UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Reyk Floeter-2
Hi

TL;DR: this is an experimental port update to add U2F/FIDO support and
I'd appreciate testing and feedback.  See the issues below why this
needs further work and discussion.

I've attached an updated port for Firefox 71 that adds support for
U2F/FIDO USB security keys under OpenBSD.  Since everyone got such
security keys for OpenSSH now ;-), I'd also like to use them for web
authentication (WebAuthn) as a better alternative to (T)OTP or SMS.

I've implemented the missing bits in the Rust crate that is
responsible for accessing the USB HID devices, see
https://github.com/reyk/authenticator-rs/tree/reyk/openbsd

It does come with issues:

- Firefox uses "vendored" versions of the Rust crates; it includes the
source code of all dependencies in its tarball (which is a good
thing).  Updating the 'third_pary/rust/authenticator' makes the ports'
patches rather large and the goal should be to get it into upstream.

- In case you wonder about the Linux bits in the patches, it updates
it to a new version of authenticator-rs that includes some internal
changes.  Maintaining patches for the old one version would make it
much more difficult.

- It doesn't work with pledge(2).  As described in the package README
snippet below, the only way to use it is to disable 'pledge.main'.
I think there are three ways to deal with it:
1. Keep it as it is and let users disable 'pledge.main' manually if
   they need U2F/FIDO (which isn't happening all the time).
2. Add access to the required USB HID ioctls to a new pledge class.
3. Split authenticator into a fork+exec model where USB HID access is
   done by an external handler or daemon that runs without pledge.  This
   wouldn't be impossible but a lot more complicated and potentially
   difficult to get into upstream.  OpenSSH uses a similar model with
   /usr/libexec/ssh-sk-helper.

From pkg/README:

> Web Authentication
> ==================
> Support for web authentication (WebAuthn) with U2F/FIDO-compatible
> security keys is supported but requires direct access to the uhid(4)
> USB device layer.  This is currently not possible with the default
> sandbox under OpenBSD: the installed unveil(2) policy permits access
> to the first 10 '/dev/uhid*' devices but pledge(2) prevents the
> required USB/UHID ioctls.
>
> To enable U2F/FIDO support, a) make sure that the user has read/write
> to '/dev/uhid*' (this is the case if the user is a member of group
> wheel) and b) set 'pledge.main' to 'disable'.  For example:
>
> # mkdir /etc/firefox && echo disable > /etc/firefox/pledge.main
>
> WARNING: While 'pledge.main' is already the weakest policy, compared
> to 'pledge.content' or 'pledge.gpu', disabling it weakens the
> sandboxed security of Firefox itself.  It does not alter the
> protection that is offered by unveil(2).
Even if we have to solve the issues first, I'd appreciate testing and
feedback.  It takes a bit long to build the www/mozilla-firefox port
(and don't forget to bump the ulimits first) but it is worth the
effort if you need U2F/FIDO.

You can use any U2F/FIDO key, such as modern YubiKeys, and test it on
pages like https://webauthn.io/ or
https://demo.yubico.com/webauthn-technical/.

Reyk

www-mozilla-firefox-71.0p0-authenticator.diff (81K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Stuart Henderson
On 2019/12/10 13:57, Reyk Floeter wrote:

> +# U2F/FIDO keys
> +/dev/uhid0 rw
> +/dev/uhid1 rw
> +/dev/uhid2 rw
> +/dev/uhid3 rw
> +/dev/uhid4 rw
> +/dev/uhid5 rw
> +/dev/uhid6 rw
> +/dev/uhid7 rw
> +/dev/uhid8 rw
> +/dev/uhid9 rw

BTW there are several entries in dmesglog with uhid18 (Microsoft Surface
Type Cover) and one with uhid40 (headset + docking station + others).
The 40 seems excessive but it might be worth going up to, say, 20.
(Alternatively it could be dropped to 7 to align with the number of
device nodes created by MAKEDEV by default ..)

> +This currently only works with pledge.main = disable.

