From nobody Fri Jul 21 15:38:39 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6txq3PjPz4p5HN; Fri, 21 Jul 2023 15:38:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R6txq20RVz4LfF; Fri, 21 Jul 2023 15:38:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689953919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5jjaeU2OGW9CY4s0dp/jmxcNrvYecuF0P4nhR/qmdOM=; b=EnvvTgGMocvB1eADPHsgj7sg5+tN2xeZMzG5UA6iglc2XKmV9igY4azVRbbvLH6dWJQJy6 uYeXVNsO+zUjwpyNt73OkoTEcz2cntKxhOxs+Bl/Y+epNQEsCR4uzGwkIvTo/s0OaxkNjs u/8LIbFre8pMXdGxVt+mq961hO+3LViZtrEmYvzKAkre8jPxZ77qHMs1aCxFBFatTzkGJK cqZLrYDjXIEMxZIyhzxsRY/nJBIscGJ+YJR6MC+UdeoPd9dBtj+Xn1mQaA+pPAGaPBPNAw v7+KYEhLUNF6q8OCuho5PKLkwVRD5R3CSV96dsUvWrYAY7lprxg80sr8Gxt3jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689953919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5jjaeU2OGW9CY4s0dp/jmxcNrvYecuF0P4nhR/qmdOM=; b=WrePcKN4l7SPDGuEUnuYqk1vyhLiz8/ZXLq53ZCkiWeGXY3drokz9lSfqy5HrypGQtTZl+ lVNK/0VCL3TON/fCvnVMZjvR/PlamFdxg1O6Jj/jUDKL5li9DNhvmHIao6ucOfNq7zYy3r mHubl7zXCagKNA75YErekcxI7WwPmoyT8MMOS5vj5LiqKvXKLI2TnWJdsam8bYAvHFCbEl mt1BBoadlJmrngxXN0MWOTCDyU81KfUeu+InAPjN+TNWSqW8e83gFoqrbwFq6EIeMcijzY FMA2r6R5nnOd2wuw2+QqJ3FQzSj/8PhUMADBIiW36bDg5DlH3KX72KAuF287pA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689953919; a=rsa-sha256; cv=none; b=Z+vcmPX0JY8XwOjUBhwPWnnBCN7eUhHSmbnxJVmjN5z7OETvN+d9sh37xRD78r7S8d/ubj qxETrP2ordmWLOXGiJ+oBG8wFCxORPFiF4wQvfu1/W73HZJazfWExYAPL8N6RKHTtcHxOv whNQqRu9vNg03fYQyOPn00JChhR6X8i+Z0J5qp9ADa9XxsabYLQ5Gy8vs63UGm5b91fEbt zZ5+CeVYp/uluvi1hIIIFS3tTBFHlz1j/cdNIdblKaYIm2QAuaj0ETZwTvrVjBtw4UQpQ9 Jtorg4ULPDDHRzT6/9N0IJOJWlCxLKCLMgPoPc2iOngI/hCo3IZALALKtt/HWg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R6txq0yT0zJcR; Fri, 21 Jul 2023 15:38:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36LFcdfF009173; Fri, 21 Jul 2023 15:38:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36LFcdMf009172; Fri, 21 Jul 2023 15:38:39 GMT (envelope-from git) Date: Fri, 21 Jul 2023 15:38:39 GMT Message-Id: <202307211538.36LFcdMf009172@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 079a1c2059e7 - stable/13 - libfido2: update to 1.10.0 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 079a1c2059e7cc19360ff6840317efefdff876a1 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=079a1c2059e7cc19360ff6840317efefdff876a1 commit 079a1c2059e7cc19360ff6840317efefdff876a1 Author: Ed Maste AuthorDate: 2023-05-05 23:57:34 +0000 Commit: Ed Maste CommitDate: 2023-07-21 14:41:42 +0000 libfido2: update to 1.10.0 Some highlights from NEWS: ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. ** New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. ** Documentation and reliability fixes. ** Support for TPM 2.0 attestation of COSE_ES256 credentials. Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 3e696dfb7009cd8ffa12e36f48f4339bb7a2048d) --- contrib/libfido2/CMakeLists.txt | 47 +- contrib/libfido2/LICENSE | 2 +- contrib/libfido2/NEWS | 14 + contrib/libfido2/README.adoc | 4 +- contrib/libfido2/SECURITY.md | 5 + contrib/libfido2/examples/README.adoc | 2 +- contrib/libfido2/fuzz/Dockerfile | 2 +- contrib/libfido2/fuzz/Makefile | 2 +- contrib/libfido2/fuzz/export.gnu | 1 + contrib/libfido2/fuzz/functions.txt | 35 +- contrib/libfido2/fuzz/fuzz_hid.c | 11 +- contrib/libfido2/fuzz/report.tgz | Bin 320981 -> 323706 bytes contrib/libfido2/fuzz/summary.txt | 14 +- contrib/libfido2/man/CMakeLists.txt | 17 +- contrib/libfido2/man/check.sh | 42 ++ contrib/libfido2/man/eddsa_pk_new.3 | 4 +- contrib/libfido2/man/es256_pk_new.3 | 8 +- contrib/libfido2/man/fido2-assert.1 | 6 +- contrib/libfido2/man/fido2-cred.1 | 6 +- contrib/libfido2/man/fido2-token.1 | 24 +- contrib/libfido2/man/fido_assert_allow_cred.3 | 4 +- contrib/libfido2/man/fido_assert_new.3 | 95 ++-- contrib/libfido2/man/fido_assert_set_authdata.3 | 57 ++- contrib/libfido2/man/fido_assert_verify.3 | 6 +- contrib/libfido2/man/fido_bio_dev_get_info.3 | 2 +- contrib/libfido2/man/fido_bio_enroll_new.3 | 4 +- contrib/libfido2/man/fido_bio_info_new.3 | 2 +- contrib/libfido2/man/fido_bio_template.3 | 4 +- contrib/libfido2/man/fido_cbor_info_new.3 | 3 +- contrib/libfido2/man/fido_cred_exclude.3 | 2 +- contrib/libfido2/man/fido_cred_new.3 | 10 +- contrib/libfido2/man/fido_cred_set_authdata.3 | 20 +- contrib/libfido2/man/fido_cred_verify.3 | 44 +- contrib/libfido2/man/fido_credman_metadata_new.3 | 6 +- contrib/libfido2/man/fido_dev_enable_entattest.3 | 6 +- contrib/libfido2/man/fido_dev_get_assert.3 | 6 +- contrib/libfido2/man/fido_dev_get_touch_begin.3 | 4 +- contrib/libfido2/man/fido_dev_info_manifest.3 | 41 +- contrib/libfido2/man/fido_dev_largeblob_get.3 | 10 +- contrib/libfido2/man/fido_dev_make_cred.3 | 6 +- contrib/libfido2/man/fido_dev_open.3 | 71 ++- contrib/libfido2/man/fido_dev_set_io_functions.3 | 81 +++- contrib/libfido2/man/fido_dev_set_pin.3 | 2 +- contrib/libfido2/man/fido_init.3 | 28 +- contrib/libfido2/man/fido_strerr.3 | 2 +- contrib/libfido2/man/rs256_pk_new.3 | 4 +- contrib/libfido2/regress/cred.c | 576 ++++++++++++++++++++++- contrib/libfido2/src/CMakeLists.txt | 2 +- contrib/libfido2/src/bio.c | 4 +- contrib/libfido2/src/cbor.c | 1 - contrib/libfido2/src/dev.c | 7 + contrib/libfido2/src/eddsa.c | 6 +- contrib/libfido2/src/export.gnu | 4 + contrib/libfido2/src/export.llvm | 4 + contrib/libfido2/src/export.msvc | 4 + contrib/libfido2/src/extern.h | 1 - contrib/libfido2/src/fido.h | 8 +- contrib/libfido2/src/fido/types.h | 4 +- contrib/libfido2/src/hid.c | 56 ++- contrib/libfido2/src/hid_osx.c | 62 ++- contrib/libfido2/src/hid_win.c | 2 +- contrib/libfido2/src/tpm.c | 144 +++++- contrib/libfido2/src/webauthn.h | 88 +++- contrib/libfido2/src/winhello.c | 171 ++++--- contrib/libfido2/tools/test.sh | 6 +- contrib/libfido2/windows/build.ps1 | 2 +- contrib/libfido2/windows/const.ps1 | 6 +- contrib/libfido2/windows/cygwin.gpg | Bin 0 -> 2193 bytes contrib/libfido2/windows/cygwin.ps1 | 68 +++ contrib/libfido2/windows/release.ps1 | 19 +- lib/libfido2/Makefile | 2 +- 71 files changed, 1639 insertions(+), 374 deletions(-) diff --git a/contrib/libfido2/CMakeLists.txt b/contrib/libfido2/CMakeLists.txt index d775a98c5b48..11a51ac5a645 100644 --- a/contrib/libfido2/CMakeLists.txt +++ b/contrib/libfido2/CMakeLists.txt @@ -9,7 +9,7 @@ project(libfido2 C) cmake_minimum_required(VERSION 3.0) # Set PIE flags for POSITION_INDEPENDENT_CODE targets, added in CMake 3.14. if(POLICY CMP0083) - cmake_policy(SET CMP0083 NEW) + cmake_policy(SET CMP0083 NEW) endif() include(CheckCCompilerFlag) @@ -21,14 +21,14 @@ include(CheckTypeSize) include(GNUInstallDirs) include(CheckPIESupported OPTIONAL RESULT_VARIABLE CHECK_PIE_SUPPORTED) if(CHECK_PIE_SUPPORTED) - check_pie_supported(LANGUAGES C) + check_pie_supported(LANGUAGES C) endif() set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_COLOR_MAKEFILE OFF) set(CMAKE_VERBOSE_MAKEFILE ON) set(FIDO_MAJOR "1") -set(FIDO_MINOR "9") +set(FIDO_MINOR "10") set(FIDO_PATCH "0") set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH}) @@ -40,16 +40,15 @@ option(BUILD_TOOLS "Build tool programs" ON) option(FUZZ "Enable fuzzing instrumentation" OFF) option(LIBFUZZER "Build libfuzzer harnesses" OFF) option(USE_HIDAPI "Use hidapi as the HID backend" OFF) -option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" OFF) -option(NFC_LINUX "Experimental NFC support on Linux" OFF) +option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" ON) +option(NFC_LINUX "Enable NFC support on Linux" ON) add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR}) add_definitions(-D_FIDO_MINOR=${FIDO_MINOR}) add_definitions(-D_FIDO_PATCH=${FIDO_PATCH}) -if(CYGWIN OR MSYS) +if(CYGWIN OR MSYS OR MINGW) set(WIN32 1) - add_definitions(-DWINVER=0x0a00) endif() if(WIN32) @@ -68,12 +67,13 @@ if(NOT MSVC) set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE") set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1") elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux") - set(NFC_LINUX ON) set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE") set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE") elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD") set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__BSD_VISIBLE=1") + elseif(CMAKE_SYSTEM_NAME STREQUAL "NetBSD") + set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_NETBSD_SOURCE") endif() set(FIDO_CFLAGS "${FIDO_CFLAGS} -std=c99") set(CMAKE_C_FLAGS "${FIDO_CFLAGS} ${CMAKE_C_FLAGS}") @@ -167,12 +167,13 @@ if(MSVC) endif() set(CBOR_LIBRARIES cbor) set(ZLIB_LIBRARIES zlib) - set(CRYPTO_LIBRARIES crypto-46) + set(CRYPTO_LIBRARIES crypto-47) set(MSVC_DISABLED_WARNINGS_LIST "C4152" # nonstandard extension used: function/data pointer # conversion in expression; "C4200" # nonstandard extension used: zero-sized array in # struct/union; + "C4201" # nonstandard extension used: nameless struct/union; "C4204" # nonstandard extension used: non-constant aggregate # initializer; "C4706" # assignment within conditional expression; @@ -188,8 +189,10 @@ if(MSVC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}") set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Od /Z7 /guard:cf /sdl /RTCcsu") set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl") - add_definitions(-DUSE_WINHELLO) - set(USE_WINHELLO ON) + if(USE_WINHELLO) + add_definitions(-DUSE_WINHELLO) + endif() + set(NFC_LINUX