Initialize for libfido2

2024-02-10 22:05:28 +08:00 · 2024-02-10 22:05:28 +08:00 · ec9fd5b4f3
commit ec9fd5b4f3
6 changed files with 286 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+libfido2-1.5.0.tar.gz
--- a/.libfido2.metadata
+++ b/.libfido2.metadata
@ -0,0 +1 @@
+18e625afbc5e0a607d0024788c78223222499fc053318f11f8544d2f41498c3a libfido2-1.5.0.tar.gz
--- a/7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
+++ b/7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
@ -0,0 +1,27 @@
+From 7a17a4e9127fb6df6278f19396760e7d60a5862c Mon Sep 17 00:00:00 2001
+From: pedro martelletto <pedro@ambientworks.net>
+Date: Wed, 9 Sep 2020 18:01:53 +0200
+Subject: [PATCH] add two casts to silence warnings on 32-bit
+
+add two casts to silence 'comparison is always false' warnings on
+32-bit platforms (gcc: -Werror=type-limits, clang:
+-Wtautological-constant-out-of-range-compare); gh#210
+---
+ src/hid_linux.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/hid_linux.c b/src/hid_linux.c
+index 9788012..c554784 100644
+--- a/src/hid_linux.c
+++ b/src/hid_linux.c
+@@ -385,8 +385,8 @@ timespec_to_ms(const struct timespec *ts, int upper_bound)
+ 	int64_t x;
+ 	int64_t y;
+ 
+-	if (ts->tv_sec < 0 || ts->tv_sec > INT64_MAX / 1000LL ||
+-	    ts->tv_nsec < 0 || ts->tv_nsec / 1000000LL > INT64_MAX)
+	if (ts->tv_sec < 0 || (uint64_t)ts->tv_sec > INT64_MAX / 1000LL ||
+	    ts->tv_nsec < 0 || (uint64_t)ts->tv_nsec / 1000000LL > INT64_MAX)
+ 		return (upper_bound);
+ 
+ 	x = ts->tv_sec * 1000LL;
--- a/libfido2-1.5.0.tar.gz.sig
+++ b/libfido2-1.5.0.tar.gz.sig
--- a/libfido2.changes
+++ b/libfido2.changes
@ -0,0 +1,140 @@
+* Tue Nov 17 2020 hpj@suse.com
+- Add Conflicts: to supersede version 1.0.0. This is needed for
+  a clean upgrade path on SLE.
+* Wed Sep  9 2020 idonmez@suse.com
+- Add 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch from upstream
+  to fix 32bit compilation issues.
+* Tue Sep  1 2020 idonmez@suse.com
+- Update to version 1.5.0
+  * hid_linux: return FIDO_OK if no devices are found.
+  * hid_osx:
+    + repair communication with U2F tokens, gh#166;
+    + reliability fixes.
+  * fido2-{assert,cred}: new options to explicitly toggle UP, UV.
+  * Support for configurable report lengths.
+  * New API calls:
+    + fido_cbor_info_maxcredcntlst
+    + fido_cbor_info_maxcredidlen
+    + fido_cred_aaguid_len
+    + fido_cred_aaguid_ptr
+    + fido_dev_get_touch_begin
+    + fido_dev_get_touch_status
+  * Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
+  * Allow CTAP messages up to 2048 bytes; gh#171.
+  * Ensure we only list USB devices by default.
+* Fri Jul 24 2020 stefan.bruens@rwth-aachen.de
+- Cleanup udev rules, trying to use the Debian specific plugdev
+  group fills up the journal.
+- Make the udev rules package noarch, correct Summary
+* Fri Jul  3 2020 idonmez@suse.com
+- Create a udev subpackage and ship the udev rule
+* Thu Jul  2 2020 idonmez@suse.com
+- Don't build with hidapi support to fix issues with Yubikey 5Ci
+  https://github.com/Yubico/libfido2/issues/190
+* Mon May 25 2020 idonmez@suse.com
+- Update to version 1.4.0
+  * hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
+  * Fall back to U2F if the key claims to, but does not support FIDO2.
+  * FIDO2 credential protection (credprot) support.
+  * New API calls:
+    + fido_cbor_info_fwversion;
+    + fido_cred_prot;
+    + fido_cred_set_prot;
+    + fido_dev_set_transport_functions;
+    + fido_set_log_handler.
+  * Fixed EdDSA and RSA self-attestation.
