Hello community, here is the log from the commit of package libfido2 for openSUSE:Factory checked in at 2019-01-10 15:23:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libfido2 (Old) and /work/SRC/openSUSE:Factory/.libfido2.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libfido2" Thu Jan 10 15:23:12 2019 rev:2 rq:664054 version:0.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libfido2/libfido2.changes 2018-10-04 19:00:52.451242388 +0200 +++ /work/SRC/openSUSE:Factory/.libfido2.new.28833/libfido2.changes 2019-01-10 15:23:20.182330748 +0100 @@ -1,0 +2,10 @@ +Wed Jan 9 09:32:01 UTC 2019 - Karol Babioch <kbabi...@suse.de> + +- Version 0.4.0 (released 2019-01-07) + * fido2-assert: print the user id for resident credentials. + * Fix encoding of COSE algorithms when making a credential. + * Rework purpose of fido_cred_set_type; no ABI change. + * Minor documentation and code fixes. +- Dropped patch that is included upstream now: fix-release-build.patch + +------------------------------------------------------------------- Old: ---- fix-release-build.patch libfido2-0.3.0.tar.gz libfido2-0.3.0.tar.gz.sig New: ---- libfido2-0.4.0.tar.gz libfido2-0.4.0.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libfido2.spec ++++++ --- /var/tmp/diff_new_pack.KAY6VI/_old 2019-01-10 15:23:20.590330326 +0100 +++ /var/tmp/diff_new_pack.KAY6VI/_new 2019-01-10 15:23:20.590330326 +0100 @@ -1,7 +1,7 @@ # # spec file for package libfido2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,9 +16,9 @@ # -%define sover 0_3_0 +%define sover 0_4_0 Name: libfido2 -Version: 0.3.0 +Version: 0.4.0 Release: 0 Summary: FIDO U2F and FIDO 2.0 protocols License: BSD-2-Clause @@ -26,7 +26,6 @@ URL: https://developers.yubico.com/ Source0: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz Source1: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz.sig -Patch0: fix-release-build.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libhidapi-devel @@ -62,7 +61,6 @@ %prep %setup -q -%patch0 -p1 %build %cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} -DCBOR_LIBRARY_DIRS=%{_libdir} -DCMAKE_BUILD_TYPE=Release ++++++ libfido2-0.3.0.tar.gz -> libfido2-0.4.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/.travis/build-linux-clang new/libfido2-0.4.0/.travis/build-linux-clang --- old/libfido2-0.3.0/.travis/build-linux-clang 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/.travis/build-linux-clang 2019-01-07 09:33:58.000000000 +0100 @@ -12,8 +12,8 @@ sudo make -C build install cd .. -# Build and install libfido2. +# Build, analyze, and install libfido2. mkdir build -(cd build && cmake ..) -make -C build +(cd build && scan-build cmake -DCMAKE_BUILD_TYPE=Debug ..) +scan-build --status-bugs make -C build sudo make -C build install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/.travis/build-linux-gcc new/libfido2-0.4.0/.travis/build-linux-gcc --- old/libfido2-0.3.0/.travis/build-linux-gcc 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/.travis/build-linux-gcc 2019-01-07 09:33:58.000000000 +0100 @@ -14,6 +14,6 @@ # Build and install libfido2. mkdir build -(cd build && cmake ..) +(cd build && cmake -DCMAKE_BUILD_TYPE=Debug ..) make -C build sudo make -C build install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/.travis/build-linux-mingw new/libfido2-0.4.0/.travis/build-linux-mingw --- old/libfido2-0.3.0/.travis/build-linux-mingw 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/.travis/build-linux-mingw 2019-01-07 09:33:58.000000000 +0100 @@ -51,6 +51,6 @@ export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig mkdir build (cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ - -DCMAKE_INSTALL_PREFIX=/fakeroot ..) + -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=/fakeroot ..) make -C build sudo make -C build install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/.travis/build-osx-clang new/libfido2-0.4.0/.travis/build-osx-clang --- old/libfido2-0.3.0/.travis/build-osx-clang 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/.travis/build-osx-clang 2019-01-07 09:33:58.000000000 +0100 @@ -20,14 +20,14 @@ # Install OpenSSL 1.1.1, hidapi, and mandoc from Homebrew. brew update brew upgrade openssl@1.1 -brew switch openssl@1.1 1.1.1 +brew switch openssl@1.1 1.1.1a brew install hidapi brew install mandoc # Build and install libfido2. export PKG_CONFIG_PATH=/usr/local/opt/openssl@1.1/lib/pkgconfig mkdir build -(cd build && cmake ..) +(cd build && cmake -DCMAKE_BUILD_TYPE=Debug ..) make -C build make -C build man_symlink_html sudo make -C build install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/CMakeLists.txt new/libfido2-0.4.0/CMakeLists.txt --- old/libfido2-0.3.0/CMakeLists.txt 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/CMakeLists.txt 2019-01-07 09:33:58.000000000 +0100 @@ -15,7 +15,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(FIDO_MAJOR "0") -set(FIDO_MINOR "3") +set(FIDO_MINOR "4") set(FIDO_PATCH "0") set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH}) @@ -24,9 +24,9 @@ add_definitions(-D_FIDO_PATCH=${FIDO_PATCH}) if(MSVC) - if ((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR - (NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR - (NOT HIDAPI_INCLUDE_DIRS) OR (NOT HIDAPI_LIBRARY_DIRS)) + if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR + (NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR + (NOT HIDAPI_INCLUDE_DIRS) OR (NOT HIDAPI_LIBRARY_DIRS)) message(FATAL_ERROR "please provide definitions for " "{CBOR,CRYPTO,HIDAPI}_{INCLUDE,LIBRARY}_DIRS when building " "under msvc") @@ -94,6 +94,7 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99") if(FUZZ) # -fsanitize-trap=undefined is a superset of -ftrapv + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize-trap=undefined") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g") endif() @@ -236,6 +237,7 @@ message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}") message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}") message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}") +message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}") message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}") message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}") message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}") @@ -252,8 +254,10 @@ subdirs(src) subdirs(examples) if(NOT WIN32) -subdirs(regress) -subdirs(tools) -subdirs(udev) + if(CMAKE_BUILD_TYPE STREQUAL "Debug") + subdirs(regress) + endif() + subdirs(tools) + subdirs(udev) endif() subdirs(man) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/NEWS new/libfido2-0.4.0/NEWS --- old/libfido2-0.3.0/NEWS 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/NEWS 2019-01-07 09:33:58.000000000 +0100 @@ -1,4 +1,10 @@ -* Version 0.3.0 (unreleased) +* Version 0.4.0 (released 2019-01-07) + ** fido2-assert: print the user id for resident credentials. + ** Fix encoding of COSE algorithms when making a credential. + ** Rework purpose of fido_cred_set_type; no ABI change. + ** Minor documentation and code fixes. + +* Version 0.3.0 (released 2018-09-11) ** Various reliability fixes. ** Merged fuzzing instrumentation. ** Added regress tests. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/README.adoc new/libfido2-0.4.0/README.adoc --- old/libfido2-0.3.0/README.adoc 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/README.adoc 2019-01-07 09:33:58.000000000 +0100 @@ -29,6 +29,12 @@ === Installation +==== Releases + +The current release of *libfido2* is 0.4.0. Please consult Yubico's +https://developers.yubico.com/libfido2/Releases[release page] for source +and binary releases. + ==== Ubuntu $ sudo apt-add-repository ppa:yubico/stable diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/debian/changelog new/libfido2-0.4.0/debian/changelog --- old/libfido2-0.3.0/debian/changelog 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/debian/changelog 2019-01-07 09:33:58.000000000 +0100 @@ -1,4 +1,13 @@ -libfido2 (0.3.0~dev) UNRELEASED; urgency=low +libfido2 (0.4.0) bionic; urgency=low + + * fido2-assert: print the user id for resident credentials. + * Fix encoding of COSE algorithms when making a credential. + * Rework purpose of fido_cred_set_type; no ABI change. + * Minor documentation and code fixes. + + -- pedro martelletto <pe...@yubico.com> Mon, 07 Jan 2019 08:22:01 +0000 + +libfido2 (0.3.0) bionic; urgency=low * Various reliability fixes. * Merged fuzzing instrumentation. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/debian/control new/libfido2-0.4.0/debian/control --- old/libfido2-0.3.0/debian/control 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/debian/control 2019-01-07 09:33:58.000000000 +0100 @@ -1,6 +1,6 @@ Source: libfido2 Priority: optional -Maintainer: Debian Authentication Maintainers <pkg-auth-maintain...@lists.alioth.debian.org> +Maintainer: Yubico Open Source Maintainers <ossma...@yubico.com> Uploaders: pedro martelletto <pe...@yubico.com> Standards-Version: 4.1.2 Section: libs @@ -41,3 +41,13 @@ Description: command-line tools to configure and use a FIDO 2 token A set of tools to manage a FIDO 2 token, generate credentials and assertions, and verify them. + +Package: libfido2-udev +Section: libs +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends} +Conflicts: libu2f-udev +Description: udev rules for access to U2F and FIDO2 devices + A set of udev rules allowing unprivileged system-level access + to U2F and FIDO2 USB devices for logged-on users. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/debian/libfido2-0.symbols new/libfido2-0.4.0/debian/libfido2-0.symbols --- old/libfido2-0.3.0/debian/libfido2-0.symbols 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/debian/libfido2-0.symbols 2019-01-07 09:33:58.000000000 +0100 @@ -1,109 +1,115 @@ -libfido2.so.0.2.0 libfido2-0 #MINVER# - es256_pk_free@Base 0.2.0~dev - es256_pk_from_EC_KEY@Base 0.2.0~dev - es256_pk_from_ptr@Base 0.2.0~dev - es256_pk_new@Base 0.2.0~dev - es256_pk_to_EVP_PKEY@Base 0.2.0~dev - fido_assert_allow_cred@Base 0.2.0~dev - fido_assert_authdata_len@Base 0.2.0~dev - fido_assert_authdata_ptr@Base 0.2.0~dev - fido_assert_clientdata_hash_len@Base 0.2.0~dev - fido_assert_clientdata_hash_ptr@Base 0.2.0~dev - fido_assert_count@Base 0.2.0~dev - fido_assert_flags@Base 0.2.0~dev - fido_assert_free@Base 0.2.0~dev - fido_assert_id_len@Base 