OFF) else() include(FindPkgConfig) pkg_search_module(CBOR libcbor) @@ -223,6 +226,8 @@ else() set(BASE_LIBRARIES ${BASE_LIBRARIES} rt) endif() endif() + else() + set(NFC_LINUX OFF) endif() if(MINGW) @@ -238,14 +243,18 @@ else() set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX}) endif() - if(FUZZ) - set(NFC_LINUX ON) - endif() - if(NFC_LINUX) add_definitions(-DNFC_LINUX) endif() + if(WIN32) + if(USE_WINHELLO) + add_definitions(-DUSE_WINHELLO) + endif() + else() + set(USE_WINHELLO OFF) + endif() + add_compile_options(-Wall) add_compile_options(-Wextra) add_compile_options(-Werror) @@ -257,6 +266,10 @@ else() add_compile_options(-pedantic) add_compile_options(-pedantic-errors) + if(WIN32) + add_compile_options(-Wno-type-limits) + add_compile_options(-Wno-cast-function-type) + endif() if(HAVE_SHORTEN_64_TO_32) add_compile_options(-Wshorten-64-to-32) endif() @@ -306,10 +319,10 @@ elseif(NOT MSVC) # clang/gcc + gnu ld if(FUZZ) string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS} - " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/export.gnu") + " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/fuzz/export.gnu") else() string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS} - " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/export.gnu") + " -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/src/export.gnu") endif() if(NOT WIN32) string(CONCAT CMAKE_SHARED_LINKER_FLAGS diff --git a/contrib/libfido2/LICENSE b/contrib/libfido2/LICENSE index 4224f20992c0..75a03f87e3af 100644 --- a/contrib/libfido2/LICENSE +++ b/contrib/libfido2/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2018-2021 Yubico AB. All rights reserved. +Copyright (c) 2018-2022 Yubico AB. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are diff --git a/contrib/libfido2/NEWS b/contrib/libfido2/NEWS index 04cda4e0e83a..a48b685156c1 100644 --- a/contrib/libfido2/NEWS +++ b/contrib/libfido2/NEWS @@ -1,3 +1,17 @@ +* Version 1.10.0 (2022-01-17) + ** hid_osx: handle devices with paths > 511 bytes; gh#462. + ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. + ** winhello: fallback to GetTopWindow() if GetForegroundWindow() fails. + ** winhello: fallback to hid_win.c if webauthn.dll isn't available. + ** New API calls: + - fido_dev_info_set; + - fido_dev_io_handle; + - fido_dev_new_with_info; + - fido_dev_open_with_info. + ** Cygwin and NetBSD build fixes. + ** Documentation and reliability fixes. + ** Support for TPM 2.0 attestation of COSE_ES256 credentials. + * Version 1.9.0 (2021-10-27) ** Enabled NFC support on Linux. ** Added OpenSSL 3.0 compatibility. diff --git a/contrib/libfido2/README.adoc b/contrib/libfido2/README.adoc index a0e188bf8774..114cc5eed762 100644 --- a/contrib/libfido2/README.adoc +++ b/contrib/libfido2/README.adoc @@ -10,7 +10,7 @@ image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fu communicate with a FIDO device over USB, and to verify attestation and assertion signatures. -*libfido2* supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols. +*libfido2* supports the FIDO U2F (CTAP 1) and FIDO2 (CTAP 2) protocols. For usage, see the `examples/` directory. @@ -42,7 +42,7 @@ is also available. ==== Releases -The current release of *libfido2* is 1.9.0. Please consult Yubico's +The current release of *libfido2* is 1.10.0. Please consult Yubico's https://developers.yubico.com/libfido2/Releases[release page] for source and binary releases. diff --git a/contrib/libfido2/SECURITY.md b/contrib/libfido2/SECURITY.md new file mode 100644 index 000000000000..e12a48a847ba --- /dev/null +++ b/contrib/libfido2/SECURITY.md @@ -0,0 +1,5 @@ +# Reporting libfido2 Security Issues + +To report security issues in libfido2, please contact security@yubico.com. +A PGP public key can be found at +https://www.yubico.com/support/security-advisories/issue-rating-system/. diff --git a/contrib/libfido2/examples/README.adoc b/contrib/libfido2/examples/README.adoc index bcecb22f5258..44ee52743a0d 100644 --- a/contrib/libfido2/examples/README.adoc +++ b/contrib/libfido2/examples/README.adoc @@ -25,7 +25,7 @@ The following definitions are used in the description below: - - A credential's associated FIDO 2.1 "largeBlob" symmetric key. + A credential's associated CTAP 2.1 "largeBlob" symmetric key. === Description diff --git a/contrib/libfido2/fuzz/Dockerfile b/contrib/libfido2/fuzz/Dockerfile index f175991d0462..aefe1980ada4 100644 --- a/contrib/libfido2/fuzz/Dockerfile +++ b/contrib/libfido2/fuzz/Dockerfile @@ -7,6 +7,6 @@ ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update RUN apt-get install -y clang-12 cmake git libssl-dev libudev-dev make pkg-config RUN apt-get install -y zlib1g-dev -RUN git clone --branch v0.8.0 