKE_CURRENT_SOURCE_DIR}/openbsd-compat/posix_ioctl_check.c" + COMPILE_DEFINITIONS "-Werror -Woverflow -Wsign-conversion") + +list(APPEND CHECK_VARIABLES + HAVE_ARC4RANDOM_BUF + HAVE_CBOR_H + HAVE_CLOCK_GETTIME + HAVE_ENDIAN_H + HAVE_ERR_H + HAVE_FREEZERO + HAVE_GETLINE + HAVE_GETOPT + HAVE_GETPAGESIZE + HAVE_GETRANDOM + HAVE_MEMSET_S + HAVE_OPENSSLV_H + HAVE_POSIX_IOCTL + HAVE_READPASSPHRASE + HAVE_RECALLOCARRAY + HAVE_SIGACTION + HAVE_SIGNAL_H + HAVE_STRLCAT + HAVE_STRLCPY + HAVE_SYSCONF + HAVE_SYS_RANDOM_H + HAVE_TIMESPECSUB + HAVE_TIMINGSAFE_BCMP + HAVE_UNISTD_H + HAVE_WEBAUTHN_H +) + +foreach(v ${CHECK_VARIABLES}) + if (${v}) + add_definitions(-D${v}) + endif() +endforeach() + +if(HAVE_EXPLICIT_BZERO AND NOT LIBFUZZER) + add_definitions(-DHAVE_EXPLICIT_BZERO) +endif() + +if(HAVE_SIGACTION AND (NOT HAVE_SIG_ATOMIC_T STREQUAL "")) + add_definitions(-DSIGNAL_EXAMPLE) +endif() + +if(UNIX) + add_definitions(-DHAVE_DEV_URANDOM) +endif() + +if(MSVC) + if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR + (NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR + (NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS)) + message(FATAL_ERROR "please provide definitions for " + "{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY}_DIRS when building " + "under msvc") + endif() + set(CBOR_LIBRARIES cbor) + set(ZLIB_LIBRARIES zlib) + set(CRYPTO_LIBRARIES crypto-46) + set(MSVC_DISABLED_WARNINGS_LIST + "C4200" # nonstandard extension used: zero-sized array in + # struct/union; + "C4204" # nonstandard extension used: non-constant aggregate + # initializer; + "C4706" # assignment within conditional expression; + "C4996" # The POSIX name for this item is deprecated. Instead, + # use the ISO C and C++ conformant name; + "C6287" # redundant code: the left and right subexpressions are identical + ) + # The construction in the following 3 lines was taken from LibreSSL's + # CMakeLists.txt. + string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR + ${MSVC_DISABLED_WARNINGS_LIST}) + string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}") + set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7 /guard:cf /sdl /RTCcsu") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl") + if (HAVE_WEBAUTHN_H) + add_definitions(-DUSE_WINHELLO) + set(USE_WINHELLO ON) + endif() +else() + include(FindPkgConfig) + pkg_search_module(CBOR libcbor) + pkg_search_module(CRYPTO libcrypto) + pkg_search_module(ZLIB zlib) + + if(NOT CBOR_FOUND AND NOT HAVE_CBOR_H) + message(FATAL_ERROR "could not find libcbor") + endif() + if(NOT CRYPTO_FOUND AND NOT HAVE_OPENSSLV_H) + message(FATAL_ERROR "could not find libcrypto") + endif() + if(NOT ZLIB_FOUND) + message(FATAL_ERROR "could not find zlib") + endif() + + set(CBOR_LIBRARIES "cbor") + set(CRYPTO_LIBRARIES "crypto") + + if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + pkg_search_module(UDEV libudev REQUIRED) + set(UDEV_NAME "udev") + # If using hidapi, use hidapi-hidraw. + set(HIDAPI_SUFFIX -hidraw) + if(NOT HAVE_CLOCK_GETTIME) + # Look for clock_gettime in librt. + check_library_exists(rt clock_gettime "time.h" + HAVE_CLOCK_GETTIME) + if (HAVE_CLOCK_GETTIME) + add_definitions(-DHAVE_CLOCK_GETTIME) + set(BASE_LIBRARIES ${BASE_LIBRARIES} rt) + endif() + endif() + endif() + + if(MINGW) + # MinGW is stuck with a flavour of