diff options
Diffstat (limited to '')
-rw-r--r-- | NEWS | 266 |
1 files changed, 266 insertions, 0 deletions
@@ -0,0 +1,266 @@ +* Version 1.14.0 (2023-11-13) + ** fido2-cred -M, fido2-token -G: support raw client data via -w flag. + ** winhello: support U2F AppID extension for assertions. + ** winhello: fix restrictive parsing of the hmac-secret on assertions. + ** winhello: translate NTE_USER_CANCELLED to FIDO_ERR_OPERATION_DENIED; gh#685. + ** New API calls: + ** fido_assert_authdata_raw_len; + ** fido_assert_authdata_raw_ptr; + ** fido_assert_set_winhello_appid. + +* Version 1.13.0 (2023-02-20) + ** Support for linking against OpenSSL on Windows; gh#668. + ** New API calls: + - fido_assert_empty_allow_list; + - fido_cred_empty_exclude_list. + ** fido2-token: fix issue when listing large blobs. + ** Improved support for different fuzzing engines. + +* Version 1.12.0 (2022-09-22) + ** Support for COSE_ES384. + ** Support for hidraw(4) on FreeBSD; gh#597. + ** Improved support for FIDO 2.1 authenticators. + ** New API calls: + - es384_pk_free; + - es384_pk_from_EC_KEY; + - es384_pk_from_EVP_PKEY; + - es384_pk_from_ptr; + - es384_pk_new; + - es384_pk_to_EVP_PKEY; + - fido_cbor_info_certs_len; + - fido_cbor_info_certs_name_ptr; + - fido_cbor_info_certs_value_ptr; + - fido_cbor_info_maxrpid_minpinlen; + - fido_cbor_info_minpinlen; + - fido_cbor_info_new_pin_required; + - fido_cbor_info_rk_remaining; + - fido_cbor_info_uv_attempts; + - fido_cbor_info_uv_modality. + ** Documentation and reliability fixes. + +* Version 1.11.0 (2022-05-03) + ** Experimental PCSC support; enable with -DUSE_PCSC. + ** Improved OpenSSL 3.0 compatibility. + ** Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. + ** winhello: advertise "uv" instead of "clientPin". + ** winhello: support hmac-secret in fido_dev_get_assert(). + ** New API calls: + - fido_cbor_info_maxlargeblob. + ** Documentation and reliability fixes. + ** Separate build and regress targets. + +* Version 1.10.0 (2022-01-17) + ** hid_osx: handle devices with paths > 511 bytes; gh#462. + ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. + ** winhello: fallback to GetTopWindow() if GetForegroundWindow() fails. + ** winhello: fallback to hid_win.c if webauthn.dll isn't available. + ** New API calls: + - fido_dev_info_set; + - fido_dev_io_handle; + - fido_dev_new_with_info; + - fido_dev_open_with_info. + ** Cygwin and NetBSD build fixes. + ** Documentation and reliability fixes. + ** Support for TPM 2.0 attestation of COSE_ES256 credentials. + +* Version 1.9.0 (2021-10-27) + ** Enabled NFC support on Linux. + ** Added OpenSSL 3.0 compatibility. + ** Removed OpenSSL 1.0 compatibility. + ** Support for FIDO 2.1 "minPinLength" extension. + ** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. + ** Support for TPM 2.0 attestation. + ** Support for device timeouts; see fido_dev_set_timeout(). + ** New API calls: + - es256_pk_from_EVP_PKEY; + - fido_cred_attstmt_len; + - fido_cred_attstmt_ptr; + - fido_cred_pin_minlen; + - fido_cred_set_attstmt; + - fido_cred_set_pin_minlen; + - fido_dev_set_pin_minlen_rpid; + - fido_dev_set_timeout; + - rs256_pk_from_EVP_PKEY. + ** Reliability and portability fixes. + ** Better handling of HID devices without identification strings; gh#381. + ** Fixed detection of Windows's native webauthn API; gh#382. + +* Version 1.8.0 (2021-07-22) + ** Dropped 'Requires.private' entry from pkg-config file. + ** Better support for FIDO 2.1 authenticators. + ** Support for Windows's native webauthn API. + ** Support for attestation format 'none'. + ** New API calls: + - fido_assert_set_clientdata; + - fido_cbor_info_algorithm_cose; + - fido_cbor_info_algorithm_count; + - fido_cbor_info_algorithm_type; + - fido_cbor_info_transports_len; + - fido_cbor_info_transports_ptr; + - fido_cred_set_clientdata; + - fido_cred_set_id; + - fido_credman_set_dev_rk; + - fido_dev_is_winhello. + ** fido2-token: new -Sc option to update a resident credential. + ** Documentation and reliability fixes. + ** HID access serialisation on Linux. + +* Version 1.7.0 (2021-03-29) + ** New dependency on zlib. + ** Fixed musl build; gh#259. + ** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264. + ** Support for FIDO 2.1 authenticator configuration. + ** Support for FIDO 2.1 UV token permissions. + ** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. + ** New API calls: + - fido_assert_blob_len; + - fido_assert_blob_ptr; + - fido_assert_largeblob_key_len; + - fido_assert_largeblob_key_ptr; + - fido_assert_set_hmac_secret; + - fido_cbor_info_maxcredbloblen; + - fido_cred_largeblob_key_len; + - fido_cred_largeblob_key_ptr; + - fido_cred_set_blob; + - fido_dev_enable_entattest; + - fido_dev_force_pin_change; + - fido_dev_has_uv; + - fido_dev_largeblob_get; + - fido_dev_largeblob_get_array; + - fido_dev_largeblob_remove; + - fido_dev_largeblob_set; + - fido_dev_largeblob_set_array; + - fido_dev_set_pin_minlen; + - fido_dev_set_sigmask; + - fido_dev_supports_credman; + - fido_dev_supports_permissions; + - fido_dev_supports_uv; + - fido_dev_toggle_always_uv. + ** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282. + ** Experimental