0.2.0~dev - fido_assert_id_ptr@Base 0.2.0~dev - fido_assert_new@Base 0.2.0~dev - fido_assert_rp_id@Base 0.2.0~dev - fido_assert_set_authdata@Base 0.2.0~dev - fido_assert_set_clientdata_hash@Base 0.2.0~dev - fido_assert_set_count@Base 0.2.0~dev - fido_assert_set_options@Base 0.2.0~dev - fido_assert_set_rp@Base 0.2.0~dev - fido_assert_set_sig@Base 0.2.0~dev - fido_assert_sig_len@Base 0.2.0~dev - fido_assert_sig_ptr@Base 0.2.0~dev - fido_assert_user_display_name@Base 0.2.0~dev - fido_assert_user_icon@Base 0.2.0~dev - fido_assert_user_id_len@Base 0.2.0~dev - fido_assert_user_id_ptr@Base 0.2.0~dev - fido_assert_user_name@Base 0.2.0~dev - fido_assert_verify@Base 0.2.0~dev - fido_cbor_info_aaguid_len@Base 0.2.0~dev - fido_cbor_info_aaguid_ptr@Base 0.2.0~dev - fido_cbor_info_extensions_len@Base 0.2.0~dev - fido_cbor_info_extensions_ptr@Base 0.2.0~dev - fido_cbor_info_free@Base 0.2.0~dev - fido_cbor_info_maxmsgsiz@Base 0.2.0~dev - fido_cbor_info_new@Base 0.2.0~dev - fido_cbor_info_options_len@Base 0.2.0~dev - fido_cbor_info_options_name_ptr@Base 0.2.0~dev - fido_cbor_info_options_value_ptr@Base 0.2.0~dev - fido_cbor_info_protocols_len@Base 0.2.0~dev - fido_cbor_info_protocols_ptr@Base 0.2.0~dev - fido_cbor_info_versions_len@Base 0.2.0~dev - fido_cbor_info_versions_ptr@Base 0.2.0~dev - fido_cred_authdata_len@Base 0.2.0~dev - fido_cred_authdata_ptr@Base 0.2.0~dev - fido_cred_clientdata_hash_len@Base 0.2.0~dev - fido_cred_clientdata_hash_ptr@Base 0.2.0~dev - fido_cred_exclude@Base 0.2.0~dev - fido_cred_flags@Base 0.2.0~dev - fido_cred_fmt@Base 0.2.0~dev - fido_cred_free@Base 0.2.0~dev - fido_cred_id_len@Base 0.2.0~dev - fido_cred_id_ptr@Base 0.2.0~dev - fido_cred_new@Base 0.2.0~dev - fido_cred_pubkey_len@Base 0.2.0~dev - fido_cred_pubkey_ptr@Base 0.2.0~dev - fido_cred_rp_id@Base 0.2.0~dev - fido_cred_rp_name@Base 0.2.0~dev - fido_cred_set_authdata@Base 0.2.0~dev - fido_cred_set_clientdata_hash@Base 0.2.0~dev - fido_cred_set_fmt@Base 0.2.0~dev - fido_cred_set_options@Base 0.2.0~dev - fido_cred_set_rp@Base 0.2.0~dev - fido_cred_set_sig@Base 0.2.0~dev - fido_cred_set_type@Base 0.2.0~dev - fido_cred_set_user@Base 0.2.0~dev - fido_cred_set_x509@Base 0.2.0~dev - fido_cred_sig_len@Base 0.2.0~dev - fido_cred_sig_ptr@Base 0.2.0~dev - fido_cred_verify@Base 0.2.0~dev - fido_cred_x5c_len@Base 0.2.0~dev - fido_cred_x5c_ptr@Base 0.2.0~dev - fido_dev_build@Base 0.2.0~dev - fido_dev_close@Base 0.2.0~dev - fido_dev_flags@Base 0.2.0~dev - fido_dev_force_u2f@Base 0.2.0~dev - fido_dev_free@Base 0.2.0~dev - fido_dev_get_assert@Base 0.2.0~dev - fido_dev_get_cbor_info@Base 0.2.0~dev - fido_dev_get_retry_count@Base 0.2.0~dev - fido_dev_info_free@Base 0.2.0~dev - fido_dev_info_manifest@Base 0.2.0~dev - fido_dev_info_manufacturer_string@Base 0.2.0~dev - fido_dev_info_new@Base 0.2.0~dev - fido_dev_info_path@Base 0.2.0~dev - fido_dev_info_product@Base 0.2.0~dev - fido_dev_info_product_string@Base 0.2.0~dev - fido_dev_info_ptr@Base 0.2.0~dev - fido_dev_info_vendor@Base 0.2.0~dev - fido_dev_is_fido2@Base 0.2.0~dev - fido_dev_major@Base 0.2.0~dev - fido_dev_make_cred@Base 0.2.0~dev - fido_dev_minor@Base 0.2.0~dev - fido_dev_new@Base 0.2.0~dev - fido_dev_open@Base 0.2.0~dev - fido_dev_protocol@Base 0.2.0~dev - fido_dev_reset@Base 0.2.0~dev - fido_dev_set_io_functions@Base 0.2.0~dev - fido_dev_set_pin@Base 0.2.0~dev - fido_init@Base 0.2.0~dev - fido_strerr@Base 0.2.0~dev - rs256_pk_free@Base 0.2.0~dev - rs256_pk_from_RSA@Base 0.2.0~dev - rs256_pk_from_ptr@Base 0.2.0~dev - rs256_pk_new@Base 0.2.0~dev - rs256_pk_to_EVP_PKEY@Base 0.2.0~dev +libfido2.so.0.4.0 libfido2-0 #MINVER# + es256_pk_free@Base 0.4.0 + es256_pk_from_EC_KEY@Base 0.4.0 + es256_pk_from_ptr@Base 0.4.0 + es256_pk_new@Base 0.4.0 + es256_pk_to_EVP_PKEY@Base 0.4.0 + fido_assert_allow_cred@Base 0.4.0 + fido_assert_authdata_len@Base 0.4.0 + fido_assert_authdata_ptr@Base 0.4.0 + fido_assert_clientdata_hash_len@Base 0.4.0 + fido_assert_clientdata_hash_ptr@Base 0.4.0 + fido_assert_count@Base 0.4.0 + fido_assert_flags@Base 0.4.0 + fido_assert_free@Base 0.4.0 + fido_assert_hmac_secret_len@Base 0.4.0 + fido_assert_hmac_secret_ptr@Base 0.4.0 + fido_assert_id_len@Base 0.4.0 + fido_assert_id_ptr@Base 0.4.0 + fido_assert_new@Base 0.4.0 + fido_assert_rp_id@Base 0.4.0 + fido_assert_set_authdata@Base 0.4.0 + fido_assert_set_clientdata_hash@Base 0.4.0 + fido_assert_set_count@Base 0.4.0 + fido_assert_set_extensions@Base 0.4.0 + fido_assert_set_hmac_salt@Base 0.4.0 + fido_assert_set_options@Base 0.4.0 + fido_assert_set_rp@Base 0.4.0 + fido_assert_set_sig@Base 0.4.0 + fido_assert_sig_len@Base 0.4.0 + fido_assert_sig_ptr@Base 0.4.0 + fido_assert_user_display_name@Base 0.4.0 + fido_assert_user_icon@Base 0.4.0 + fido_assert_user_id_len@Base 0.4.0 + fido_assert_user_id_ptr@Base 0.4.0 + fido_assert_user_name@Base 0.4.0 + fido_assert_verify@Base 0.4.0 + fido_cbor_info_aaguid_len@Base 0.4.0 + fido_cbor_info_aaguid_ptr@Base 0.4.0 + fido_cbor_info_extensions_len@Base 0.4.0 + fido_cbor_info_extensions_ptr@Base 0.4.0 + fido_cbor_info_free@Base 0.4.0 + fido_cbor_info_maxmsgsiz@Base 0.4.0 + fido_cbor_info_new@Base 0.4.0 + fido_cbor_info_options_len@Base 0.4.0 + fido_cbor_info_options_name_ptr@Base 