From ec9fd5b4f321db6ce17adc9c6b94b99faa77f691 Mon Sep 17 00:00:00 2001 From: zyppe <210hcl@gmail.com> Date: Sat, 10 Feb 2024 22:05:28 +0800 Subject: [PATCH] Initialize for libfido2 --- .gitignore | 1 + .libfido2.metadata | 1 + ...a4e9127fb6df6278f19396760e7d60a5862c.patch | 27 ++++ libfido2-1.5.0.tar.gz.sig | Bin 0 -> 310 bytes libfido2.changes | 140 ++++++++++++++++++ libfido2.spec | 117 +++++++++++++++ 6 files changed, 286 insertions(+) create mode 100644 .gitignore create mode 100644 .libfido2.metadata create mode 100644 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch create mode 100644 libfido2-1.5.0.tar.gz.sig create mode 100644 libfido2.changes create mode 100644 libfido2.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e0679b9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +libfido2-1.5.0.tar.gz diff --git a/.libfido2.metadata b/.libfido2.metadata new file mode 100644 index 0000000..01978dc --- /dev/null +++ b/.libfido2.metadata @@ -0,0 +1 @@ +18e625afbc5e0a607d0024788c78223222499fc053318f11f8544d2f41498c3a libfido2-1.5.0.tar.gz diff --git a/7a17a4e9127fb6df6278f19396760e7d60a5862c.patch b/7a17a4e9127fb6df6278f19396760e7d60a5862c.patch new file mode 100644 index 0000000..b832446 --- /dev/null +++ b/7a17a4e9127fb6df6278f19396760e7d60a5862c.patch @@ -0,0 +1,27 @@ +From 7a17a4e9127fb6df6278f19396760e7d60a5862c Mon Sep 17 00:00:00 2001 +From: pedro martelletto +Date: Wed, 9 Sep 2020 18:01:53 +0200 +Subject: [PATCH] add two casts to silence warnings on 32-bit + +add two casts to silence 'comparison is always false' warnings on +32-bit platforms (gcc: -Werror=type-limits, clang: +-Wtautological-constant-out-of-range-compare); gh#210 +--- + src/hid_linux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/hid_linux.c b/src/hid_linux.c +index 9788012..c554784 100644 +--- a/src/hid_linux.c ++++ b/src/hid_linux.c +@@ -385,8 +385,8 @@ timespec_to_ms(const struct timespec *ts, int upper_bound) + int64_t x; + int64_t y; + +- if (ts->tv_sec < 0 || ts->tv_sec > INT64_MAX / 1000LL || +- ts->tv_nsec < 0 || ts->tv_nsec / 1000000LL > INT64_MAX) ++ if (ts->tv_sec < 0 || (uint64_t)ts->tv_sec > INT64_MAX / 1000LL || ++ ts->tv_nsec < 0 || (uint64_t)ts->tv_nsec / 1000000LL > INT64_MAX) + return (upper_bound); + + x = ts->tv_sec * 1000LL; diff --git a/libfido2-1.5.0.tar.gz.sig b/libfido2-1.5.0.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000..9c2fc60fbeb4da3d1ecb33bd138d620e55be8d9f GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j+8E-A&_D(QCloTZg9yx|r<*=gAY0$);QZvYAj5HY;r z7C+f(*%)L90Iy4T$Hm_5h*gU~Yd-erB%Y5d7ArPcR!^voqC?NX_Hf4GN9K0NCpWn6 zfC9RJgzuoz>UCB2!nkt^iVlU$12HRgsW6n78_v!Oy3OKDHKHJ)2_#_S%y$uy8tu8YQ^&@IyyHjFinXhng}ya%rvTiAeqR^eel I#6DQyU)3Fvod5s; literal 0 HcmV?d00001 diff --git a/libfido2.changes b/libfido2.changes new file mode 100644 index 0000000..d7cdbde --- /dev/null +++ b/libfido2.changes @@ -0,0 +1,140 @@ +* Tue Nov 17 2020 hpj@suse.com +- Add Conflicts: to supersede version 1.0.0. This is needed for + a clean upgrade path on SLE. +* Wed Sep 9 2020 idonmez@suse.com +- Add 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch from upstream + to fix 32bit compilation issues. +* Tue Sep 1 2020 idonmez@suse.com +- Update to version 1.5.0 + * hid_linux: return FIDO_OK if no devices are found. + * hid_osx: + + repair communication with U2F tokens, gh#166; + + reliability fixes. + * fido2-{assert,cred}: new options to explicitly toggle UP, UV. + * Support for configurable report lengths. + * New API calls: + + fido_cbor_info_maxcredcntlst + + fido_cbor_info_maxcredidlen + + fido_cred_aaguid_len + + fido_cred_aaguid_ptr + + fido_dev_get_touch_begin + + fido_dev_get_touch_status + * Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154. + * Allow CTAP messages up to 2048 bytes; gh#171. + * Ensure we only list USB devices by default. +* Fri Jul 24 2020 stefan.bruens@rwth-aachen.de +- Cleanup