xref: /freebsd/contrib/libfido2/NEWS (revision a90b9d0159070121c221b966469c3e36d912bf82)
1* Version 1.14.0 (2023-11-13)
2 ** fido2-cred -M, fido2-token -G: support raw client data via -w flag.
3 ** winhello: support U2F AppID extension for assertions.
4 ** winhello: fix restrictive parsing of the hmac-secret on assertions.
5 ** winhello: translate NTE_USER_CANCELLED to FIDO_ERR_OPERATION_DENIED; gh#685.
6 ** New API calls:
7    ** fido_assert_authdata_raw_len;
8    ** fido_assert_authdata_raw_ptr;
9    ** fido_assert_set_winhello_appid.
10
11* Version 1.13.0 (2023-02-20)
12 ** Support for linking against OpenSSL on Windows; gh#668.
13 ** New API calls:
14  - fido_assert_empty_allow_list;
15  - fido_cred_empty_exclude_list.
16 ** fido2-token: fix issue when listing large blobs.
17 ** Improved support for different fuzzing engines.
18
19* Version 1.12.0 (2022-09-22)
20 ** Support for COSE_ES384.
21 ** Support for hidraw(4) on FreeBSD; gh#597.
22 ** Improved support for FIDO 2.1 authenticators.
23 ** New API calls:
24  - es384_pk_free;
25  - es384_pk_from_EC_KEY;
26  - es384_pk_from_EVP_PKEY;
27  - es384_pk_from_ptr;
28  - es384_pk_new;
29  - es384_pk_to_EVP_PKEY;
30  - fido_cbor_info_certs_len;
31  - fido_cbor_info_certs_name_ptr;
32  - fido_cbor_info_certs_value_ptr;
33  - fido_cbor_info_maxrpid_minpinlen;
34  - fido_cbor_info_minpinlen;
35  - fido_cbor_info_new_pin_required;
36  - fido_cbor_info_rk_remaining;
37  - fido_cbor_info_uv_attempts;
38  - fido_cbor_info_uv_modality.
39 ** Documentation and reliability fixes.
40
41* Version 1.11.0 (2022-05-03)
42 ** Experimental PCSC support; enable with -DUSE_PCSC.
43 ** Improved OpenSSL 3.0 compatibility.
44 ** Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
45 ** winhello: advertise "uv" instead of "clientPin".
46 ** winhello: support hmac-secret in fido_dev_get_assert().
47 ** New API calls:
48  - fido_cbor_info_maxlargeblob.
49 ** Documentation and reliability fixes.
50 ** Separate build and regress targets.
51
52* Version 1.10.0 (2022-01-17)
53 ** hid_osx: handle devices with paths > 511 bytes; gh#462.
54 ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
55 ** winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
56 ** winhello: fallback to hid_win.c if webauthn.dll isn't available.
57 ** New API calls:
58  - fido_dev_info_set;
59  - fido_dev_io_handle;
60  - fido_dev_new_with_info;
61  - fido_dev_open_with_info.
62 ** Cygwin and NetBSD build fixes.
63 ** Documentation and reliability fixes.
64 ** Support for TPM 2.0 attestation of COSE_ES256 credentials.
65
66* Version 1.9.0 (2021-10-27)
67 ** Enabled NFC support on Linux.
68 ** Added OpenSSL 3.0 compatibility.
69 ** Removed OpenSSL 1.0 compatibility.
70 ** Support for FIDO 2.1 "minPinLength" extension.
71 ** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
72 ** Support for TPM 2.0 attestation.
73 ** Support for device timeouts; see fido_dev_set_timeout().
74 ** New API calls:
75  - es256_pk_from_EVP_PKEY;
76  - fido_cred_attstmt_len;
77  - fido_cred_attstmt_ptr;
78  - fido_cred_pin_minlen;
79  - fido_cred_set_attstmt;
80  - fido_cred_set_pin_minlen;
81  - fido_dev_set_pin_minlen_rpid;
82  - fido_dev_set_timeout;
83  - rs256_pk_from_EVP_PKEY.