0.4.0 + fido_cbor_info_options_value_ptr@Base 0.4.0 + fido_cbor_info_protocols_len@Base 0.4.0 + fido_cbor_info_protocols_ptr@Base 0.4.0 + fido_cbor_info_versions_len@Base 0.4.0 + fido_cbor_info_versions_ptr@Base 0.4.0 + fido_cred_authdata_len@Base 0.4.0 + fido_cred_authdata_ptr@Base 0.4.0 + fido_cred_clientdata_hash_len@Base 0.4.0 + fido_cred_clientdata_hash_ptr@Base 0.4.0 + fido_cred_exclude@Base 0.4.0 + fido_cred_flags@Base 0.4.0 + fido_cred_fmt@Base 0.4.0 + fido_cred_free@Base 0.4.0 + fido_cred_id_len@Base 0.4.0 + fido_cred_id_ptr@Base 0.4.0 + fido_cred_new@Base 0.4.0 + fido_cred_pubkey_len@Base 0.4.0 + fido_cred_pubkey_ptr@Base 0.4.0 + fido_cred_rp_id@Base 0.4.0 + fido_cred_rp_name@Base 0.4.0 + fido_cred_set_authdata@Base 0.4.0 + fido_cred_set_clientdata_hash@Base 0.4.0 + fido_cred_set_extensions@Base 0.4.0 + fido_cred_set_fmt@Base 0.4.0 + fido_cred_set_options@Base 0.4.0 + fido_cred_set_rp@Base 0.4.0 + fido_cred_set_sig@Base 0.4.0 + fido_cred_set_type@Base 0.4.0 + fido_cred_set_user@Base 0.4.0 + fido_cred_set_x509@Base 0.4.0 + fido_cred_sig_len@Base 0.4.0 + fido_cred_sig_ptr@Base 0.4.0 + fido_cred_verify@Base 0.4.0 + fido_cred_x5c_len@Base 0.4.0 + fido_cred_x5c_ptr@Base 0.4.0 + fido_dev_build@Base 0.4.0 + fido_dev_close@Base 0.4.0 + fido_dev_flags@Base 0.4.0 + fido_dev_force_fido2@Base 0.4.0 + fido_dev_force_u2f@Base 0.4.0 + fido_dev_free@Base 0.4.0 + fido_dev_get_assert@Base 0.4.0 + fido_dev_get_cbor_info@Base 0.4.0 + fido_dev_get_retry_count@Base 0.4.0 + fido_dev_info_free@Base 0.4.0 + fido_dev_info_manifest@Base 0.4.0 + fido_dev_info_manufacturer_string@Base 0.4.0 + fido_dev_info_new@Base 0.4.0 + fido_dev_info_path@Base 0.4.0 + fido_dev_info_product@Base 0.4.0 + fido_dev_info_product_string@Base 0.4.0 + fido_dev_info_ptr@Base 0.4.0 + fido_dev_info_vendor@Base 0.4.0 + fido_dev_is_fido2@Base 0.4.0 + fido_dev_major@Base 0.4.0 + fido_dev_make_cred@Base 0.4.0 + fido_dev_minor@Base 0.4.0 + fido_dev_new@Base 0.4.0 + fido_dev_open@Base 0.4.0 + fido_dev_protocol@Base 0.4.0 + fido_dev_reset@Base 0.4.0 + fido_dev_set_io_functions@Base 0.4.0 + fido_dev_set_pin@Base 0.4.0 + fido_init@Base 0.4.0 + fido_strerr@Base 0.4.0 + rs256_pk_free@Base 0.4.0 + rs256_pk_from_RSA@Base 0.4.0 + rs256_pk_from_ptr@Base 0.4.0 + rs256_pk_new@Base 0.4.0 + rs256_pk_to_EVP_PKEY@Base 0.4.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/debian/libfido2-udev.install new/libfido2-0.4.0/debian/libfido2-udev.install --- old/libfido2-0.3.0/debian/libfido2-udev.install 1970-01-01 01:00:00.000000000 +0100 +++ new/libfido2-0.4.0/debian/libfido2-udev.install 2019-01-07 09:33:58.000000000 +0100 @@ -0,0 +1 @@ +lib/udev/rules.d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/debian/rules new/libfido2-0.4.0/debian/rules --- old/libfido2-0.3.0/debian/rules 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/debian/rules 2019-01-07 09:33:58.000000000 +0100 @@ -4,3 +4,6 @@ %: dh $@ + +override_dh_auto_configure: + dh_auto_configure -- -DUDEV_RULES_DIR=/lib/udev/rules.d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/docker/bionic/Dockerfile new/libfido2-0.4.0/docker/bionic/Dockerfile --- old/libfido2-0.3.0/docker/bionic/Dockerfile 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/docker/bionic/Dockerfile 2019-01-07 09:33:58.000000000 +0100 @@ -1,6 +1,7 @@ # unlock-yk # docker run --rm --volume=/home/pedro/projects/libfido2:/workdir \ # --volume=$(gpgconf --list-dirs socketdir):/root/.gnupg \ +# --volume=$(gpgconf --list-dirs homedir)/pubring.kbx:/root/.gnupg/pubring.kbx \ # -it libfido2-staging --install-deps --ppa martelletto/ppa \ # --key pe...@yubico.com FROM ubuntu:bionic diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/fuzz/preload-fuzz.c new/libfido2-0.4.0/fuzz/preload-fuzz.c --- old/libfido2-0.3.0/fuzz/preload-fuzz.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/fuzz/preload-fuzz.c 2019-01-07 09:33:58.000000000 +0100 @@ -9,7 +9,6 @@ * export LD_PRELOAD=$(realpath preload.so) */ -#include <fido.h> #include <hidapi.h> #include <stdio.h> #include <stdlib.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/fuzz/preload-snoop.c new/libfido2-0.4.0/fuzz/preload-snoop.c --- old/libfido2-0.3.0/fuzz/preload-snoop.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/fuzz/preload-snoop.c 2019-01-07 09:33:58.000000000 +0100 @@ -14,7 +14,6 @@ #include <dlfcn.h> #include <fcntl.h> -#include <fido.h> #include <hidapi.h> #include <stdio.h> #include <stdlib.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/man/NOTES new/libfido2-0.4.0/man/NOTES --- old/libfido2-0.3.0/man/NOTES 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/man/NOTES 2019-01-07 09:33:58.000000000 +0100 @@ -1,3 +1,4 @@ To generate .partial files for https://developers.yubico.com/: $ make -C build man_symlink_html_partial +$ (cd build/man && pax -p p -r -w *.partial /tmp/partial) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/man/fido2-assert.1 new/libfido2-0.4.0/man/fido2-assert.1 --- old/libfido2-0.3.0/man/fido2-assert.1 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/man/fido2-assert.1 2019-01-07 09:33:58.000000000 +0100 @@ -171,6 +171,8 @@ authenticator data (base64 blob); .It assertion signature (base64 blob); +.It +user id, if credential resident (base64 blob); .El .Pp When verifying an assertion, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/man/fido2-token.1 new/libfido2-0.4.0/man/fido2-token.1 --- old/libfido2-0.3.0/man/fido2-token.1 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/man/fido2-token.1 2019-01-07 09:33:58.000000000 +0100 @@ -65,3 +65,10 @@ .Sh SEE ALSO .Xr fido2-assert 1 , .Xr fido2-cred 1 +.Sh CAVEATS +The actual user-flow to perform a reset is outside the scope of the +FIDO2 specification, and may therefore vary depending on the +authenticator. +Yubico authenticators do not allow resets after 5 seconds from +power-up, and expect a reset to be confirmed by the user through +touch within 30 seconds. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/man/fido_cred.3 new/libfido2-0.4.0/man/fido_cred.3 --- old/libfido2-0.3.0/man/fido_cred.3 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/man/fido_cred.3 2019-01-07 09:33:58.000000000 +0100 @@ -131,6 +131,10 @@ The authenticator data, x509 certificate, and signature parts of a credential are typically passed to a FIDO 2 server for verification. .Sh RETURN VALUES +The authenticator data returned by +.Fn fido_cred_authdata_ptr +is a CBOR-encoded byte string, as obtained from the authenticator. +.Pp If not NULL, pointers returned by .Fn fido_cred_fmt , .Fn fido_cred_authdata_ptr , diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/man/fido_cred_set.3 new/libfido2-0.4.0/man/fido_cred_set.3 --- old/libfido2-0.3.0/man/fido_cred_set.3 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/man/fido_cred_set.3 2019-01-07 09:33:58.000000000 +0100 @@ -73,6 +73,10 @@ A copy of .Fa ptr is made, and no references to the passed pointer are kept. +The authenticator data passed to +.Fn fido_cred_set_authdata +must be a CBOR-encoded byte string, as obtained from +.Fn fido_cred_authdata_ptr . .Pp The .Fn fido_cred_set_rp @@ -159,6 +163,9 @@ A copy of .Fa fmt is made, and no references to the passed pointer are kept. +Note that not all authenticators support FIDO2 and therefore may not +be able to generate +.Vt "packed" . .Pp The .Fn fido_cred_set_type @@ -172,6 +179,7 @@ or .Dv COSE_RS256 . The type of a credential may only be set once. +Note that not all tokens support COSE_RS256. .Pp Use of the .Nm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/man/fido_cred_verify.3 new/libfido2-0.4.0/man/fido_cred_verify.3 --- old/libfido2-0.3.0/man/fido_cred_verify.3 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/man/fido_cred_verify.3 2019-01-07 09:33:58.000000000 +0100 @@ -29,7 +29,8 @@ The .Fn fido_cred_verify function verifies whether the client data hash, relying party ID, -credential ID, and resident key and user verification attributes of +credential ID, type, and resident key and user verification +attributes of .Fa cred have been attested by the holder of the private counterpart of the public key contained in the credential's x509 certificate. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/man/fido_dev_set_pin.3 new/libfido2-0.4.0/man/fido_dev_set_pin.3 --- old/libfido2-0.3.0/man/fido_dev_set_pin.3 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/man/fido_dev_set_pin.3 2019-01-07 09:33:58.000000000 +0100 @@ -74,3 +74,15 @@ On success, .Dv FIDO_OK is returned. +.Sh CAVEATS +Regarding +.Fn fido_dev_reset , +the actual user-flow to perform a reset is outside the scope of the +FIDO2 specification, and may therefore vary depending on the +authenticator. +Yubico authenticators will return +.Dv FIDO_ERR_NOT_ALLOWED +if a reset is issued later than 5 seconds after power-up, and +.Dv FIDO_ERR_ACTION_TIMEOUT +if the user fails to confirm the reset by touching the key +within 30 seconds. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/openbsd-compat/readpassphrase.c new/libfido2-0.4.0/openbsd-compat/readpassphrase.c --- old/libfido2-0.3.0/openbsd-compat/readpassphrase.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/openbsd-compat/readpassphrase.c 2019-01-07 09:33:58.000000000 +0100 @@ -75,8 +75,6 @@ restart: for (i = 0; i < _NSIG; i++) signo[i] = 0; - nr = -1; - save_errno = 0; need_restart = 0; /* * Read and write to /dev/tty if available. If not, read from diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/regress/cred.c new/libfido2-0.4.0/regress/cred.c --- old/libfido2-0.3.0/regress/cred.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/regress/cred.c 2019-01-07 09:33:58.000000000 +0100 @@ -396,10 +396,8 @@ no_authdata(void) { fido_cred_t *c; - unsigned char zerokey[64]; c = alloc_cred(); - memset(zerokey, 0, sizeof(zerokey)); assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); assert(fido_cred_set_clientdata_hash(c, cdh, sizeof(cdh)) == FIDO_OK); assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK); @@ -408,8 +406,8 @@ assert(fido_cred_set_sig(c, sig, sizeof(sig)) == FIDO_OK); assert(fido_cred_set_fmt(c, "packed") == FIDO_OK); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); - assert(fido_cred_pubkey_len(c) == sizeof(zerokey)); - assert(memcmp(fido_cred_pubkey_ptr(c), zerokey, sizeof(zerokey)) == 0); + assert(fido_cred_pubkey_len(c) == 