NFC support on Linux; enable with -DNFC_LINUX. + +* Version 1.6.0 (2020-12-22) + ** Fix OpenSSL 1.0 and Cygwin builds. + ** hid_linux: fix build on 32-bit systems. + ** hid_osx: allow reads from spawned threads. + ** Documentation and reliability fixes. + ** New API calls: + - fido_cred_authdata_raw_len; + - fido_cred_authdata_raw_ptr; + - fido_cred_sigcount; + - fido_dev_get_uv_retry_count; + - fido_dev_supports_credman. + ** Hardened Windows build. + ** Native FreeBSD and NetBSD support. + ** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. + +* Version 1.5.0 (2020-09-01) + ** hid_linux: return FIDO_OK if no devices are found. + ** hid_osx: + - repair communication with U2F tokens, gh#166; + - reliability fixes. + ** fido2-{assert,cred}: new options to explicitly toggle UP, UV. + ** Support for configurable report lengths. + ** New API calls: + - fido_cbor_info_maxcredcntlst; + - fido_cbor_info_maxcredidlen; + - fido_cred_aaguid_len; + - fido_cred_aaguid_ptr; + - fido_dev_get_touch_begin; + - fido_dev_get_touch_status. + ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154. + ** Allow CTAP messages up to 2048 bytes; gh#171. + ** Ensure we only list USB devices by default. + +* Version 1.4.0 (2020-04-15) + ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. + ** Fall back to U2F if the key claims to, but does not support FIDO2. + ** FIDO2 credential protection (credprot) support. + ** New API calls: + - fido_cbor_info_fwversion; + - fido_cred_prot; + - fido_cred_set_prot; + - fido_dev_set_transport_functions; + - fido_set_log_handler. + ** Support for FreeBSD. + ** Support for C++. + ** Support for MSYS. + ** Fixed EdDSA and RSA self-attestation. + +* Version 1.3.1 (2020-02-19) + ** fix zero-ing of le1 and le2 when talking to a U2F device. + ** dropping sk-libfido2 middleware, please find it in the openssh tree. + +* Version 1.3.0 (2019-11-28) + ** assert/hmac: encode public key as per spec, gh#60. + ** fido2-cred: fix creation of resident keys. + ** fido2-{assert,cred}: support for hmac-secret extension. + ** hid_osx: detect device removal, gh#56. + ** hid_osx: fix device detection in MacOS Catalina. + ** New API calls: + - fido_assert_set_authdata_raw; + - fido_assert_sigcount; + - fido_cred_set_authdata_raw; + - fido_dev_cancel. + ** Middleware library for use by OpenSSH. + ** Support for biometric enrollment. + ** Support for OpenBSD. + ** Support for self-attestation. + +* Version 1.2.0 (released 2019-07-26) + ** Credential management support. + ** New API reflecting FIDO's 3-state booleans (true, false, absent): + - fido_assert_set_up; + - fido_assert_set_uv; + - fido_cred_set_rk; + - fido_cred_set_uv. + ** Command-line tools for Windows. + ** Documentation and reliability fixes. + ** fido_{assert,cred}_set_options() are now marked as deprecated. + +* Version 1.1.0 (released 2019-05-08) + ** MacOS: fix IOKit crash on HID read. + ** Windows: fix contents of release file. + ** EdDSA (Ed25519) support. + ** fido_dev_make_cred: fix order of CBOR map keys. + ** fido_dev_get_assert: plug memory leak when operating on U2F devices. + +* Version 1.0.0 (released 2019-03-21) + ** Native HID support on Linux, MacOS, and Windows. + ** fido2-{assert,cred}: new -u option to force U2F on dual authenticators. + ** fido2-assert: support for multiple resident keys with the same RP. + ** Strict checks for CTAP2 compliance on received CBOR payloads. + ** Better fuzzing harnesses. + ** Documentation and reliability fixes. + +* Version 0.4.0 (released 2019-01-07) + ** fido2-assert: print the user id for resident credentials. + ** Fix encoding of COSE algorithms when making a credential. + ** Rework purpose of fido_cred_set_type; no ABI change. + ** Minor documentation and code fixes. + +* Version 0.3.0 (released 2018-09-11) + ** Various reliability fixes. + ** Merged fuzzing instrumentation. + ** Added regress tests. + ** Added support for FIDO 2's hmac-secret extension. + ** New API calls: + - fido_assert_hmac_secret_len; + - fido_assert_hmac_secret_ptr; + - fido_assert_set_extensions; + - fido_assert_set_hmac_salt; + - fido_cred_set_extensions; + - fido_dev_force_fido2. + ** Support for native builds with Microsoft Visual Studio 17. + +* Version 0.2.0 (released 2018-06-20) + ** Added command-line tools. + ** Added a couple of missing get functions. + +* Version 0.1.1 (released 2018-06-05) + ** Added documentation. + ** Added OpenSSL 1.0 support. + ** Minor fixes. + +* Version 0.1.0 (released 2018-05-18) + ** First beta release. |