84 ** Reliability and portability fixes.
85 ** Better handling of HID devices without identification strings; gh#381.
86 ** Fixed detection of Windows's native webauthn API; gh#382.
87
88* Version 1.8.0 (2021-07-22)
89 ** Dropped 'Requires.private' entry from pkg-config file.
90 ** Better support for FIDO 2.1 authenticators.
91 ** Support for Windows's native webauthn API.
92 ** Support for attestation format 'none'.
93 ** New API calls:
94  - fido_assert_set_clientdata;
95  - fido_cbor_info_algorithm_cose;
96  - fido_cbor_info_algorithm_count;
97  - fido_cbor_info_algorithm_type;
98  - fido_cbor_info_transports_len;
99  - fido_cbor_info_transports_ptr;
100  - fido_cred_set_clientdata;
101  - fido_cred_set_id;
102  - fido_credman_set_dev_rk;
103  - fido_dev_is_winhello.
104 ** fido2-token: new -Sc option to update a resident credential.
105 ** Documentation and reliability fixes.
106 ** HID access serialisation on Linux.
107
108* Version 1.7.0 (2021-03-29)
109 ** New dependency on zlib.
110 ** Fixed musl build; gh#259.
111 ** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264.
112 ** Support for FIDO 2.1 authenticator configuration.
113 ** Support for FIDO 2.1 UV token permissions.
114 ** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
115 ** New API calls:
116  - fido_assert_blob_len;
117  - fido_assert_blob_ptr;
118  - fido_assert_largeblob_key_len;
119  - fido_assert_largeblob_key_ptr;
120  - fido_assert_set_hmac_secret;
121  - fido_cbor_info_maxcredbloblen;
122  - fido_cred_largeblob_key_len;
123  - fido_cred_largeblob_key_ptr;
124  - fido_cred_set_blob;
125  - fido_dev_enable_entattest;
126  - fido_dev_force_pin_change;
127  - fido_dev_has_uv;
128  - fido_dev_largeblob_get;
129  - fido_dev_largeblob_get_array;
130  - fido_dev_largeblob_remove;
131  - fido_dev_largeblob_set;
132  - fido_dev_largeblob_set_array;
133  - fido_dev_set_pin_minlen;
134  - fido_dev_set_sigmask;
135  - fido_dev_supports_credman;
136  - fido_dev_supports_permissions;
137  - fido_dev_supports_uv;
138  - fido_dev_toggle_always_uv.
139 ** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282.
140 ** Experimental NFC support on Linux; enable with -DNFC_LINUX.
141
142* Version 1.6.0 (2020-12-22)
143 ** Fix OpenSSL 1.0 and Cygwin builds.
144 ** hid_linux: fix build on 32-bit systems.
145 ** hid_osx: allow reads from spawned threads.
146 ** Documentation and reliability fixes.
147 ** New API calls:
148  - fido_cred_authdata_raw_len;
149  - fido_cred_authdata_raw_ptr;
150  - fido_cred_sigcount;
151  - fido_dev_get_uv_retry_count;
152  - fido_dev_supports_credman.
153 ** Hardened Windows build.
154 ** Native FreeBSD and NetBSD support.
155 ** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
156
157* Version 1.5.0 (2020-09-01)
158 ** hid_linux: return FIDO_OK if no devices are found.
159 ** hid_osx:
160  - repair communication with U2F tokens, gh#166;
161  - reliability fixes.
162 ** fido2-{assert,cred}: new options to explicitly toggle UP, UV.
163 ** Support for configurable report lengths.
164 ** New API calls:
165  - fido_cbor_info_maxcredcntlst;
166  - fido_cbor_info_maxcredidlen;
167  - fido_cred_aaguid_len;
168  - fido_cred_aaguid_ptr;
169  - fido_dev_get_touch_begin;
170  - fido_dev_get_touch_status.
171 ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
172 ** Allow CTAP messages up to 2048 bytes; gh#171.
173 ** Ensure we only list USB devices by default.