C89. + add_definitions(-DFIDO_NO_DIAGNOSTIC) + add_definitions(-DWC_ERR_INVALID_CHARS=0x80) + add_compile_options(-Wno-unused-parameter) + endif() + + if(USE_HIDAPI) + add_definitions(-DUSE_HIDAPI) + pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED) + set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX}) + endif() + + if(FUZZ) + set(NFC_LINUX ON) + endif() + + if(NFC_LINUX) + add_definitions(-DNFC_LINUX) + endif() + + add_compile_options(-Wall) + add_compile_options(-Wextra) + add_compile_options(-Werror) + add_compile_options(-Wshadow) + add_compile_options(-Wcast-qual) + add_compile_options(-Wwrite-strings) + add_compile_options(-Wmissing-prototypes) + add_compile_options(-Wbad-function-cast) + add_compile_options(-pedantic) + add_compile_options(-pedantic-errors) + + if(HAVE_SHORTEN_64_TO_32) + add_compile_options(-Wshorten-64-to-32) + endif() + if(HAVE_STACK_PROTECTOR_ALL) + add_compile_options(-fstack-protector-all) + endif() + + set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -g2") + set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fno-omit-frame-pointer") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -D_FORTIFY_SOURCE=2") + + if(FUZZ) + add_definitions(-DFIDO_FUZZ) + endif() + if(LIBFUZZER) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link") + endif() +endif() + +# Avoid https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425 +if(CMAKE_COMPILER_IS_GNUCC) + add_compile_options(-Wno-unused-result) +endif() + +# Decide which keyword to use for thread-local storage. +if(CMAKE_COMPILER_IS_GNUCC OR + CMAKE_C_COMPILER_ID STREQUAL "Clang" OR + CMAKE_C_COMPILER_ID STREQUAL "AppleClang") + set(TLS "__thread") +elseif(WIN32) + set(TLS "__declspec(thread)") +endif() +add_definitions(-DTLS=${TLS}) + +# export list +if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR + CMAKE_C_COMPILER_ID STREQUAL "AppleClang")) + # clang + lld + string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS} + " -exported_symbols_list ${CMAKE_CURRENT_SOURCE_DIR}/src/export.llvm") +elseif(NOT MSVC) + # clang/gcc + gnu ld + if(FUZZ) + string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS} + " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/export.gnu") + else() + string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS} + " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/export.gnu") + endif() + if(NOT WIN32) + string(CONCAT CMAKE_SHARED_LINKER_FLAGS + ${CMAKE_SHARED_LINKER_FLAGS} + " -Wl,-z,noexecstack -Wl,-z,relro,-z,now") + string(CONCAT CMAKE_EXE_LINKER_FLAGS + ${CMAKE_EXE_LINKER_FLAGS} + " -Wl,-z,noexecstack -Wl,-z,relro,-z,now") + if(FUZZ) + file(STRINGS fuzz/wrapped.sym WRAPPED_SYMBOLS) + foreach(s ${WRAPPED_SYMBOLS}) + string(CONCAT CMAKE_SHARED_LINKER_FLAGS + ${CMAKE_SHARED_LINKER_FLAGS} + " -Wl,--wrap=${s}") + endforeach() + endif() + endif() +else() + string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS} + " /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"") +endif() + +include_directories(${CMAKE_SOURCE_DIR}/src) +include_directories(${CBOR_INCLUDE_DIRS}) +include_directories(${CRYPTO_INCLUDE_DIRS}) +include_directories(${HIDAPI_INCLUDE_DIRS}) +include_directories(${UDEV_INCLUDE_DIRS}) +include_directories(${ZLIB_INCLUDE_DIRS}) + +link_directories(${CBOR_LIBRARY_DIRS}) +link_directories(${CRYPTO_LIBRARY_DIRS}) +link_directories(${HIDAPI_LIBRARY_DIRS}) +link_directories(${UDEV_LIBRARY_DIRS}) +link_directories(${ZLIB_LIBRARY_DIRS}) + +message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}") +message(STATUS "BUILD_EXAMPLES: ${BUILD_EXAMPLES}") +message(STATUS "BUILD_MANPAGES: ${BUILD_MANPAGES}") +message(STATUS "BUILD_SHARED_LIBS: ${BUILD_SHARED_LIBS}") +message(STATUS "BUILD_STATIC_LIBS: ${BUILD_STATIC_LIBS}") +message(STATUS "BUILD_TOOLS: ${BUILD_TOOLS}") +message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}") +message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}") +message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}") +message(STATUS "CBOR_VERSION: ${CBOR_VERSION}") +message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}") +message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}") +message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}") +message(STATUS "CMAKE_C_FLAGS: ${CMAKE_C_FLAGS}") +message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}") +message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}") +message(STATUS "CMAKE_SYSTEM_NAME: ${CMAKE_SYSTEM_NAME}") +message(STATUS "CMAKE_SYSTEM_VERSION: ${CMAKE_SYSTEM_VERSION}") +message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}") +message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}") +message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}") +message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}") +message(STATUS "FIDO_VERSION: ${FIDO_VERSION}") +message(STATUS "FUZZ: ${FUZZ}") +message(STATUS "ZLIB_INCLUDE_DIRS: ${ZLIB_INCLUDE_DIRS}") +message(STATUS "ZLIB_LIBRARIES: ${ZLIB_LIBRARIES}") +message(STATUS "ZLIB_LIBRARY_DIRS: ${ZLIB_LIBRARY_DIRS}") +message(STATUS "ZLIB_VERSION: ${ZLIB_VERSION}") +if(USE_HIDAPI) + message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}") + message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}") + message(STATUS "HIDAPI_LIBRARY_DIRS: ${HIDAPI_LIBRARY_DIRS}") + message(STATUS "HIDAPI_VERSION: ${HIDAPI_VERSION}") +endif() +message(STATUS "LIBFUZZER: ${LIBFUZZER}") +message(STATUS "TLS: ${TLS}") +message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}") +message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}") +message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}") +message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}") +message(STATUS "UDEV_VERSION: ${UDEV_VERSION}") +message(STATUS "USE_HIDAPI: ${USE_HIDAPI}") +message(STATUS "USE_WINHELLO: ${USE_WINHELLO}") +message(STATUS "NFC_LINUX: ${NFC_LINUX}") + +subdirs(src) +if(BUILD_EXAMPLES) + subdirs(examples) +endif() +if(BUILD_TOOLS) + subdirs(tools) +endif() +if(BUILD_MANPAGES) + subdirs(man) +endif() + +if(NOT WIN32) + if(CMAKE_BUILD_TYPE STREQUAL "Debug") + if(NOT LIBFUZZER AND NOT FUZZ) + subdirs(regress) + endif() + endif() + if(FUZZ) + subdirs(fuzz) + endif() + if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + subdirs(udev) + endif() +endif() diff --git a/contrib/libfido2/LICENSE b/contrib/libfido2/LICENSE new file mode 100644 index 000000000000..4224f20992c0 --- /dev/null +++ b/contrib/libfido2/LICENSE @@ -0,0 +1,24 @@ +Copyright (c) 2018-2021 Yubico AB. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/contrib/libfido2/NEWS b/contrib/libfido2/NEWS new file mode 100644 index 000000000000..a89766b72e89 --- /dev/null +++ b/contrib/libfido2/NEWS @@ -0,0 +1,179 @@ +* Version 1.8.0 (2021-07-22) + ** Dropped 'Requires.private' entry from pkg-config file. + ** Better support for FIDO 2.1 authenticators. + ** Support for Windows's native webauthn API. + ** Support for attestation format 'none'. + ** New API calls: + - fido_assert_set_clientdata; + - fido_cbor_info_algorithm_cose; + - fido_cbor_info_algorithm_count; + - fido_cbor_info_algorithm_type; + - fido_cbor_info_transports_len; + - fido_cbor_info_transports_ptr; + - fido_cred_set_clientdata; + - fido_cred_set_id; + - fido_credman_set_dev_rk; + - fido_dev_is_winhello. + ** fido2-token: new -Sc option to update a resident credential. + ** Documentation and reliability fixes. + ** HID access serialisation on Linux. + +* Version 1.7.0 (2021-03-29) + ** New dependency on zlib. + ** Fixed musl build; gh#259. + ** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264. + ** Support for FIDO 2.1 authenticator configuration. + ** Support for FIDO 2.1 UV token permissions. + ** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. + ** New API calls: + - fido_assert_blob_len; + - fido_assert_blob_ptr; + - fido_assert_largeblob_key_len; + - fido_assert_largeblob_key_ptr; + - fido_assert_set_hmac_secret; + - fido_cbor_info_maxcredbloblen; + - fido_cred_largeblob_key_len; + - fido_cred_largeblob_key_ptr; + - fido_cred_set_blob; + - fido_dev_enable_entattest; + - fido_dev_force_pin_change; + - fido_dev_has_uv; + - fido_dev_largeblob_get; + - fido_dev_largeblob_get_array; + - fido_dev_largeblob_remove; + - fido_dev_largeblob_set; + - fido_dev_largeblob_set_array; + - fido_dev_set_pin_minlen; + - fido_dev_set_sigmask; + - fido_dev_supports_credman; + - fido_dev_supports_permissions; + - fido_dev_supports_uv; + - fido_dev_toggle_always_uv. + ** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282. + ** Experimental NFC support on Linux; enable with -DNFC_LINUX. + +* Version 1.6.0 (2020-12-22) + ** Fix OpenSSL 1.0 and Cygwin builds. + ** hid_linux: fix build on 32-bit systems. + ** hid_osx: allow reads from spawned threads. + ** Documentation and reliability fixes. + ** New API calls: + - fido_cred_authdata_raw_len; + - fido_cred_authdata_raw_ptr; + - fido_cred_sigcount; + - fido_dev_get_uv_retry_count; + - fido_dev_supports_credman. + ** Hardened Windows build. + ** Native FreeBSD and NetBSD support. + ** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. + +* Version 1.5.0 (2020-09-01) + ** hid_linux: return FIDO_OK if no devices are found. + ** hid_osx: + - repair communication with U2F tokens, gh#166; + - reliability fixes. + ** fido2-{assert,cred}: new options to explicitly toggle UP, UV. + ** Support for configurable report lengths. + ** New API calls: + - fido_cbor_info_maxcredcntlst; + - fido_cbor_info_maxcredidlen; + - fido_cred_aaguid_len; + - fido_cred_aaguid_ptr; + - fido_dev_get_touch_begin; + - fido_dev_get_touch_status. + ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154. + ** Allow CTAP messages up to 2048 bytes; gh#171. + ** Ensure we only list USB devices by default. + +* Version 1.4.0 (2020-04-15) + ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. + ** Fall back to U2F if the key claims to, but does not support FIDO2. + ** FIDO2 credential protection (credprot) support. + ** New API calls: + - fido_cbor_info_fwversion; + - fido_cred_prot; + - fido_cred_set_prot; + - fido_dev_set_transport_functions; + - fido_set_log_handler. + ** Support for FreeBSD. + ** Support for C++. + ** Support for MSYS. + ** Fixed EdDSA and RSA self-attestation. + +* Version 1.3.1 (2020-02-19) + ** fix zero-ing of le1 and le2 when talking to a U2F device. + ** dropping sk-libfido2 middleware, please find it in the openssh tree. + +* Version 1.3.0 (2019-11-28) + ** assert/hmac: encode public key as per spec, gh#60. + ** fido2-cred: fix creation of resident keys. + ** fido2-{assert,cred}: support for hmac-secret extension. + ** hid_osx: detect device removal, gh#56. + ** hid_osx: fix device detection in MacOS Catalina. + ** New API calls: + - fido_assert_set_authdata_raw; + - fido_assert_sigcount; + - fido_cred_set_authdata_raw; + - fido_dev_cancel. + ** Middleware library for use by OpenSSH. + ** Support for biometric enrollment. + ** Support for OpenBSD. + ** Support for self-attestation. + +* Version 1.2.0 (released 2019-07-26) + ** Credential management support. + ** New API reflecting FIDO's 3-state booleans (true, false, absent): + - fido_assert_set_up; + - fido_assert_set_uv; + - fido_cred_set_rk; + - fido_cred_set_uv. + ** Command-line tools for Windows. + ** Documentation and reliability fixes. + ** fido_{assert,cred}_set_options() are now marked as deprecated. + +* Version 1.1.0 (released 2019-05-08) + ** MacOS: fix IOKit crash on HID read. + ** Windows: fix contents of release file. + ** EdDSA (Ed25519) support. + ** fido_dev_make_cred: fix order of CBOR map keys. + ** fido_dev_get_assert: plug memory leak when operating on U2F devices. + +* Version 1.0.0 (released 2019-03-21) + ** Native HID support on Linux, MacOS, and Windows. + ** fido2-{assert,cred}: new -u option to force U2F on dual authenticators. + ** fido2-assert: support for multiple resident keys with the same RP. + ** Strict checks for CTAP2 compliance on received CBOR payloads. + ** Better fuzzing harnesses. + ** Documentation and reliability fixes. + +* Version 0.4.0 (released 2019-01-07) + ** fido2-assert: print the user id for resident credentials. + ** Fix encoding of COSE algorithms when making a credential. + ** Rework purpose of fido_cred_set_type; no ABI change. + ** Minor documentation and code fixes. + +* Version 0.3.0 (released 2018-09-11) + ** Various reliability fixes. + ** Merged fuzzing instrumentation. + ** Added regress tests. + ** Added support for FIDO 2's hmac-secret extension. + ** New API calls: + - fido_assert_hmac_secret_len; + - fido_assert_hmac_secret_ptr; + - fido_assert_set_extensions; + - fido_assert_set_hmac_salt; + - fido_cred_set_extensions; + - fido_dev_force_fido2. + ** Support for native builds with Microsoft Visual Studio 17. + +* Version 0.2.0 (released 2018-06-20) + ** Added command-line tools. + ** Added a couple of missing get functions. + +* Version 0.1.1 (released 2018-06-05) + ** Added documentation. + ** Added OpenSSL 1.0 support. + ** Minor fixes. + +* Version 0.1.0 (released 2018-05-18) + ** First beta release. diff --git a/contrib/libfido2/README.adoc b/contrib/libfido2/README.adoc new file mode 100644 index 000000000000..f5ffa7e4e602 --- /dev/null +++ b/contrib/libfido2/README.adoc @@ -0,0 +1,93 @@ +== libfido2 + +image:https://github.com/yubico/libfido2/workflows/linux/badge.svg["Linux Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"] +image:https://github.com/yubico/libfido2/workflows/macos/badge.svg["macOS Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"] +image:https://github.com/yubico/libfido2/workflows/windows/badge.svg["Windows Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"] +image:https://github.com/yubico/libfido2/workflows/fuzzer/badge.svg["Fuzz Status (github actions)", link="https://github.com/Yubico/libfido2/actions"] +image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fuzz Status (oss-fuzz)", link="https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libfido2"] + +*libfido2* provides library functionality and command-line tools to +communicate with a FIDO device over USB, and to