https://github.com/PJK/libcbor +RUN git clone --branch v0.9.0 https://github.com/PJK/libcbor RUN git clone https://github.com/yubico/libfido2 RUN CC=clang-12 CXX=clang++-12 /libfido2/fuzz/build-coverage /libcbor /libfido2 diff --git a/contrib/libfido2/fuzz/Makefile b/contrib/libfido2/fuzz/Makefile index 1a974a2bf557..ce3fee73c69c 100644 --- a/contrib/libfido2/fuzz/Makefile +++ b/contrib/libfido2/fuzz/Makefile @@ -2,7 +2,7 @@ # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. -IMAGE := libfido2-coverage:1.9.1 +IMAGE := libfido2-coverage:1.10.0 RUNNER := libfido2-runner PROFDATA := llvm-profdata-12 COV := llvm-cov-12 diff --git a/contrib/libfido2/fuzz/export.gnu b/contrib/libfido2/fuzz/export.gnu index 0c712b30a429..cac142ae970e 100644 --- a/contrib/libfido2/fuzz/export.gnu +++ b/contrib/libfido2/fuzz/export.gnu @@ -201,6 +201,7 @@ fido_dev_info_product; fido_dev_info_product_string; fido_dev_info_ptr; + fido_dev_info_set; fido_dev_info_vendor; fido_dev_is_fido2; fido_dev_major; diff --git a/contrib/libfido2/fuzz/functions.txt b/contrib/libfido2/fuzz/functions.txt index 886893b1d11d..946682d07d00 100644 --- a/contrib/libfido2/fuzz/functions.txt +++ b/contrib/libfido2/fuzz/functions.txt @@ -172,7 +172,7 @@ cbor_array_iter 12 0 100.00% 16 0 cbor_parse_reply 27 0 100.00% 36 0 100.00% cbor_vector_free 6 0 100.00% 5 0 100.00% cbor_bytestring_copy 14 0 100.00% 18 0 100.00% -cbor_string_copy 14 1 92.86% 18 3 83.33% +cbor_string_copy 14 0 100.00% 18 0 100.00% cbor_add_bytestring 14 0 100.00% 21 0 100.00% cbor_add_string 14 0 100.00% 21 0 100.00% cbor_add_bool 14 0 100.00% 21 0 100.00% @@ -200,7 +200,7 @@ cbor_decode_uint64 4 0 100.00% 8 0 cbor_decode_cred_id 8 0 100.00% 9 0 100.00% cbor_decode_user 8 0 100.00% 9 0 100.00% cbor_decode_rp_entity 8 0 100.00% 9 0 100.00% -cbor_build_uint 10 4 60.00% 9 4 55.56% +cbor_build_uint 10 1 90.00% 9 2 77.78% cbor_array_append 17 0 100.00% 21 0 100.00% cbor_array_drop 18 2 88.89% 17 3 82.35% cbor.c:ctap_check_cbor 28 0 100.00% 26 0 100.00% @@ -209,7 +209,7 @@ cbor.c:cbor_add_arg 13 0 100.00% 21 0 cbor.c:cbor_add_uint8 14 0 100.00% 21 0 100.00% cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0 100.00% cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88% -cbor.c:get_cose_alg 36 1 97.22% 38 3 92.11% +cbor.c:get_cose_alg 36 0 100.00% 38 0 100.00% cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00% cbor.c:decode_attcred 25 0 100.00% 44 0 100.00% cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00% @@ -222,7 +222,7 @@ cbor.c:decode_cred_id_entry 10 0 100.00% 19 0 cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00% cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 1047 28 97.33% 1237 54 95.63% +TOTAL 1047 23 97.80% 1237 46 96.28% File '/libfido2/src/compress.c': Name Regions Miss Cover Lines Miss Cover @@ -386,6 +386,7 @@ fido_dev_get_touch_begin 50 0 100.00% 59 fido_dev_get_touch_status 17 0 100.00% 20 0 100.00% fido_dev_set_io_functions 18 4 77.78% 14 6 57.14% fido_dev_set_transport_functions 6 2 66.67% 9 3 66.67% +fido_dev_io_handle 1 1 0.00% 3 3 0.00% fido_init 8 1 87.50% 5 0 100.00% fido_dev_new 5 0 100.00% 14 0 100.00% fido_dev_new_with_info 10 10 0.00% 16 16 0.00% @@ -419,7 +420,7 @@ dev.c:fido_dev_set_extension_flags 7 0 100.00% 7 dev.c:fido_dev_set_option_flags 29 0 100.00% 18 0 100.00% dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00% ------------------------------------------------------------------------------------------------------------------- -TOTAL 420 78 81.43% 488 102 79.10% +TOTAL 421 79 81.24% 491 105 78.62% File '/libfido2/src/ecdh.c': Name Regions Miss Cover Lines Miss Cover @@ -493,8 +494,9 @@ Name Regions Miss Cover Lines Mis fido_hid_get_usage 13 0 100.00% 22 0 100.00% fido_hid_get_report_len 19 0 100.00% 27 0 100.00% fido_dev_info_new 1 0 100.00% 3 0 100.00% -fido_dev_info_free 9 0 100.00% 14 0 100.00% +fido_dev_info_free 9 0 100.00% 9 0 100.00% fido_dev_info_ptr 1 0 100.00% 3 0 100.00% +fido_dev_info_set 26 2 92.31% 30 3 90.00% fido_dev_info_path 1 0 100.00% 3 0 100.00% fido_dev_info_vendor 1 0 100.00% 3 0 100.00% fido_dev_info_product 1 0 100.00% 3 0 100.00% @@ -502,8 +504,9 @@ fido_dev_info_manufacturer_string 1 0 100.00% 3 fido_dev_info_product_string 1 0 100.00% 3 0 100.00% hid.c:get_key_len 6 0 100.00% 12 0 100.00% hid.c:get_key_val 6 0 100.00% 18 0 100.00% +hid.c:fido_dev_info_reset 1 0 100.00% 6 0 100.00% ------------------------------------------------------------------------------------------------------------------- -TOTAL 60 0 100.00% 114 0 100.00% +TOTAL 87 2 97.70% 145 3 97.93% File '/libfido2/src/hid_linux.c': Name Regions Miss Cover Lines Miss Cover @@ -612,7 +615,7 @@ File '/libfido2/src/largeblob.