0); + assert(fido_cred_pubkey_ptr(c) == NULL); assert(fido_cred_id_len(c) == 0); assert(fido_cred_id_ptr(c) == NULL); free_cred(c); @@ -664,6 +662,29 @@ free(junk); } +/* github issue #6 */ +static void +invalid_type(void) +{ + fido_cred_t *c; + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_RS256) == FIDO_OK); + assert(fido_cred_set_clientdata_hash(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK); + assert(fido_cred_set_authdata(c, authdata, sizeof(authdata)) == FIDO_ERR_INVALID_ARGUMENT); + assert(fido_cred_set_options(c, false, false) == FIDO_OK); + assert(fido_cred_set_x509(c, x509, sizeof(x509)) == FIDO_OK); + assert(fido_cred_set_sig(c, sig, sizeof(sig)) == FIDO_OK); + assert(fido_cred_set_fmt(c, "packed") == FIDO_OK); + assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); + assert(fido_cred_pubkey_len(c) == 0); + assert(fido_cred_pubkey_ptr(c) == NULL); + assert(fido_cred_id_len(c) == 0); + assert(fido_cred_id_ptr(c) == NULL); + free_cred(c); +} + int main(void) { @@ -685,6 +706,7 @@ junk_x509(); junk_sig(); wrong_options(); + invalid_type(); exit(0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/src/assert.c new/libfido2-0.4.0/src/assert.c --- old/libfido2-0.3.0/src/assert.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/src/assert.c 2019-01-07 09:33:58.000000000 +0100 @@ -906,7 +906,7 @@ { unsigned char *sig; - if (idx >= a->stmt_len) + if (idx >= a->stmt_len || ptr == NULL) return (FIDO_ERR_INVALID_ARGUMENT); fido_assert_clean_sig(&a->stmt[idx]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/src/blob.c new/libfido2-0.4.0/src/blob.c --- old/libfido2-0.3.0/src/blob.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/src/blob.c 2019-01-07 09:33:58.000000000 +0100 @@ -63,6 +63,7 @@ if (b->ptr != NULL) { explicit_bzero(b->ptr, b->len); free(b->ptr); + b->ptr = NULL; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/src/cbor.c new/libfido2-0.4.0/src/cbor.c --- old/libfido2-0.3.0/src/cbor.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/src/cbor.c 2019-01-07 09:33:58.000000000 +0100 @@ -327,15 +327,22 @@ { cbor_item_t *item = NULL; cbor_item_t *body = NULL; + cbor_item_t *alg_item = NULL; struct cbor_pair alg; if ((item = cbor_new_definite_array(1)) == NULL || (body = cbor_new_definite_map(2)) == NULL || - cose_alg > -1 || -cose_alg - 1 > UINT16_MAX) + cose_alg > -1 || cose_alg < INT16_MIN) goto fail; alg.key = cbor_move(cbor_build_string("alg")); - alg.value = cbor_move(cbor_build_negint16((uint16_t)(-cose_alg - 1))); + + if (-cose_alg - 1 > UINT8_MAX) + alg_item = cbor_build_negint16((uint16_t)(-cose_alg - 1)); + else + alg_item = cbor_build_negint8((uint8_t)(-cose_alg - 1)); + + alg.value = cbor_move(alg_item); if (cbor_map_add(body, alg) == false || cbor_add_string(body, "type", "public-key") < 0 || @@ -770,7 +777,8 @@ } static int -decode_attcred(const unsigned char **buf, size_t *len, fido_attcred_t *attcred) +decode_attcred(const unsigned char **buf, size_t *len, int cose_alg, + fido_attcred_t *attcred) { cbor_item_t *item = NULL; struct cbor_load_result cbor; @@ -811,6 +819,12 @@ goto fail; } + if (attcred->type != cose_alg) { + log_debug("%s: cose_alg mismatch (%d != %d)", __func__, + attcred->type, cose_alg); + goto fail; + } + if (attcred->type == COSE_ES256) { if (es256_pk_decode(item, &attcred->pubkey.es256) < 0) { log_debug("%s: es256_pk_decode", __func__); @@ -956,8 +970,9 @@ } int -decode_cred_authdata(const cbor_item_t *item, fido_blob_t *authdata_cbor, - fido_authdata_t *authdata, fido_attcred_t *attcred, int *authdata_ext) +decode_cred_authdata(const cbor_item_t *item, int cose_alg, + fido_blob_t *authdata_cbor, fido_authdata_t *authdata, + fido_attcred_t *attcred, int *authdata_ext) { const unsigned char *buf = NULL; size_t len; @@ -988,7 +1003,7 @@ if (attcred != NULL) { if ((authdata->flags & CTAP_AUTHDATA_ATT_CRED) == 0 || - decode_attcred(&buf, &len, attcred) < 0) + decode_attcred(&buf, &len, cose_alg, attcred) < 0) return (-1); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/src/cred.c new/libfido2-0.4.0/src/cred.c --- old/libfido2-0.3.0/src/cred.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/src/cred.c 2019-01-07 09:33:58.000000000 +0100 @@ -28,8 +28,9 @@ case 1: /* fmt */ return (decode_fmt(val, &cred->fmt)); case 2: /* authdata */ - return (decode_cred_authdata(val, &cred->authdata_cbor, - &cred->authdata, &cred->attcred, &cred->authdata_ext)); + return (decode_cred_authdata(val, cred->type, + &cred->authdata_cbor, &cred->authdata, &cred->attcred, + &cred->authdata_ext)); case 3: /* attestation statement */ return (decode_attstmt(val, &cred->attstmt)); default: @@ -500,8 +501,8 @@ goto fail; } - if (decode_cred_authdata(item, &cred->authdata_cbor, &cred->authdata, - &cred->attcred, &cred->authdata_ext) < 0) { + if (decode_cred_authdata(item, cred->type, &cred->authdata_cbor, + &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) { log_debug("%s: decode_cred_authdata", __func__); r = FIDO_ERR_INVALID_ARGUMENT; goto fail; @@ -526,6 +527,8 @@ fido_cred_clean_x509(cred); + if (ptr == NULL) + return (FIDO_ERR_INVALID_ARGUMENT); if ((x509 = malloc(len)) == NULL) return (FIDO_ERR_INTERNAL); @@ -543,6 +546,8 @@ fido_cred_clean_sig(cred); + if (ptr == NULL) + return (FIDO_ERR_INVALID_ARGUMENT); if ((sig = malloc(len)) == NULL) return (FIDO_ERR_INTERNAL); @@ -781,7 +786,7 @@ { const void *ptr; - switch (cred->type) { + switch (cred->attcred.type) { case COSE_ES256: ptr = &cred->attcred.pubkey.es256; break; @@ -801,7 +806,7 @@ { size_t len; - switch (cred->type) { + switch (cred->attcred.type) { case COSE_ES256: len = sizeof(cred->attcred.pubkey.es256); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/src/es256.c new/libfido2-0.4.0/src/es256.c --- old/libfido2-0.3.0/src/es256.