+* Sun Mar  1 2020 mrueckert@suse.de
+- Version 1.3.1
+  - fix zero-ing of le1 and le2 when talking to a U2F device.
+  - dropping sk-libfido2 middleware, please find it in the openssh
+    tree.
+* Sun Dec  8 2019 kbabioch@suse.de
+- Version 1.3.0 (2019-11-28)
+  * assert/hmac: encode public key as per spec, gh#60.
+  * fido2-cred: fix creation of resident keys.
+  * fido2-{assert,cred}: support for hmac-secret extension.
+  * hid_osx: detect device removal, gh#56.
+  * hid_osx: fix device detection in MacOS Catalina.
+  * New API calls:
+  - fido_assert_set_authdata_raw;
+  - fido_assert_sigcount;
+  - fido_cred_set_authdata_raw;
+  - fido_dev_cancel.
+  * Middleware library for use by OpenSSH.
+  * Support for biometric enrollment.
+  * Support for OpenBSD.
+  * Support for self-attestation.
+* Mon Sep 16 2019 simmphonie@opensuse.org
+- Version 1.2.0 (released 2019-07-26)
+  * Credential management support.
+  * New API reflecting FIDO’s 3-state booleans (true, false, absent):
+  - fido_assert_set_up;
+  - fido_assert_set_uv;
+  - fido_cred_set_rk;
+  - fido_cred_set_uv.
+  * Command-line tools for Windows.
+  * Documentation and reliability fixes.
+  * fido_{assert,cred}_set_options() are now marked as deprecated.
+* Tue May 28 2019 kbabioch@suse.de
+- Version 1.1.0 (released 2019-05-08)
+  * EdDSA (Ed25519) support.
+  * fido_dev_make_cred: fix order of CBOR map keys.
+  * fido_dev_get_assert: plug memory leak when operating on U2F devices.
+* Sat Apr 20 2019 jengelh@inai.de
+- Use automatic dependency discovery for
+  libfido2-utils -> libfido2-1_0-0.
+* Tue Apr 16 2019 kbabioch@suse.de
+- Added Conflicts to libfido2-0_4_0 to make sure upgrade goes smoothly as
+  outline in sr#690566
+* Tue Apr  2 2019 kbabioch@suse.de
+- Split utilities into sub-package libfido2-utils and package man pages
+  correctly (bsc#1131163)
+* Thu Mar 21 2019 kbabioch@suse.de
+- Version 1.0.0 (released 2019-03-21)
+  * Native HID support on Linux, MacOS, and Windows.
+  * fido2-{assert,cred}: new -u option to force U2F on dual authenticators.
+  * fido2-assert: support for multiple resident keys with the same RP.
+  * Strict checks for CTAP2 compliance on received CBOR payloads.
+  * Better fuzzing harnesses.
+  * Documentation and reliability fixes.
+* Wed Jan  9 2019 kbabioch@suse.de
+- Version 0.4.0 (released 2019-01-07)
+  * fido2-assert: print the user id for resident credentials.
+  * Fix encoding of COSE algorithms when making a credential.
+  * Rework purpose of fido_cred_set_type; no ABI change.
+  * Minor documentation and code fixes.
+- Dropped patch that is included upstream now: fix-release-build.patch
+* Mon Oct  1 2018 kbabioch@suse.com
+- Added patch:
+  * fix-release-build.patch: Disables regression tests as proposed by upstream
+* Mon Oct  1 2018 kbabioch@suse.com
+- Applied spec-cleaner
+* Sun Sep 30 2018 t.gruner@katodev.de
+- Build package without regression tests
+- Version 0.3.0 (released 2018-09-11)
+  - Various reliability fixes.
+  - Merged fuzzing instrumentation.
+  - Added regress tests.
+  - Added support for FIDO 2’s hmac-secret extension.
+  - New API calls:
+  * fido_assert_hmac_secret_len;
+  * fido_assert_hmac_secret_ptr;
+  * fido_assert_set_extensions;
+  * fido_assert_set_hmac_salt;
+  * fido_cred_set_extensions;
+  * fido_dev_force_fido2.
+  - Support for native builds with Microsoft Visual Studio 17.
+* Fri Sep 28 2018 jengelh@inai.de
+- Fix RPM group. Wrap description.
+* Thu Jun 21 2018 t.gruner@katodev.de
+- Version 0.2.0 (released 2018-06-20)
+  - Added command-line tools.
+  - Added a couple of missing get functions.
+- Version 0.1.1 (released 2018-06-05)
+  - Added documentation.