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------- fido_dev_largeblob_get 26 2 92.31% 38 4 89.47% -fido_dev_largeblob_set 27 2 92.59% 36 4 88.89% +fido_dev_largeblob_set 27 0 100.00% 36 0 100.00% fido_dev_largeblob_remove 12 0 100.00% 18 0 100.00% fido_dev_largeblob_get_array 15 2 86.67% 27 4 85.19% fido_dev_largeblob_set_array 14 0 100.00% 19 0 100.00% @@ -642,7 +645,7 @@ largeblob.c:largeblob_get_uv_token 19 0 100.00% 23 largeblob.c:largeblob_set_tx 35 0 100.00% 36 0 100.00% largeblob.c:prepare_hmac 13 2 84.62% 23 7 69.57% ------------------------------------------------------------------------------------------------------------------- -TOTAL 513 21 95.91% 684 47 93.13% +TOTAL 513 19 96.30% 684 43 93.71% File '/libfido2/src/log.c': Name Regions Miss Cover Lines Miss Cover @@ -783,11 +786,11 @@ TOTAL 24 0 100.00% 23 File '/libfido2/src/rs1.c': Name Regions Miss Cover Lines Miss Cover --------------------------------------------------------------------------------------------------------------------- -rs1_verify_sig 20 1 95.00% 30 3 90.00% +rs1_verify_sig 20 0 100.00% 30 0 100.00% rs1.c:rs1_get_EVP_MD 4 0 100.00% 6 0 100.00% rs1.c:rs1_free_EVP_MD 1 0 100.00% 3 0 100.00% --------------------------------------------------------------------------------------------------------------------- -TOTAL 25 1 96.00% 39 3 92.31% +TOTAL 25 0 100.00% 39 0 100.00% File '/libfido2/src/rs256.c': Name Regions Miss Cover Lines Miss Cover @@ -820,15 +823,17 @@ TOTAL 43 3 93.02% 43 File '/libfido2/src/tpm.c': Name Regions Miss Cover Lines Miss Cover --------------------------------------------------------------------------------------------------------------------- -fido_get_signed_hash_tpm 20 0 100.00% 25 0 100.00% -tpm.c:check_rsa2048_pubarea 16 0 100.00% 28 0 100.00% -tpm.c:bswap_rsa2048_pubarea 1 0 100.00% 10 0 100.00% +fido_get_signed_hash_tpm 25 0 100.00% 39 0 100.00% +tpm.c:check_es256_pubarea 18 0 100.00% 30 0 100.00% +tpm.c:bswap_es256_pubarea 1 0 100.00% 12 0 100.00% +tpm.c:check_rs256_pubarea 16 0 100.00% 28 0 100.00% +tpm.c:bswap_rs256_pubarea 1 0 100.00% 10 0 100.00% tpm.c:check_sha1_certinfo 14 0 100.00% 38 0 100.00% tpm.c:get_signed_sha1 17 0 100.00% 19 0 100.00% tpm.c:get_signed_name 7 0 100.00% 10 0 100.00% tpm.c:bswap_sha1_certinfo 1 0 100.00% 8 0 100.00% --------------------------------------------------------------------------------------------------------------------- -TOTAL 76 0 100.00% 138 0 100.00% +TOTAL 100 0 100.00% 194 0 100.00% File '/libfido2/src/types.c': Name Regions Miss Cover Lines Miss Cover diff --git a/contrib/libfido2/fuzz/fuzz_hid.c b/contrib/libfido2/fuzz/fuzz_hid.c index 556e62ac4cd3..eaf00dc92de8 100644 --- a/contrib/libfido2/fuzz/fuzz_hid.c +++ b/contrib/libfido2/fuzz/fuzz_hid.c @@ -175,15 +175,20 @@ static void manifest(const struct param *p) { size_t ndevs, nfound; - fido_dev_info_t *devlist; + fido_dev_info_t *devlist = NULL, *devlist_set = NULL; int16_t vendor_id, product_id; + fido_dev_io_t io; + fido_dev_transport_t t; + memset(&io, 0, sizeof(io)); + memset(&t, 0, sizeof(t)); set_netlink_io_functions(fd_read, fd_write); set_wire_data(p->netlink_wiredata.body, p->netlink_wiredata.len); set_udev_parameters(p->uevent, &p->report_descriptor); ndevs = uniform_random(64); if ((devlist = fido_dev_info_new(ndevs)) == NULL || + (devlist_set = fido_dev_info_new(1)) == NULL || fido_dev_info_manifest(devlist, ndevs, &nfound) != FIDO_OK) goto out; for (size_t i = 0; i < nfound; i++) { @@ -195,9 +200,13 @@ manifest(const struct param *p) product_id = fido_dev_info_product(di); consume(&vendor_id, sizeof(vendor_id)); consume(&product_id, sizeof(product_id)); + fido_dev_info_set(devlist_set, 0, fido_dev_info_path(di), + fido_dev_info_manufacturer_string(di), + fido_dev_info_product_string(di), &io, &t); } out: fido_dev_info_free(&devlist, ndevs); + fido_dev_info_free(&devlist_set, 1); } void diff --git a/contrib/libfido2/fuzz/report.tgz b/contrib/libfido2/fuzz/report.tgz index cf74f315cb80..d78f4628de59 100644 Binary files a/contrib/libfido2/fuzz/report.tgz and b/contrib/libfido2/fuzz/report.tgz differ diff --git a/contrib/libfido2/fuzz/summary.txt b/contrib/libfido2/fuzz/summary.txt index 298c8377379f..05c000aa7757 100644 --- a/contrib/libfido2/fuzz/summary.txt +++ b/contrib/libfido2/fuzz/summary.txt @@ -16,33 +16,33 @@ src/authkey.c 44 0 100.00% src/bio.c 419 20 95.23% 49 2 95.92% 559 21 96.24% src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18% src/buf.c 8 1 87.50% 2 0 100.00% 16 1 93.75% -src/cbor.c 1047 28 97.33% 54 0 100.00% 1237 54 95.63% +src/cbor.c 1047 23 97.80% 54 0 100.00% 1237 46 96.28% src/compress.c 34 4 88.24% 3 0 100.00% 28 3 89.29% src/config.c 108 0 100.00% 