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/src/es256.c 2019-01-07 09:33:58.000000000 +0100 @@ -334,7 +334,7 @@ EC_KEY *ec = NULL; EVP_PKEY *pkey = NULL; BIGNUM *d = NULL; - const int nid = NID_X9_62_prime256v1; + const int nid = NID_X9_62_prime256v1; int ok = -1; if ((bnctx = BN_CTX_new()) == NULL || (d = BN_CTX_get(bnctx)) == NULL || diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/src/extern.h new/libfido2-0.4.0/src/extern.h --- old/libfido2-0.3.0/src/extern.h 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/src/extern.h 2019-01-07 09:33:58.000000000 +0100 @@ -32,7 +32,7 @@ /* cbor decoding functions */ int decode_attstmt(const cbor_item_t *, fido_attstmt_t *); -int decode_cred_authdata(const cbor_item_t *, fido_blob_t *, +int decode_cred_authdata(const cbor_item_t *, int, fido_blob_t *, fido_authdata_t *, fido_attcred_t *, int *); int decode_assert_authdata(const cbor_item_t *, fido_blob_t *, fido_authdata_t *, int *, fido_blob_t *); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/src/io.c new/libfido2-0.4.0/src/io.c --- old/libfido2-0.3.0/src/io.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/src/io.c 2019-01-07 09:33:58.000000000 +0100 @@ -9,7 +9,9 @@ #include <string.h> #include "fido.h" +#include "packed.h" +PACKED_TYPE(frame_t, struct frame { uint32_t cid; /* channel id */ union { @@ -25,7 +27,7 @@ uint8_t data[CTAP_RPT_SIZE - 5]; } cont; } body; -}; +}) #ifndef MIN #define MIN(x, y) ((x) > (y) ? (y) : (x)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/src/u2f.c new/libfido2-0.4.0/src/u2f.c --- old/libfido2-0.3.0/src/u2f.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/src/u2f.c 2019-01-07 09:33:58.000000000 +0100 @@ -666,7 +666,7 @@ return (FIDO_ERR_UNSUPPORTED_OPTION); } - if ((r = fido_assert_set_count(fa, fa->allow_list.len) != FIDO_OK)) { + if ((r = fido_assert_set_count(fa, fa->allow_list.len)) != FIDO_OK) { log_debug("%s: fido_assert_set_count", __func__); return (r); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/tools/assert_get.c new/libfido2-0.4.0/tools/assert_get.c --- old/libfido2-0.3.0/tools/assert_get.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/tools/assert_get.c 2019-01-07 09:33:58.000000000 +0100 @@ -67,11 +67,12 @@ } static void -print_assert(FILE *out_f, const fido_assert_t *assert) +print_assert(FILE *out_f, const fido_assert_t *assert, bool rk) { char *cdh = NULL; char *authdata = NULL; char *sig = NULL; + char *user_id = NULL; int r; r = base64_encode(fido_assert_clientdata_hash_ptr(assert), @@ -80,6 +81,9 @@ fido_assert_authdata_len(assert, 0), &authdata); r |= base64_encode(fido_assert_sig_ptr(assert, 0), fido_assert_sig_len(assert, 0), &sig); + if (rk) + r |= base64_encode(fido_assert_user_id_ptr(assert, 0), + fido_assert_user_id_len(assert, 0), &user_id); if (r < 0) errx(1, "output error"); @@ -87,10 +91,13 @@ fprintf(out_f, "%s\n", fido_assert_rp_id(assert)); fprintf(out_f, "%s\n", authdata); fprintf(out_f, "%s\n", sig); + if (rk) + fprintf(out_f, "%s\n", user_id); free(cdh); free(authdata); free(sig); + free(user_id); } int @@ -100,8 +107,10 @@ fido_assert_t *assert = NULL; char pin[1024]; char prompt[1024]; - FILE *in_f = stdin; - FILE *out_f = stdout; + char *in_path = NULL; + char *out_path = NULL; + FILE *in_f = NULL; + FILE *out_f = NULL; bool rk = false; bool up = false; bool uv = false; @@ -115,12 +124,10 @@ debug = true; break; case 'i': - if (strcmp(optarg, "-")) - in_f = open_read(optarg); + in_path = optarg; break; case 'o': - if (strcmp(optarg, "-")) - out_f = open_write(optarg); + out_path = optarg; break; case 'p': up = true; @@ -142,6 +149,9 @@ if (argc != 1) usage(); + in_f = open_read(in_path); + out_f = open_write(out_path); + fido_init(debug ? FIDO_DEBUG : 0); dev = open_dev(argv[0]); assert= prepare_assert(in_f, rk, up, uv, debug); @@ -165,11 +175,16 @@ if (fido_assert_count(assert) != 1) errx(1, "fido_assert_count: %zu", fido_assert_count(assert)); - print_assert(out_f, assert); + print_assert(out_f, assert, rk); fido_dev_close(dev); fido_dev_free(&dev); fido_assert_free(&assert); + fclose(in_f); + fclose(out_f); + in_f = NULL; + out_f = NULL; + exit(0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/tools/assert_verify.c new/libfido2-0.4.0/tools/assert_verify.c --- old/libfido2-0.3.0/tools/assert_verify.