+  - Added OpenSSL 1.0 support.
+  - Minor fixes.
+* Sun May 27 2018 t.gruner@katodev.de
+- update to version 0.1.0
+* Mon Apr 30 2018 t.gruner@katodev.de
+- Initial release version 0_git
--- a/libfido2.spec
+++ b/libfido2.spec
@ -0,0 +1,117 @@
+#
+# spec file for package libfido2
+#
+# Copyright (c) 2022-2023 ZhuningOS
+#
+
+
+%define sover  1
+Name:           libfido2
+Version:        1.5.0
+Release:        1.30
+Summary:        FIDO U2F and FIDO 2.0 protocols
+License:        BSD-2-Clause
+URL:            https://developers.yubico.com/
+Source0:        https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz
+Source1:        https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz.sig
+Patch1:         7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
+BuildRequires:  cmake
+BuildRequires:  gcc-c++
+BuildRequires:  libopenssl-1_1-devel
+BuildRequires:  ninja
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libcbor)
+BuildRequires:  pkgconfig(libudev)
+
+%description
+Provides library functionality for communicating with a FIDO device
+over USB as well as verifying attestation and assertion signatures.
+
+%package     -n %{name}-%{sover}
+Summary:        FIDO U2F and FIDO 2.0 protocols
+Requires:       %{name}-udev
+Provides:       %{name} = %{version}
+Obsoletes:      %{name} < %{version}
+
+%description -n %{name}-%{sover}
+This library supports the FIDO U2F and FIDO 2.0 protocols for
+communicating with a USB authenticator via the
+Client-to-Authenticator Protocol (CTAP 1 and 2).
+
+%package     -n %{name}-devel
+Summary:        Development files for FIDO U2F and FIDO 2.0 protocols
+Requires:       %{name}-%{sover} = %{version}
+Requires:       libopenssl-1_1-devel
+Conflicts:      libfido2-0_4_0
+Conflicts:      libfido2-1_0_0
+
+%description -n %{name}-devel
+This package contains the header file needed to develop applications that
+use FIDO U2F and FIDO 2.0 protocols.
+
+%package     -n %{name}-utils
+Summary:        Utility programs making use of libfido2, a library for FIDO U2F and FIDO 2.0
+Conflicts:      libfido2-0_4_0
+Conflicts:      libfido2-1_0_0
+
+%description -n %{name}-utils
+This package contains utilities to use FIDO U2F and FIDO 2.0 protocols.
+
+%package        udev
+Summary:        Udev rules for libfido2
+BuildArch:      noarch
+
+%description    udev
+This package contains the udev rules for FIDO2 compatible devices.
+
+%prep
+%autosetup -p1
+
+%build
+%define __builder ninja
+%cmake \
+    -DCBOR_LIBRARY_DIRS=%{_libdir} \
+    -DUSE_HIDAPI=0
+%cmake_build
+
+%install
+%cmake_install
+
+# Remove Debian specific plugdev setting from udev rules
+sed -i -e 's/, GROUP="plugdev"//g ; s/, MODE="0660"//g' udev/70-u2f.rules
+# u2f-host has the same udev rule, use a different name
+mkdir -p %{buildroot}%{_udevrulesdir}
+install -m 0644 udev/70-u2f.rules %{buildroot}%{_udevrulesdir}/70-fido2.rules
+
+find %{buildroot} -type f -name "*.a" -delete -print
+
+%post   -n %{name}-%{sover} -p /sbin/ldconfig
+%postun -n %{name}-%{sover} -p /sbin/ldconfig
+
+%post udev
+%{udev_rules_update}
+
+%postun udev
+%{udev_rules_update}
+
+%files -n %{name}-%{sover}
+%license LICENSE
+%doc README.adoc
+%{_libdir}/%{name}.so.*
+
+%files -n %{name}-devel
+%{_includedir}/*.h
+%dir %{_includedir}/fido
+%{_includedir}/fido/*.h
+%{_libdir}/%{name}.so
+%{_mandir}/man3/*
+%{_libdir}/pkgconfig/*
+
+%files udev
+%{_udevrulesdir}/70-fido2.rules
+
+%files -n %{name}-utils
+%{_bindir}/fido2-*
+%{_mandir}/man1/*
+
+%changelog
				`@ -0,0 +1 @@`
				`18e625afbc5e0a607d0024788c78223222499fc053318f11f8544d2f41498c3a libfido2-1.5.0.tar.gz`