udev rules, trying to use the Debian specific plugdev + group fills up the journal. +- Make the udev rules package noarch, correct Summary +* Fri Jul 3 2020 idonmez@suse.com +- Create a udev subpackage and ship the udev rule +* Thu Jul 2 2020 idonmez@suse.com +- Don't build with hidapi support to fix issues with Yubikey 5Ci + https://github.com/Yubico/libfido2/issues/190 +* Mon May 25 2020 idonmez@suse.com +- Update to version 1.4.0 + * hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. + * Fall back to U2F if the key claims to, but does not support FIDO2. + * FIDO2 credential protection (credprot) support. + * New API calls: + + fido_cbor_info_fwversion; + + fido_cred_prot; + + fido_cred_set_prot; + + fido_dev_set_transport_functions; + + fido_set_log_handler. + * Fixed EdDSA and RSA self-attestation. +* Sun Mar 1 2020 mrueckert@suse.de +- Version 1.3.1 + - fix zero-ing of le1 and le2 when talking to a U2F device. + - dropping sk-libfido2 middleware, please find it in the openssh + tree. +* Sun Dec 8 2019 kbabioch@suse.de +- Version 1.3.0 (2019-11-28) + * assert/hmac: encode public key as per spec, gh#60. + * fido2-cred: fix creation of resident keys. + * fido2-{assert,cred}: support for hmac-secret extension. + * hid_osx: detect device removal, gh#56. + * hid_osx: fix device detection in MacOS Catalina. + * New API calls: + - fido_assert_set_authdata_raw; + - fido_assert_sigcount; + - fido_cred_set_authdata_raw; + - fido_dev_cancel. + * Middleware library for use by OpenSSH. + * Support for biometric enrollment. + * Support for OpenBSD. + * Support for self-attestation. +* Mon Sep 16 2019 simmphonie@opensuse.org +- Version 1.2.0 (released 2019-07-26) + * Credential management support. + * New API reflecting FIDO’s 3-state booleans (true, false, absent): + - fido_assert_set_up; + - fido_assert_set_uv; + - fido_cred_set_rk; + - fido_cred_set_uv. + * Command-line tools for Windows. + * Documentation and reliability fixes. + * fido_{assert,cred}_set_options() are now marked as deprecated. +* Tue May 28 2019 kbabioch@suse.de +- Version 1.1.0 (released 2019-05-08) + * EdDSA (Ed25519) support. + * fido_dev_make_cred: fix order of CBOR map keys. + * fido_dev_get_assert: plug memory leak when operating on U2F devices. +* Sat Apr 20 2019 jengelh@inai.de +- Use automatic dependency discovery for + libfido2-utils -> libfido2-1_0-0. +* Tue Apr 16 2019 kbabioch@suse.de +- Added Conflicts to libfido2-0_4_0 to make sure upgrade goes smoothly as + outline in sr#690566 +* Tue Apr 2 2019 kbabioch@suse.de +- Split utilities into sub-package libfido2-utils and package man pages + correctly (bsc#1131163) +* Thu Mar 21 2019 kbabioch@suse.de +- Version 1.0.0 (released 2019-03-21) + * Native HID support on Linux, MacOS, and Windows. + * fido2-{assert,cred}: new -u option to force U2F on dual authenticators. + * fido2-assert: support for multiple resident keys with the same RP. + * Strict checks for CTAP2 compliance on received CBOR payloads. + * Better fuzzing harnesses. + * Documentation and reliability fixes. +* Wed Jan 9 2019 kbabioch@suse.de +- Version 0.4.0 (released 2019-01-07) + * fido2-assert: print the user id for resident credentials. + * Fix encoding of COSE algorithms when making a credential. + * Rework purpose of fido_cred_set_type; no ABI change. + * Minor documentation and code fixes. +- Dropped patch that is included upstream now: fix-release-build.patch +* Mon Oct 1 2018 kbabioch@suse.com +- Added patch: + * fix-release-build.patch: Disables regression tests as proposed by upstream +* Mon Oct 1 2018 kbabioch@suse.com +- Applied spec-cleaner +* Sun Sep 30 2018 t.gruner@katodev.de +- Build package without regression tests +- Version 0.3.0 (released 2018-09-11) + - Various reliability fixes. + - Merged fuzzing instrumentation. + - Added regress tests. + - Added support for FIDO 2’s hmac-secret extension. + - New