11 0 100.00% 151 0 100.00% src/cred.c 632 34 94.62% 69 2 97.10% 830 36 95.66% src/credman.c 382 10 97.38% 40 0 100.00% 518 15 97.10% -src/dev.c 420 78 81.43% 44 6 86.36% 488 102 79.10% +src/dev.c 421 79 81.24% 45 7 84.44% 491 105 78.62% src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58% src/eddsa.c 80 3 96.25% 10 0 100.00% 106 8 92.45% src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06% src/es256.c 306 5 98.37% 19 0 100.00% 358 7 98.04% -src/hid.c 60 0 100.00% 12 0 100.00% 114 0 100.00% +src/hid.c 87 2 97.70% 14 0 100.00% 145 3 97.93% src/hid_linux.c 173 68 60.69% 14 7 50.00% 250 104 58.40% src/hid_unix.c 28 20 28.57% 2 0 100.00% 43 24 44.19% src/info.c 184 0 100.00% 39 0 100.00% 316 0 100.00% src/io.c 182 7 96.15% 13 0 100.00% 221 11 95.02% src/iso7816.c 18 1 94.44% 5 0 100.00% 38 0 100.00% -src/largeblob.c 513 21 95.91% 30 0 100.00% 684 47 93.13% +src/largeblob.c 513 19 96.30% 30 0 100.00% 684 43 93.71% src/log.c 39 5 87.18% 7 1 85.71% 63 4 93.65% src/netlink.c 328 14 95.73% 40 0 100.00% 498 32 93.57% src/nfc_linux.c 327 73 77.68% 23 5 78.26% 458 124 72.93% src/pin.c 403 3 99.26% 26 0 100.00% 495 3 99.39% src/random.c 6 1 83.33% 1 0 100.00% 6 1 83.33% src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00% -src/rs1.c 25 1 96.00% 3 0 100.00% 39 3 92.31% +src/rs1.c 25 0 100.00% 3 0 100.00% 39 0 100.00% src/rs256.c 141 8 94.33% 13 0 100.00% 172 10 94.19% src/time.c 43 3 93.02% 3 0 100.00% 43 1 97.67% -src/tpm.c 76 0 100.00% 7 0 100.00% 138 0 100.00% +src/tpm.c 100 0 100.00% 9 0 100.00% 194 0 100.00% src/types.c 25 0 100.00% 6 0 100.00% 46 0 100.00% src/u2f.c 528 4 99.24% 17 0 100.00% 685 12 98.25% @@ -54,4 +54,4 @@ src/fido.h 0 0 - src/fido/err.h 0 0 - 0 0 - 0 0 - src/fido/param.h 0 0 - 0 0 - 0 0 - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -TOTAL 7809 481 93.84% 679 26 96.17% 10180 708 93.05% +TOTAL 7861 476 93.94% 684 27 96.05% 10270 699 93.19% diff --git a/contrib/libfido2/man/CMakeLists.txt b/contrib/libfido2/man/CMakeLists.txt index 3e50c50d37a0..5ce2fc7b83ed 100644 --- a/contrib/libfido2/man/CMakeLists.txt +++ b/contrib/libfido2/man/CMakeLists.txt @@ -44,6 +44,7 @@ list(APPEND MAN_SOURCES list(APPEND MAN_ALIAS eddsa_pk_new eddsa_pk_free + eddsa_pk_new eddsa_pk_from_EVP_PKEY eddsa_pk_new eddsa_pk_from_ptr eddsa_pk_new eddsa_pk_to_EVP_PKEY es256_pk_new es256_pk_free @@ -75,6 +76,7 @@ list(APPEND MAN_ALIAS fido_assert_new fido_assert_user_id_len fido_assert_new fido_assert_user_id_ptr fido_assert_new fido_assert_user_name + fido_assert_set_authdata fido_assert_set_authdata_raw fido_assert_set_authdata fido_assert_set_clientdata fido_assert_set_authdata fido_assert_set_clientdata_hash fido_assert_set_authdata fido_assert_set_count @@ -117,8 +119,8 @@ list(APPEND MAN_ALIAS fido_cbor_info_new fido_cbor_info_free fido_cbor_info_new fido_cbor_info_maxmsgsiz fido_cbor_info_new fido_cbor_info_maxcredbloblen - fido_cbor_info_new fido_cbor_info_maxcredcntlst; - fido_cbor_info_new fido_cbor_info_maxcredidlen; + fido_cbor_info_new fido_cbor_info_maxcredcntlst + fido_cbor_info_new fido_cbor_info_maxcredidlen fido_cbor_info_new fido_cbor_info_fwversion fido_cbor_info_new fido_cbor_info_options_len fido_cbor_info_new fido_cbor_info_options_name_ptr @@ -163,6 +165,7 @@ list(APPEND MAN_ALIAS fido_cred_new fido_cred_user_name fido_cred_new fido_cred_x5c_len fido_cred_new fido_cred_x5c_ptr + fido_cred_verify fido_cred_verify_self fido_credman_metadata_new fido_credman_del_dev_rk fido_credman_metadata_new fido_credman_get_dev_metadata fido_credman_metadata_new fido_credman_get_dev_rk @@ -211,6 +214,7 @@ list(APPEND MAN_ALIAS fido_dev_info_manifest fido_dev_info_product fido_dev_info_manifest fido_dev_info_product_string fido_dev_info_manifest fido_dev_info_ptr + fido_dev_info_manifest fido_dev_info_set fido_dev_info_manifest fido_dev_info_vendor fido_dev_open fido_dev_build fido_dev_open fido_dev_cancel @@ -219,26 +223,33 @@ list(APPEND MAN_ALIAS fido_dev_open fido_dev_force_fido2 fido_dev_open fido_dev_force_u2f fido_dev_open fido_dev_free + fido_dev_open fido_dev_has_pin + fido_dev_open fido_dev_has_uv fido_dev_open fido_dev_is_fido2 fido_dev_open fido_dev_is_winhello fido_dev_open fido_dev_major fido_dev_open fido_dev_minor fido_dev_open fido_dev_new + fido_dev_open fido_dev_new_with_info + fido_dev_open fido_dev_open_with_info fido_dev_open fido_dev_protocol fido_dev_open fido_dev_supports_cred_prot fido_dev_open fido_dev_supports_credman + fido_dev_open fido_dev_supports_permissions fido_dev_open fido_dev_supports_pin fido_dev_open fido_dev_supports_uv - fido_dev_open fido_dev_has_uv fido_dev_set_pin fido_dev_get_retry_count fido_dev_set_pin fido_dev_get_uv_retry_count fido_dev_set_pin