xref: /openbsd-src/lib/libfido2/NEWS (revision ab19a69ebe1d1275c01611de862453c36b3d15b9)
1* Version 1.11.0 (2022-05-03)
2 ** Experimental PCSC support; enable with -DUSE_PCSC.
3 ** Improved OpenSSL 3.0 compatibility.
4 ** Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
5 ** winhello: advertise "uv" instead of "clientPin".
6 ** winhello: support hmac-secret in fido_dev_get_assert().
7 ** New API calls:
8  - fido_cbor_info_maxlargeblob.
9 ** Documentation and reliability fixes.
10 ** Separate build and regress targets.
11
12* Version 1.10.0 (2022-01-17)
13 ** hid_osx: handle devices with paths > 511 bytes; gh#462.
14 ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
15 ** winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
16 ** winhello: fallback to hid_win.c if webauthn.dll isn't available.
17 ** New API calls:
18  - fido_dev_info_set;
19  - fido_dev_io_handle;
20  - fido_dev_new_with_info;
21  - fido_dev_open_with_info.
22 ** Cygwin and NetBSD build fixes.
23 ** Documentation and reliability fixes.
24 ** Support for TPM 2.0 attestation of COSE_ES256 credentials.
25
26* Version 1.9.0 (2021-10-27)
27 ** Enabled NFC support on Linux.
28 ** Added OpenSSL 3.0 compatibility.
29 ** Removed OpenSSL 1.0 compatibility.
30 ** Support for FIDO 2.1 "minPinLength" extension.
31 ** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
32 ** Support for TPM 2.0 attestation.
33 ** Support for device timeouts; see fido_dev_set_timeout().
34 ** New API calls:
35  - es256_pk_from_EVP_PKEY;
36  - fido_cred_attstmt_len;
37  - fido_cred_attstmt_ptr;
38  - fido_cred_pin_minlen;
39  - fido_cred_set_attstmt;
40  - fido_cred_set_pin_minlen;
41  - fido_dev_set_pin_minlen_rpid;
42  - fido_dev_set_timeout;
43  - rs256_pk_from_EVP_PKEY.
44 ** Reliability and portability fixes.
45 ** Better handling of HID devices without identification strings; gh#381.
46 ** Fixed detection of Windows's native webauthn API; gh#382.
47
48* Version 1.8.0 (2021-07-22)
49 ** Dropped 'Requires.private' entry from pkg-config file.
50 ** Better support for FIDO 2.1 authenticators.
51 ** Support for Windows's native webauthn API.
52 ** Support for attestation format 'none'.
53 ** New API calls:
54  - fido_assert_set_clientdata;
55  - fido_cbor_info_algorithm_cose;
56  - fido_cbor_info_algorithm_count;
57  - fido_cbor_info_algorithm_type;
58  - fido_cbor_info_transports_len;
59  - fido_cbor_info_transports_ptr;
60  - fido_cred_set_clientdata;
61  - fido_cred_set_id;
62  - fido_credman_set_dev_rk;
63  - fido_dev_is_winhello.
64 ** fido2-token: new -Sc option to update a resident credential.
65 ** Documentation and reliability fixes.
66 ** HID access serialisation on Linux.
67
68* Version 1.7.0 (2021-03-29)
69 ** New dependency on zlib.
70 ** Fixed musl build; gh#259.
71 ** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264.
72 ** Support for FIDO 2.1 authenticator configuration.
73 ** Support for FIDO 2.1 UV token permissions.
74 ** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
75 ** New API calls:
76  - fido_assert_blob_len;
77  - fido_assert_blob_ptr;
78  - fido_assert_largeblob_key_len;
79  - fido_assert_largeblob_key_ptr;
80  - fido_assert_set_hmac_secret;
81  - fido_cbor_info_maxcredbloblen;
82  - fido_cred_largeblob_key_len;
83  - fido_cred_largeblob_key_ptr;
84  - fido_cred_set_blob;
85  - fido_dev_enable_entattest;
86  - fido_dev_force_pin_change;
87  - fido_dev_has_uv;
88  - fido_dev_largeblob_get;
89  - fido_dev_largeblob_get_array;
90  - fido_dev_largeblob_remove;
91  - fido_dev_largeblob_set;
92  - fido_dev_largeblob_set_array;
93  - fido_dev_set_pin_minlen;
94  - fido_dev_set_sigmask;
95  - fido_dev_supports_credman;
96  - fido_dev_supports_permissions;
97  - fido_dev_supports_uv;
98  - fido_dev_toggle_always_uv.
99 ** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282.
100 ** Experimental NFC support on Linux; enable with -DNFC_LINUX.
101
102* Version 1.6.0 (2020-12-22)
103 ** Fix OpenSSL 1.0 and Cygwin builds.
104 ** hid_linux: fix build on 32-bit systems.
105 ** hid_osx: allow reads from spawned threads.
106 ** Documentation and reliability fixes.
107 ** New API calls:
108  - fido_cred_authdata_raw_len;
109  - fido_cred_authdata_raw_ptr;
110  - fido_cred_sigcount;
111  - fido_dev_get_uv_retry_count;
112  - fido_dev_supports_credman.