API calls: + * fido_assert_hmac_secret_len; + * fido_assert_hmac_secret_ptr; + * fido_assert_set_extensions; + * fido_assert_set_hmac_salt; + * fido_cred_set_extensions; + * fido_dev_force_fido2. + - Support for native builds with Microsoft Visual Studio 17. +* Fri Sep 28 2018 jengelh@inai.de +- Fix RPM group. Wrap description. +* Thu Jun 21 2018 t.gruner@katodev.de +- Version 0.2.0 (released 2018-06-20) + - Added command-line tools. + - Added a couple of missing get functions. +- Version 0.1.1 (released 2018-06-05) + - Added documentation. + - Added OpenSSL 1.0 support. + - Minor fixes. +* Sun May 27 2018 t.gruner@katodev.de +- update to version 0.1.0 +* Mon Apr 30 2018 t.gruner@katodev.de +- Initial release version 0_git diff --git a/libfido2.spec b/libfido2.spec new file mode 100644 index 0000000..aed0613 --- /dev/null +++ b/libfido2.spec @@ -0,0 +1,117 @@ +# +# spec file for package libfido2 +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +%define sover 1 +Name: libfido2 +Version: 1.5.0 +Release: 1.30 +Summary: FIDO U2F and FIDO 2.0 protocols +License: BSD-2-Clause +URL: https://developers.yubico.com/ +Source0: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz +Source1: https://developers.yubico.com/libfido2/Releases/%{name}-%{version}.tar.gz.sig +Patch1: 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: libopenssl-1_1-devel +BuildRequires: ninja +BuildRequires: pkgconfig +BuildRequires: pkgconfig(libcbor) +BuildRequires: pkgconfig(libudev) + +%description +Provides library functionality for communicating with a FIDO device +over USB as well as verifying attestation and assertion signatures. + +%package -n %{name}-%{sover} +Summary: FIDO U2F and FIDO 2.0 protocols +Requires: %{name}-udev +Provides: %{name} = %{version} +Obsoletes: %{name} < %{version} + +%description -n %{name}-%{sover} +This library supports the FIDO U2F and FIDO 2.0 protocols for +communicating with a USB authenticator via the +Client-to-Authenticator Protocol (CTAP 1 and 2). + +%package -n %{name}-devel +Summary: Development files for FIDO U2F and FIDO 2.0 protocols +Requires: %{name}-%{sover} = %{version} +Requires: libopenssl-1_1-devel +Conflicts: libfido2-0_4_0 +Conflicts: libfido2-1_0_0 + +%description -n %{name}-devel +This package contains the header file needed to develop applications that +use FIDO U2F and FIDO 2.0 protocols. + +%package -n %{name}-utils +Summary: Utility programs making use of libfido2, a library for FIDO U2F and FIDO 2.0 +Conflicts: libfido2-0_4_0 +Conflicts: libfido2-1_0_0 + +%description -n %{name}-utils +This package contains utilities to use FIDO U2F and FIDO 2.0 protocols. + +%package udev +Summary: Udev rules for libfido2 +BuildArch: noarch + +%description udev +This package contains the udev rules for FIDO2 compatible devices. + +%prep +%autosetup -p1 + +%build +%define __builder ninja +%cmake \ + -DCBOR_LIBRARY_DIRS=%{_libdir} \ + -DUSE_HIDAPI=0 +%cmake_build + +%install +%cmake_install + +# Remove Debian specific plugdev setting from udev rules +sed -i -e 's/, GROUP="plugdev"//g ; s/, MODE="0660"//g' udev/70-u2f.rules +# u2f-host has the same udev rule, use a different name +mkdir -p %{buildroot}%{_udevrulesdir} +install -m 0644 udev/70-u2f.rules %{buildroot}%{_udevrulesdir}/70-fido2.rules + +find %{buildroot} -type f -name "*.a" -delete -print + +%post -n %{name}-%{sover} -p /sbin/ldconfig +%postun -n %{name}-%{sover} -p /sbin/ldconfig + +%post udev +%{udev_rules_update} + +%postun udev +%{udev_rules_update} + +%files -n %{name}-%{sover} +%license LICENSE +%doc README.adoc +%{_libdir}/%{name}.so.* + +%files -n %{name}-devel +%{_includedir}/*.h +%dir %{_includedir}/fido +%{_includedir}/fido/*.h +%{_libdir}/%{name}.so +%{_mandir}/man3/* +%{_libdir}/pkgconfig/* + +%files udev +%{_udevrulesdir}/70-fido2.rules + +%files -n %{name}-utils +%{_bindir}/fido2-* +%{_mandir}/man1/* + +%changelog