fido_dev_reset + fido_dev_set_io_functions fido_dev_io_handle fido_dev_set_io_functions fido_dev_set_sigmask fido_dev_set_io_functions fido_dev_set_timeout + fido_dev_set_io_functions fido_dev_set_transport_functions fido_dev_largeblob_get fido_dev_largeblob_set fido_dev_largeblob_get fido_dev_largeblob_remove fido_dev_largeblob_get fido_dev_largeblob_get_array fido_dev_largeblob_get fido_dev_largeblob_set_array + fido_init fido_set_log_handler rs256_pk_new rs256_pk_free rs256_pk_new rs256_pk_from_ptr rs256_pk_new rs256_pk_from_EVP_PKEY diff --git a/contrib/libfido2/man/check.sh b/contrib/libfido2/man/check.sh new file mode 100755 index 000000000000..951afeb88e0b --- /dev/null +++ b/contrib/libfido2/man/check.sh @@ -0,0 +1,42 @@ +#!/bin/sh -u + +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +T=$(mktemp -d) || exit 1 +find . -maxdepth 1 -type f -name '*.3' -print0 > "$T/files" + +xargs -0 awk '/^.Sh NAME/,/^.Nd/' < "$T/files" | \ + awk '/^.Nm/ { print $2 }' | sort -u > "$T/Nm" +xargs -0 awk '/^.Fn/ { print $2 }' < "$T/files" | sort -u > "$T/Fn" +(cd "$T" && diff -u Nm Fn) + +cut -c2- ../src/export.llvm | sort > "$T/exports" +(cd "$T" && diff -u Nm exports) + +awk '/^list\(APPEND MAN_SOURCES/,/^\)/' CMakeLists.txt | \ + awk '/.3$/ { print $1 }' | sort > "$T/listed_sources" +xargs -0 -n1 basename < "$T/files" | sort > "$T/actual_sources" +(cd "$T" && diff -u listed_sources actual_sources) + +awk '/^list\(APPEND MAN_ALIAS/,/^\)/' CMakeLists.txt | \ + sed '1d;$d' | awk '{ print $1, $2 }' | sort > "$T/listed_aliases" +xargs -0 grep -o "^.Fn [A-Za-z0-9_]* \"" < "$T/files" | \ + cut -c3- | sed 's/\.3:\.Fn//;s/ "//' | awk '$1 != $2' | \ + sort > "$T/actual_aliases" +(cd "$T" && diff -u listed_aliases actual_aliases) + +xargs -0 grep -hB1 "^.Fn [A-Za-z0-9_]* \"" < "$T/files" | \ + sed -E 's/^.F[tn] //;s/\*[^"\*]+"/\*"/g;s/ [^" \*]+"/"/g;/^--$/d' | \ + paste -d " " - - | sed 's/\* /\*/' | sort > "$T/documented_prototypes" +while read -r f; do + awk "/\/\*/ { next } /$f\(/,/;/" ../src/fido.h ../src/fido/*.h | \ + sed -E 's/^[ ]+//;s/[ ]+/ /' | tr '\n' ' ' | \ + sed 's/(/ "/;s/, /" "/g;s/);/"/;s/ $/\n/' +done < "$T/exports" | sort > "$T/actual_prototypes" +(cd "$T" && diff -u documented_prototypes actual_prototypes) + +(cd "$T" && rm files Nm Fn exports listed_sources actual_sources \ + listed_aliases actual_aliases documented_prototypes actual_prototypes) +rmdir -- "$T" diff --git a/contrib/libfido2/man/eddsa_pk_new.3 b/contrib/libfido2/man/eddsa_pk_new.3 index 65bf9a9f753d..998def484790 100644 --- a/contrib/libfido2/man/eddsa_pk_new.3 +++ b/contrib/libfido2/man/eddsa_pk_new.3 @@ -11,7 +11,7 @@ .Nm eddsa_pk_from_EVP_PKEY , .Nm eddsa_pk_from_ptr , .Nm eddsa_pk_to_EVP_PKEY -.Nd FIDO 2 COSE EDDSA API +.Nd FIDO2 COSE EDDSA API .Sh SYNOPSIS .In openssl/evp.h .In fido/eddsa.h @@ -106,7 +106,7 @@ If an error occurs, returns NULL. .Sh RETURN VALUES The -.Fn eddsa_pk_from_EC_KEY +.Fn eddsa_pk_from_EVP_PKEY and .Fn eddsa_pk_from_ptr functions return diff --git a/contrib/libfido2/man/es256_pk_new.3 b/contrib/libfido2/man/es256_pk_new.3 index 6c1bac0f57f9..5e184340a575 100644 --- a/contrib/libfido2/man/es256_pk_new.3 +++ b/contrib/libfido2/man/es256_pk_new.3 @@ -9,10 +9,10 @@ .Nm es256_pk_new , .Nm es256_pk_free , .Nm es256_pk_from_EC_KEY , -.Nm es256_pk_from_EVP_KEY , +.Nm es256_pk_from_EVP_PKEY , .Nm es256_pk_from_ptr , .Nm es256_pk_to_EVP_PKEY -.Nd FIDO 2 COSE ES256 API +.Nd FIDO2 COSE ES256 API .Sh SYNOPSIS .In openssl/ec.h .In fido/es256.h @@ -82,7 +82,7 @@ No references to are kept. .Pp The -.Fn es256_pk_from_EVP_KEY +.Fn es256_pk_from_EVP_PKEY function fills .Fa pk with the contents of @@ -124,7 +124,7 @@ returns NULL. .Sh RETURN VALUES The .Fn es256_pk_from_EC_KEY , -.Fn es256_pk_from_EVP_KEY , +.Fn es256_pk_from_EVP_PKEY , and .Fn es256_pk_from_ptr functions return diff --git a/contrib/libfido2/man/fido2-assert.1 b/contrib/libfido2/man/fido2-assert.1 index da47d6f19dd3..ee8135c18483 100644 --- a/contrib/libfido2/man/fido2-assert.1 +++ b/contrib/libfido2/man/fido2-assert.1 @@ -7,7 +7,7 @@ .Os .Sh NAME .Nm fido2-assert -.Nd get/verify a FIDO 2 assertion +.Nd get/verify a FIDO2 assertion .Sh SYNOPSIS .Nm .Fl G @@ -24,7 +24,7 @@ .Op Ar type .Sh DESCRIPTION .Nm -gets or verifies a FIDO 2 assertion. +gets or verifies a FIDO2 assertion. .Pp The input of .Nm @@ -117,7 +117,7 @@ will not expect a credential id in its input, and may output multiple assertions. Resident credentials are called .Dq discoverable credentials -in FIDO 2.1. +in CTAP 2.1. .It Fl t Ar option Toggles a key/value .Ar option , diff --git a/contrib/libfido2/man/fido2-cred.1 b/contrib/libfido2/man/fido2-cred.1 index 301564d688e5..0b10e74a0507 100644 --- a/contrib/libfido2/man/fido2-cred.1 +++ b/contrib/libfido2/man/fido2-cred.1 @@ -7,7 +7,7 @@ .Os .Sh NAME .Nm fido2-cred -.Nd make/verify a FIDO 2 credential +.Nd make/verify a FIDO2 credential .Sh SYNOPSIS .Nm .Fl M @@ -26,7 +26,7 @@ .Op Ar type .Sh DESCRIPTION .Nm -makes or verifies a FIDO 2 credential. +makes or verifies a FIDO2 credential. .Pp A credential .Ar type @@ -143,7 +143,7 @@ will fail. Create a resident credential. Resident credentials are called .Dq discoverable credentials -in FIDO 2.1. +in CTAP 2.1. .It Fl u Create a U2F credential. By default, diff --git a/contrib/libfido2/man/fido2-token.1 b/contrib/libfido2/man/fido2-token.1 index fd82c23cffb7..1aa2feb86859 100644 --- a/contrib/libfido2/man/fido2-token.1 +++ b/contrib/libfido2/man/fido2-token.1 @@ -7,7 +7,7 @@ .Os .Sh NAME .Nm fido2-token -.Nd find and manage a FIDO 2 authenticator +.Nd find and manage a FIDO2 authenticator .Sh SYNOPSIS .Nm .Fl C @@ -121,7 +121,7 @@ .Fl V .Sh DESCRIPTION .Nm -manages a FIDO 2 authenticator. +manages a FIDO2 authenticator. .Pp The options are as follows: .Bl -tag -width Ds @@ -176,12 +176,12 @@ where is the enrollment's template base64-encoded id. The user will be prompted for the PIN. .It Fl D Fl u Ar device -Disables the FIDO 2.1 +Disables the CTAP 2.1 .Dq user verification always feature on .Ar device . .It Fl G Fl b Fl k Ar key_path Ar blob_path Ar device -Gets a FIDO 2.1 +Gets a CTAP 2.1 .Dq largeBlob encrypted with .Ar key_path @@ -194,7 +194,7 @@ The blob is written to .Ar blob_path . A PIN or equivalent user-verification gesture is required. .It Fl G Fl b Fl n Ar rp_id Oo Fl i Ar cred_id Oc Ar blob_path Ar device -Gets a FIDO 2.1 +Gets a CTAP 2.1 .Dq largeBlob associated with .Ar rp_id @@ -234,7 +234,7 @@ The user will be prompted for the PIN. .It Fl L Produces a list of authenticators found by the operating system. .It Fl L Fl b Ar device -Produces a list of FIDO 2.1 +Produces a list of CTAP 2.1 .Dq largeBlobs on .Ar device . @@ -264,12 +264,12 @@ Sets the PIN of .Ar device . The user will be prompted for the PIN. .It Fl S Fl a Ar device -Enables FIDO 2.1 Enterprise Attestation on +Enables CTAP 2.1 Enterprise Attestation on .Ar device . .It Fl S Fl b Fl k Ar key_path Ar blob_path Ar device Sets .Ar blob_path -as a FIDO 2.1 +as a CTAP 2.1 .Dq largeBlob encrypted with .Ar key_path @@ -284,7 +284,7 @@ A PIN or equivalent user-verification gesture is required. .It Fl S Fl b Fl n Ar rp_id Oo Fl i Ar cred_id Oc Ar blob_path Ar device Sets .Ar blob_path -as a FIDO 2.1 +as a CTAP 2.1 .Dq largeBlob associated with .Ar rp_id @@ -353,7 +353,7 @@ the minimum PIN length of Multiple IDs may be specified, separated by commas. The user will be prompted for the PIN. .It Fl S Fl u Ar device -Enables the FIDO 2.1 +Enables the CTAP 2.1 .Dq user verification always feature on .Ar device . @@ -392,9 +392,9 @@ An authenticator's path may contain spaces. .Pp Resident credentials are called .Dq discoverable credentials -in FIDO 2.1. +in CTAP 2.1. .Pp -Whether the FIDO 2.1 +Whether the CTAP 2.1 .Dq user verification always feature is activated or deactivated after an authenticator reset is vendor-specific. diff --git a/contrib/libfido2/man/fido_assert_allow_cred.3 b/contrib/libfido2/man/fido_assert_allow_cred.3 index bbe6e4d8929a..7fd730c3f63c 100644 --- a/contrib/libfido2/man/fido_assert_allow_cred.3 +++ b/contrib/libfido2/man/fido_assert_allow_cred.3 @@ -7,7 +7,7 @@ .Os .Sh NAME .Nm fido_assert_allow_cred -.Nd appends a credential ID to the list of credentials allowed in an assertion +.Nd allow a credential in a FIDO2 assertion .Sh SYNOPSIS .In fido.h .Ft int @@ -31,7 +31,7 @@ If .Fn fido_assert_allow_cred fails, the existing list of allowed credentials is preserved. .Pp -For the format of a FIDO 2 credential ID, please refer to the +For the format of a FIDO2 credential ID, please refer to the Web Authentication (webauthn) standard. .Sh RETURN VALUES The error codes returned by diff --git a/contrib/libfido2/man/fido_assert_new.3 b/contrib/libfido2/man/fido_assert_new.3 index 16f4e3a6e46d..a1a3c101ba33 100644 --- a/contrib/libfido2/man/fido_assert_new.3 +++ b/contrib/libfido2/man/fido_assert_new.3 @@ -31,7 +31,7 @@ .Nm fido_assert_id_len , .Nm fido_assert_sigcount , .Nm fido_assert_flags -.Nd FIDO 2 assertion API +.Nd FIDO2 assertion API .Sh SYNOPSIS .In fido.h .Ft fido_assert_t * @@ -85,9 +85,12 @@ .Ft uint8_t .Fn fido_assert_flags "const fido_assert_t *assert" "size_t idx" .Sh DESCRIPTION -FIDO 2 assertions are abstracted in -.Em libfido2 -by the +A FIDO2 assertion is a collection of statements, each statement a +map between a challenge, a credential, a signature, and ancillary +attributes. +In *** 3261 LINES SKIPPED ***