verify attestation and +assertion signatures. + +*libfido2* supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols. + +For usage, see the `examples/` directory. + +=== License + +*libfido2* is licensed under the BSD 2-clause license. See the LICENSE +file for the full license text. + +=== Supported Platforms + +*libfido2* is known to work on Linux, macOS, Windows, OpenBSD, and FreeBSD. + +=== Documentation + +Documentation is available in troff and HTML formats. An +https://developers.yubico.com/libfido2/Manuals/[online mirror of *libfido2*'s documentation] +is also available. + +=== Bindings + +* .NET: https://github.com/borrrden/Fido2Net[Fido2Net] +* Go: https://github.com/keys-pub/go-libfido2[go-libfido2] +* Perl: https://github.com/jacquesg/p5-FIDO-Raw[p5-FIDO-Raw] +* Rust: https://github.com/PvdBerg1998/libfido2[libfido2] + +=== Installation + +==== Releases + +The current release of *libfido2* is 1.8.0. Please consult Yubico's +https://developers.yubico.com/libfido2/Releases[release page] for source +and binary releases. + +==== Ubuntu 20.04 (Focal) + + $ sudo apt install libfido2-1 + $ sudo apt install libfido2-dev + $ sudo apt install libfido2-doc + +Alternatively, newer versions of *libfido2* are available in Yubico's PPA. +Follow the instructions for Ubuntu 18.04 (Bionic) below. + +==== Ubuntu 18.04 (Bionic) + + $ sudo apt install software-properties-common + $ sudo apt-add-repository ppa:yubico/stable + $ sudo apt update + $ sudo apt install libfido2-dev + +==== macOS + + $ brew install libfido2 + +Or from source, on UNIX-like systems: + + $ (rm -rf build && mkdir build && cd build && cmake ..) + $ make -C build + $ sudo make -C build install + +Depending on the platform, +https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to +be installed, or the PKG_CONFIG_PATH environment variable set. + +*libfido2* depends on https://github.com/pjk/libcbor[libcbor], +https://www.openssl.org[OpenSSL], and https://zlib.net[zlib]. On Linux, libudev +(part of https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also +required. + +For complete, OS-specific installation instructions, please refer to the +`.actions/` (Linux, macOS) and `windows/` directories. + +On Linux, you will need to add a udev rule to be able to access the FIDO +device, or run as root. For example, the udev rule may contain the following: + +---- +#udev rule for allowing HID access to Yubico devices for FIDO support. + +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \ + MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050" +---- diff --git a/contrib/libfido2/examples/CMakeLists.txt b/contrib/libfido2/examples/CMakeLists.txt new file mode 100644 index 000000000000..ad3d44faad6b --- /dev/null +++ b/contrib/libfido2/examples/CMakeLists.txt @@ -0,0 +1,69 @@ +# Copyright (c) 2018 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +list(APPEND COMPAT_SOURCES + ../openbsd-compat/clock_gettime.c + ../openbsd-compat/getopt_long.c + ../openbsd-compat/strlcat.c + ../openbsd-compat/strlcpy.c +) + +if(WIN32 AND BUILD_SHARED_LIBS AND NOT CYGWIN AND NOT MSYS) + list(APPEND COMPAT_SOURCES ../openbsd-compat/posix_win.c) +endif() + +# set the library to link against +if(BUILD_STATIC_LIBS) + # drop -rdynamic + set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") + set(_FIDO2_LIBRARY fido2) +elseif(BUILD_SHARED_LIBS) + set(_FIDO2_LIBRARY fido2_shared) +else() + set(_FIDO2_LIBRARY ${CRYPTO_LIBRARIES} fido2) +endif() + *** 44024 LINES SKIPPED ***