xref: /freebsd/contrib/libfido2/NEWS (revision 6ba2210ee039f2f12878c217bcf058e9c8b26b29)
1* Version 1.8.0 (2021-07-22)
2 ** Dropped 'Requires.private' entry from pkg-config file.
3 ** Better support for FIDO 2.1 authenticators.
4 ** Support for Windows's native webauthn API.
5 ** Support for attestation format 'none'.
6 ** New API calls:
7  - fido_assert_set_clientdata;
8  - fido_cbor_info_algorithm_cose;
9  - fido_cbor_info_algorithm_count;
10  - fido_cbor_info_algorithm_type;
11  - fido_cbor_info_transports_len;
12  - fido_cbor_info_transports_ptr;
13  - fido_cred_set_clientdata;
14  - fido_cred_set_id;
15  - fido_credman_set_dev_rk;
16  - fido_dev_is_winhello.
17 ** fido2-token: new -Sc option to update a resident credential.
18 ** Documentation and reliability fixes.
19 ** HID access serialisation on Linux.
20
21* Version 1.7.0 (2021-03-29)
22 ** New dependency on zlib.
23 ** Fixed musl build; gh#259.
24 ** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264.
25 ** Support for FIDO 2.1 authenticator configuration.
26 ** Support for FIDO 2.1 UV token permissions.
27 ** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
28 ** New API calls:
29  - fido_assert_blob_len;
30  - fido_assert_blob_ptr;
31  - fido_assert_largeblob_key_len;
32  - fido_assert_largeblob_key_ptr;
33  - fido_assert_set_hmac_secret;
34  - fido_cbor_info_maxcredbloblen;
35  - fido_cred_largeblob_key_len;
36  - fido_cred_largeblob_key_ptr;
37  - fido_cred_set_blob;
38  - fido_dev_enable_entattest;
39  - fido_dev_force_pin_change;
40  - fido_dev_has_uv;
41  - fido_dev_largeblob_get;
42  - fido_dev_largeblob_get_array;
43  - fido_dev_largeblob_remove;
44  - fido_dev_largeblob_set;
45  - fido_dev_largeblob_set_array;
46  - fido_dev_set_pin_minlen;
47  - fido_dev_set_sigmask;
48  - fido_dev_supports_credman;
49  - fido_dev_supports_permissions;
50  - fido_dev_supports_uv;
51  - fido_dev_toggle_always_uv.
52 ** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282.
53 ** Experimental NFC support on Linux; enable with -DNFC_LINUX.
54
55* Version 1.6.0 (2020-12-22)
56 ** Fix OpenSSL 1.0 and Cygwin builds.
57 ** hid_linux: fix build on 32-bit systems.
58 ** hid_osx: allow reads from spawned threads.
59 ** Documentation and reliability fixes.
60 ** New API calls:
61  - fido_cred_authdata_raw_len;
62  - fido_cred_authdata_raw_ptr;
63  - fido_cred_sigcount;
64  - fido_dev_get_uv_retry_count;
65  - fido_dev_supports_credman.
66 ** Hardened Windows build.
67 ** Native FreeBSD and NetBSD support.
68 ** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
69
70* Version 1.5.0 (2020-09-01)
71 ** hid_linux: return FIDO_OK if no devices are found.
72 ** hid_osx:
73  - repair communication with U2F tokens, gh#166;
74  - reliability fixes.
75 ** fido2-{assert,cred}: new options to explicitly toggle UP, UV.
76 ** Support for configurable report lengths.
77 ** New API calls:
78  - fido_cbor_info_maxcredcntlst;
79  - fido_cbor_info_maxcredidlen;
80  - fido_cred_aaguid_len;
81  - fido_cred_aaguid_ptr;
82  - fido_dev_get_touch_begin;
83  - fido_dev_get_touch_status.
84 ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
85 ** Allow CTAP messages up to 2048 bytes; gh#171.
86 ** Ensure we only list USB devices by default.
87
88* Version 1.4.0 (2020-04-15)
89 ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
90 ** Fall back to U2F if the key claims to, but does not support FIDO2.