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/tools/assert_verify.c 2019-01-07 09:33:58.000000000 +0100 @@ -110,8 +110,9 @@ assert_verify(int argc, char **argv) { fido_assert_t *assert = NULL; - FILE *in_f = stdin; void *pk = NULL; + char *in_path = NULL; + FILE *in_f = NULL; bool up = false; bool uv = false; bool debug = false; @@ -125,8 +126,7 @@ debug = true; break; case 'i': - if (strcmp(optarg, "-")) - in_f = open_read(optarg); + in_path = optarg; break; case 'p': up = true; @@ -145,6 +145,8 @@ if (argc < 1 || argc > 2) usage(); + in_f = open_read(in_path); + if (argc > 1) { if (strcmp(argv[1], "es256") == 0) type = COSE_ES256; @@ -161,5 +163,8 @@ errx(1, "fido_assert_verify: %s", fido_strerr(r)); fido_assert_free(&assert); + fclose(in_f); + in_f = NULL; + exit(0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/tools/cred_make.c new/libfido2-0.4.0/tools/cred_make.c --- old/libfido2-0.3.0/tools/cred_make.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/tools/cred_make.c 2019-01-07 09:33:58.000000000 +0100 @@ -111,8 +111,10 @@ fido_cred_t *cred = NULL; char prompt[1024]; char pin[1024]; - FILE *in_f = stdin; - FILE *out_f = stdout; + char *in_path = NULL; + char *out_path = NULL; + FILE *in_f = NULL; + FILE *out_f = NULL; bool rk = false; bool uv = false; bool debug = false; @@ -127,12 +129,10 @@ debug = true; break; case 'i': - if (strcmp(optarg, "-")) - in_f = open_read(optarg); + in_path = optarg; break; case 'o': - if (strcmp(optarg, "-")) - out_f = open_write(optarg); + out_path = optarg; break; case 'q': quiet = true; @@ -154,6 +154,9 @@ if (argc < 1 || argc > 2) usage(); + in_f = open_read(in_path); + out_f = open_write(out_path); + if (argc > 1) { if (strcmp(argv[1], "es256") == 0) type = COSE_ES256; @@ -187,5 +190,10 @@ fido_dev_free(&dev); fido_cred_free(&cred); + fclose(in_f); + fclose(out_f); + in_f = NULL; + out_f = NULL; + exit(0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/tools/cred_verify.c new/libfido2-0.4.0/tools/cred_verify.c --- old/libfido2-0.3.0/tools/cred_verify.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/tools/cred_verify.c 2019-01-07 09:33:58.000000000 +0100 @@ -113,8 +113,10 @@ cred_verify(int argc, char **argv) { fido_cred_t *cred = NULL; - FILE *in_f = stdin; - FILE *out_f = stdout; + char *in_path = NULL; + char *out_path = NULL; + FILE *in_f = NULL; + FILE *out_f = NULL; bool rk = false; bool uv = false; bool debug = false; @@ -128,12 +130,10 @@ debug = true; break; case 'i': - if (strcmp(optarg, "-")) - in_f = open_read(optarg); + in_path = optarg; break; case 'o': - if (strcmp(optarg, "-")) - out_f = open_write(optarg); + out_path = optarg; break; case 'v': uv = true; @@ -149,6 +149,9 @@ if (argc > 1) usage(); + in_f = open_read(in_path); + out_f = open_write(out_path); + if (argc > 0) { if (strcmp(argv[0], "es256") == 0) type = COSE_ES256; @@ -166,5 +169,10 @@ print_cred(out_f, type, cred); fido_cred_free(&cred); + fclose(in_f); + fclose(out_f); + in_f = NULL; + out_f = NULL; + exit(0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/tools/util.c new/libfido2-0.4.0/tools/util.c --- old/libfido2-0.3.0/tools/util.c 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/tools/util.c 2019-01-07 09:33:58.000000000 +0100 @@ -30,6 +30,8 @@ int fd; FILE *f; + if (file == NULL || strcmp(file, "-") == 0) + return (stdout); if ((fd = open(file, O_WRONLY | O_CREAT, 0600)) < 0) err(1, "open %s", file); if ((f = fdopen(fd, "w")) == NULL) @@ -44,6 +46,8 @@ int fd; FILE *f; + if (file == NULL || strcmp(file, "-") == 0) + return (stdin); if ((fd = open(file, O_RDONLY)) < 0) err(1, "open %s", file); if ((f = fdopen(fd, "r")) == NULL) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/udev/70-old-u2f.rules new/libfido2-0.4.0/udev/70-old-u2f.rules --- old/libfido2-0.3.0/udev/70-old-u2f.rules 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/udev/70-old-u2f.rules 2019-01-07 09:33:58.000000000 +0100 @@ -17,8 +17,8 @@ # HyperSecu HyperFIDO KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", GROUP="plugdev", MODE="0660" -# Feitian ePass FIDO -KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b", GROUP="plugdev", MODE="0660" +# Feitian ePass FIDO, BioPass FIDO2 +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", GROUP="plugdev", MODE="0660" # JaCarta U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101", GROUP="plugdev", MODE="0660" @@ -41,4 +41,7 @@ # Google Titan U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", GROUP="plugdev", MODE="0660" +# Tomu board + chopstx U2F +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab", GROUP="plugdev", MODE="0660" + LABEL="u2f_end" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfido2-0.3.0/udev/70-u2f.rules new/libfido2-0.4.0/udev/70-u2f.rules --- old/libfido2-0.3.0/udev/70-u2f.rules 2018-09-12 13:49:08.000000000 +0200 +++ new/libfido2-0.4.0/udev/70-u2f.rules 2019-01-07 09:33:58.000000000 +0100 @@ -17,8 +17,8 @@ # HyperSecu HyperFIDO KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess" -# Feitian ePass FIDO -KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b", TAG+="uaccess" +# Feitian ePass FIDO, BioPass FIDO2 +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess" # JaCarta U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101", TAG+="uaccess" @@ -41,4 +41,7 @@ # Google Titan U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess" +# Tomu board + chopstx U2F +KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab", TAG+="uaccess" + LABEL="u2f_end"