113 ** Hardened Windows build.
114 ** Native FreeBSD and NetBSD support.
115 ** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
116
117* Version 1.5.0 (2020-09-01)
118 ** hid_linux: return FIDO_OK if no devices are found.
119 ** hid_osx:
120  - repair communication with U2F tokens, gh#166;
121  - reliability fixes.
122 ** fido2-{assert,cred}: new options to explicitly toggle UP, UV.
123 ** Support for configurable report lengths.
124 ** New API calls:
125  - fido_cbor_info_maxcredcntlst;
126  - fido_cbor_info_maxcredidlen;
127  - fido_cred_aaguid_len;
128  - fido_cred_aaguid_ptr;
129  - fido_dev_get_touch_begin;
130  - fido_dev_get_touch_status.
131 ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
132 ** Allow CTAP messages up to 2048 bytes; gh#171.
133 ** Ensure we only list USB devices by default.
134
135* Version 1.4.0 (2020-04-15)
136 ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
137 ** Fall back to U2F if the key claims to, but does not support FIDO2.
138 ** FIDO2 credential protection (credprot) support.
139 ** New API calls:
140  - fido_cbor_info_fwversion;
141  - fido_cred_prot;
142  - fido_cred_set_prot;
143  - fido_dev_set_transport_functions;
144  - fido_set_log_handler.
145 ** Support for FreeBSD.
146 ** Support for C++.
147 ** Support for MSYS.
148 ** Fixed EdDSA and RSA self-attestation.
149
150* Version 1.3.1 (2020-02-19)
151 ** fix zero-ing of le1 and le2 when talking to a U2F device.
152 ** dropping sk-libfido2 middleware, please find it in the openssh tree.
153
154* Version 1.3.0 (2019-11-28)
155 ** assert/hmac: encode public key as per spec, gh#60.
156 ** fido2-cred: fix creation of resident keys.
157 ** fido2-{assert,cred}: support for hmac-secret extension.
158 ** hid_osx: detect device removal, gh#56.
159 ** hid_osx: fix device detection in MacOS Catalina.
160 ** New API calls:
161  - fido_assert_set_authdata_raw;
162  - fido_assert_sigcount;
163  - fido_cred_set_authdata_raw;
164  - fido_dev_cancel.
165 ** Middleware library for use by OpenSSH.
166 ** Support for biometric enrollment.
167 ** Support for OpenBSD.
168 ** Support for self-attestation.
169
170* Version 1.2.0 (released 2019-07-26)
171 ** Credential management support.
172 ** New API reflecting FIDO's 3-state booleans (true, false, absent):
173  - fido_assert_set_up;
174  - fido_assert_set_uv;
175  - fido_cred_set_rk;
176  - fido_cred_set_uv.
177 ** Command-line tools for Windows.
178 ** Documentation and reliability fixes.
179 ** fido_{assert,cred}_set_options() are now marked as deprecated.
180
181* Version 1.1.0 (released 2019-05-08)
182 ** MacOS: fix IOKit crash on HID read.
183 ** Windows: fix contents of release file.
184 ** EdDSA (Ed25519) support.
185 ** fido_dev_make_cred: fix order of CBOR map keys.
186 ** fido_dev_get_assert: plug memory leak when operating on U2F devices.
187
188* Version 1.0.0 (released 2019-03-21)
189 ** Native HID support on Linux, MacOS, and Windows.
190 ** fido2-{assert,cred}: new -u option to force U2F on dual authenticators.
191 ** fido2-assert: support for multiple resident keys with the same RP.
192 ** Strict checks for CTAP2 compliance on received CBOR payloads.
193 ** Better fuzzing harnesses.
194 ** Documentation and reliability fixes.
195
196* Version 0.4.0 (released 2019-01-07)
197 ** fido2-assert: print the user id for resident credentials.
198 ** Fix encoding of COSE algorithms when making a credential.
199 ** Rework purpose of fido_cred_set_type; no ABI change.
200 ** Minor documentation and code fixes.
201
202* Version 0.3.0 (released 2018-09-11)
203 ** Various reliability fixes.
204 ** Merged fuzzing instrumentation.
205 ** Added regress tests.
206 ** Added support for FIDO 2's hmac-secret extension.
207 ** New API calls:
208  - fido_assert_hmac_secret_len;
209  - fido_assert_hmac_secret_ptr;
210  - fido_assert_set_extensions;
211  - fido_assert_set_hmac_salt;
212  - fido_cred_set_extensions;
213  - fido_dev_force_fido2.
214 ** Support for native builds with Microsoft Visual Studio 17.
215
216* Version 0.2.0 (released 2018-06-20)
217 ** Added command-line tools.
218 ** Added a couple of missing get functions.
219
220* Version 0.1.1 (released 2018-06-05)
221 ** Added documentation.
222 ** Added OpenSSL 1.0 support.
223 ** Minor fixes.
224
225* Version 0.1.0 (released 2018-05-18)
226 ** First beta release.
227