91 ** FIDO2 credential protection (credprot) support.
92 ** New API calls:
93  - fido_cbor_info_fwversion;
94  - fido_cred_prot;
95  - fido_cred_set_prot;
96  - fido_dev_set_transport_functions;
97  - fido_set_log_handler.
98 ** Support for FreeBSD.
99 ** Support for C++.
100 ** Support for MSYS.
101 ** Fixed EdDSA and RSA self-attestation.
102
103* Version 1.3.1 (2020-02-19)
104 ** fix zero-ing of le1 and le2 when talking to a U2F device.
105 ** dropping sk-libfido2 middleware, please find it in the openssh tree.
106
107* Version 1.3.0 (2019-11-28)
108 ** assert/hmac: encode public key as per spec, gh#60.
109 ** fido2-cred: fix creation of resident keys.
110 ** fido2-{assert,cred}: support for hmac-secret extension.
111 ** hid_osx: detect device removal, gh#56.
112 ** hid_osx: fix device detection in MacOS Catalina.
113 ** New API calls:
114  - fido_assert_set_authdata_raw;
115  - fido_assert_sigcount;
116  - fido_cred_set_authdata_raw;
117  - fido_dev_cancel.
118 ** Middleware library for use by OpenSSH.
119 ** Support for biometric enrollment.
120 ** Support for OpenBSD.
121 ** Support for self-attestation.
122
123* Version 1.2.0 (released 2019-07-26)
124 ** Credential management support.
125 ** New API reflecting FIDO's 3-state booleans (true, false, absent):
126  - fido_assert_set_up;
127  - fido_assert_set_uv;
128  - fido_cred_set_rk;
129  - fido_cred_set_uv.
130 ** Command-line tools for Windows.
131 ** Documentation and reliability fixes.
132 ** fido_{assert,cred}_set_options() are now marked as deprecated.
133
134* Version 1.1.0 (released 2019-05-08)
135 ** MacOS: fix IOKit crash on HID read.
136 ** Windows: fix contents of release file.
137 ** EdDSA (Ed25519) support.
138 ** fido_dev_make_cred: fix order of CBOR map keys.
139 ** fido_dev_get_assert: plug memory leak when operating on U2F devices.
140
141* Version 1.0.0 (released 2019-03-21)
142 ** Native HID support on Linux, MacOS, and Windows.
143 ** fido2-{assert,cred}: new -u option to force U2F on dual authenticators.
144 ** fido2-assert: support for multiple resident keys with the same RP.
145 ** Strict checks for CTAP2 compliance on received CBOR payloads.
146 ** Better fuzzing harnesses.
147 ** Documentation and reliability fixes.
148
149* Version 0.4.0 (released 2019-01-07)
150 ** fido2-assert: print the user id for resident credentials.
151 ** Fix encoding of COSE algorithms when making a credential.
152 ** Rework purpose of fido_cred_set_type; no ABI change.
153 ** Minor documentation and code fixes.
154
155* Version 0.3.0 (released 2018-09-11)
156 ** Various reliability fixes.
157 ** Merged fuzzing instrumentation.
158 ** Added regress tests.
159 ** Added support for FIDO 2's hmac-secret extension.
160 ** New API calls:
161  - fido_assert_hmac_secret_len;
162  - fido_assert_hmac_secret_ptr;
163  - fido_assert_set_extensions;
164  - fido_assert_set_hmac_salt;
165  - fido_cred_set_extensions;
166  - fido_dev_force_fido2.
167 ** Support for native builds with Microsoft Visual Studio 17.
168
169* Version 0.2.0 (released 2018-06-20)
170 ** Added command-line tools.
171 ** Added a couple of missing get functions.
172
173* Version 0.1.1 (released 2018-06-05)
174 ** Added documentation.
175 ** Added OpenSSL 1.0 support.
176 ** Minor fixes.
177
178* Version 0.1.0 (released 2018-05-18)
179 ** First beta release.
180