174
175* Version 1.4.0 (2020-04-15)
176 ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
177 ** Fall back to U2F if the key claims to, but does not support FIDO2.
178 ** FIDO2 credential protection (credprot) support.
179 ** New API calls:
180  - fido_cbor_info_fwversion;
181  - fido_cred_prot;
182  - fido_cred_set_prot;
183  - fido_dev_set_transport_functions;
184  - fido_set_log_handler.
185 ** Support for FreeBSD.
186 ** Support for C++.
187 ** Support for MSYS.
188 ** Fixed EdDSA and RSA self-attestation.
189
190* Version 1.3.1 (2020-02-19)
191 ** fix zero-ing of le1 and le2 when talking to a U2F device.
192 ** dropping sk-libfido2 middleware, please find it in the openssh tree.
193
194* Version 1.3.0 (2019-11-28)
195 ** assert/hmac: encode public key as per spec, gh#60.
196 ** fido2-cred: fix creation of resident keys.
197 ** fido2-{assert,cred}: support for hmac-secret extension.
198 ** hid_osx: detect device removal, gh#56.
199 ** hid_osx: fix device detection in MacOS Catalina.
200 ** New API calls:
201  - fido_assert_set_authdata_raw;
202  - fido_assert_sigcount;
203  - fido_cred_set_authdata_raw;
204  - fido_dev_cancel.
205 ** Middleware library for use by OpenSSH.
206 ** Support for biometric enrollment.
207 ** Support for OpenBSD.
208 ** Support for self-attestation.
209
210* Version 1.2.0 (released 2019-07-26)
211 ** Credential management support.
212 ** New API reflecting FIDO's 3-state booleans (true, false, absent):
213  - fido_assert_set_up;
214  - fido_assert_set_uv;
215  - fido_cred_set_rk;
216  - fido_cred_set_uv.
217 ** Command-line tools for Windows.
218 ** Documentation and reliability fixes.
219 ** fido_{assert,cred}_set_options() are now marked as deprecated.
220
221* Version 1.1.0 (released 2019-05-08)
222 ** MacOS: fix IOKit crash on HID read.
223 ** Windows: fix contents of release file.
224 ** EdDSA (Ed25519) support.
225 ** fido_dev_make_cred: fix order of CBOR map keys.
226 ** fido_dev_get_assert: plug memory leak when operating on U2F devices.
227
228* Version 1.0.0 (released 2019-03-21)
229 ** Native HID support on Linux, MacOS, and Windows.
230 ** fido2-{assert,cred}: new -u option to force U2F on dual authenticators.
231 ** fido2-assert: support for multiple resident keys with the same RP.
232 ** Strict checks for CTAP2 compliance on received CBOR payloads.
233 ** Better fuzzing harnesses.
234 ** Documentation and reliability fixes.
235
236* Version 0.4.0 (released 2019-01-07)
237 ** fido2-assert: print the user id for resident credentials.
238 ** Fix encoding of COSE algorithms when making a credential.
239 ** Rework purpose of fido_cred_set_type; no ABI change.
240 ** Minor documentation and code fixes.
241
242* Version 0.3.0 (released 2018-09-11)
243 ** Various reliability fixes.
244 ** Merged fuzzing instrumentation.
245 ** Added regress tests.
246 ** Added support for FIDO 2's hmac-secret extension.
247 ** New API calls:
248  - fido_assert_hmac_secret_len;
249  - fido_assert_hmac_secret_ptr;
250  - fido_assert_set_extensions;
251  - fido_assert_set_hmac_salt;
252  - fido_cred_set_extensions;
253  - fido_dev_force_fido2.
254 ** Support for native builds with Microsoft Visual Studio 17.
255
256* Version 0.2.0 (released 2018-06-20)
257 ** Added command-line tools.
258 ** Added a couple of missing get functions.
259
260* Version 0.1.1 (released 2018-06-05)
261 ** Added documentation.
262 ** Added OpenSSL 1.0 support.
263 ** Minor fixes.
264
265* Version 0.1.0 (released 2018-05-18)
266 ** First beta release.
267