Another option would be to do this, and remove some lines from the pkg-readme...

diff -u -p -r1.1 pledge.main
--- pledge.main 3 Dec 2019 17:00:46 -0000 1.1
+++ pledge.main 10 Dec 2019 14:26:25 -0000
@@ -1,24 +1 @@
+disable
-stdio
-rpath
-wpath
-cpath
-inet
-proc
-exec
-prot_exec
-flock
-ps
-sendfd
-recvfd
-dns
-vminfo
-tty
-drm
-unix
-fattr
-getpw
-mcast
-# only needed for WebRTC
-video
-# only needed if not running sndiod(8)
-audio

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Reyk Floeter-2
On Tue, Dec 10, 2019 at 02:39:20PM +0000, Stuart Henderson wrote:

> On 2019/12/10 13:57, Reyk Floeter wrote:
> > +# U2F/FIDO keys
> > +/dev/uhid0 rw
> > +/dev/uhid1 rw
> > +/dev/uhid2 rw
> > +/dev/uhid3 rw
> > +/dev/uhid4 rw
> > +/dev/uhid5 rw
> > +/dev/uhid6 rw
> > +/dev/uhid7 rw
> > +/dev/uhid8 rw
> > +/dev/uhid9 rw
>
> BTW there are several entries in dmesglog with uhid18 (Microsoft Surface
> Type Cover) and one with uhid40 (headset + docking station + others).
> The 40 seems excessive but it might be worth going up to, say, 20.
> (Alternatively it could be dropped to 7 to align with the number of
> device nodes created by MAKEDEV by default ..)
>

I feared that, OK.  Let's go for 20 in this case?

My authenticator-rs code initially scanned the /dev directory for uhid
devices but I changed it to probe the first 100 uhid devices to work
under unveil(2) (I didn't want to make /dev rx and there's no
unveil(2) way to "read the directory contents without allowing access
to its files").

> > +This currently only works with pledge.main = disable.
>
> Another option would be to do this, and remove some lines from the pkg-readme...
>

Hehe, good point and I wouldn't mind.  But even if pledge(2) is
enabled with all of its classes, it still limits ioctls and the scope
of other syscalls.  I don't know, what do people think about this?

Reyk

> diff -u -p -r1.1 pledge.main
> --- pledge.main 3 Dec 2019 17:00:46 -0000 1.1
> +++ pledge.main 10 Dec 2019 14:26:25 -0000
> @@ -1,24 +1 @@
> +disable
> -stdio
> -rpath
> -wpath
> -cpath
> -inet
> -proc
> -exec
> -prot_exec
> -flock
> -ps
> -sendfd
> -recvfd
> -dns
> -vminfo
> -tty
> -drm
> -unix
> -fattr
> -getpw
> -mcast
> -# only needed for WebRTC
> -video
> -# only needed if not running sndiod(8)
> -audio
>

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Landry Breuil-5
On Tue, Dec 10, 2019 at 03:20:15PM +0000, Reyk Floeter wrote:

> On Tue, Dec 10, 2019 at 02:39:20PM +0000, Stuart Henderson wrote:
> > On 2019/12/10 13:57, Reyk Floeter wrote:
> > > +# U2F/FIDO keys
> > > +/dev/uhid0 rw
> > > +/dev/uhid1 rw
> > > +/dev/uhid2 rw
> > > +/dev/uhid3 rw
> > > +/dev/uhid4 rw
> > > +/dev/uhid5 rw
> > > +/dev/uhid6 rw
> > > +/dev/uhid7 rw
> > > +/dev/uhid8 rw
> > > +/dev/uhid9 rw
> >
> > BTW there are several entries in dmesglog with uhid18 (Microsoft Surface
> > Type Cover) and one with uhid40 (headset + docking station + others).
> > The 40 seems excessive but it might be worth going up to, say, 20.
> > (Alternatively it could be dropped to 7 to align with the number of
> > device nodes created by MAKEDEV by default ..)
> >
>
> I feared that, OK.  Let's go for 20 in this case?
>
> My authenticator-rs code initially scanned the /dev directory for uhid
> devices but I changed it to probe the first 100 uhid devices to work
> under unveil(2) (I didn't want to make /dev rx and there's no
> unveil(2) way to "read the directory contents without allowing access
> to its files").
>
> > > +This currently only works with pledge.main = disable.
> >
> > Another option would be to do this, and remove some lines from the pkg-readme...
> >
>
> Hehe, good point and I wouldn't mind.  But even if pledge(2) is
> enabled with all of its classes, it still limits ioctls and the scope
> of other syscalls.  I don't know, what do people think about this?

Well, i managed to have a 'video' pledge class, so you can probably get
an 'uhidioctl' class :)

Landry

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Reyk Floeter-2
On Tue, Dec 10, 2019 at 04:33:01PM +0100, Landry Breuil wrote:

> On Tue, Dec 10, 2019 at 03:20:15PM +0000, Reyk Floeter wrote:
> > On Tue, Dec 10, 2019 at 02:39:20PM +0000, Stuart Henderson wrote:
> > > On 2019/12/10 13:57, Reyk Floeter wrote:
> > > > +# U2F/FIDO keys
> > > > +/dev/uhid0 rw
> > > > +/dev/uhid1 rw
> > > > +/dev/uhid2 rw
> > > > +/dev/uhid3 rw
> > > > +/dev/uhid4 rw
> > > > +/dev/uhid5 rw
> > > > +/dev/uhid6 rw
> > > > +/dev/uhid7 rw
> > > > +/dev/uhid8 rw
> > > > +/dev/uhid9 rw
> > >
> > > BTW there are several entries in dmesglog with uhid18 (Microsoft Surface
> > > Type Cover) and one with uhid40 (headset + docking station + others).
> > > The 40 seems excessive but it might be worth going up to, say, 20.
> > > (Alternatively it could be dropped to 7 to align with the number of
> > > device nodes created by MAKEDEV by default ..)
> > >
> >
> > I feared that, OK.  Let's go for 20 in this case?
> >
> > My authenticator-rs code initially scanned the /dev directory for uhid
> > devices but I changed it to probe the first 100 uhid devices to work
> > under unveil(2) (I didn't want to make /dev rx and there's no
> > unveil(2) way to "read the directory contents without allowing access
> > to its files").
> >
> > > > +This currently only works with pledge.main = disable.
> > >
> > > Another option would be to do this, and remove some lines from the pkg-readme...
> > >
> >
> > Hehe, good point and I wouldn't mind.  But even if pledge(2) is
> > enabled with all of its classes, it still limits ioctls and the scope
> > of other syscalls.  I don't know, what do people think about this?
>
> Well, i managed to have a 'video' pledge class, so you can probably get
> an 'uhidioctl' class :)
>

btw., the ioctls match the ones that are done by libfido2:

- USB_GET_DEVICEINFO (libfido2 or authenticator-rs)
- USB_GET_REPORT_ID (libfido2 or authenticator-rs)
- USB_GET_REPORT_DESC (libusbhid, used by both)

All of them are read-only (IOR).

Reyk

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Theo de Raadt-2
In reply to this post by Landry Breuil-5
Landry Breuil <[hidden email]> wrote:

> Well, i managed to have a 'video' pledge class, so you can probably get
> an 'uhidioctl' class :)

I still feel the addition of 'video' pledge was an abuse of the concept.

firefox has done a pretty weak version of privsep that requires a
'master process' to have nearly all the pledges.  The pledge options are
designed to encourage best-practice privsep, but firefox wants to
operate a master process with such a vast subset of full-posix, it is as
if it doesn't use pledge at all.

It is similar with unveil, with this new diff.  That process wants to
use a library which accesses many tens of files.  This new subsystem
hasn't been seperated out into a process with a specific purpose.

pledge tries to tighten two problems at the same time

1) decreased abilities for what the process can do when it's memory is
   invaded

2) decreased exposure to the kernel

The addition of these device-specific ioctl's is fighting against
both tightenings.

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Landry Breuil-5
On Tue, Dec 10, 2019 at 10:18:37AM -0700, Theo de Raadt wrote:

> Landry Breuil <[hidden email]> wrote:
>
> > Well, i managed to have a 'video' pledge class, so you can probably get
> > an 'uhidioctl' class :)
>
> I still feel the addition of 'video' pledge was an abuse of the concept.
>
> firefox has done a pretty weak version of privsep that requires a
> 'master process' to have nearly all the pledges.  The pledge options are
> designed to encourage best-practice privsep, but firefox wants to
> operate a master process with such a vast subset of full-posix, it is as
> if it doesn't use pledge at all.
>
> It is similar with unveil, with this new diff.  That process wants to
> use a library which accesses many tens of files.  This new subsystem
> hasn't been seperated out into a process with a specific purpose.

I've been told they welcome new contributors sending patches :)

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Theo de Raadt-2
Landry Breuil <[hidden email]> wrote:

> On Tue, Dec 10, 2019 at 10:18:37AM -0700, Theo de Raadt wrote:
> > Landry Breuil <[hidden email]> wrote:
> >
> > > Well, i managed to have a 'video' pledge class, so you can probably get
> > > an 'uhidioctl' class :)
> >
> > I still feel the addition of 'video' pledge was an abuse of the concept.
> >
> > firefox has done a pretty weak version of privsep that requires a
> > 'master process' to have nearly all the pledges.  The pledge options are
> > designed to encourage best-practice privsep, but firefox wants to
> > operate a master process with such a vast subset of full-posix, it is as
> > if it doesn't use pledge at all.
> >
> > It is similar with unveil, with this new diff.  That process wants to
> > use a library which accesses many tens of files.  This new subsystem
> > hasn't been seperated out into a process with a specific purpose.
>
> I've been told they welcome new contributors sending patches :)

My contribution would be to delete it.

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Theo de Raadt-2
In reply to this post by Landry Breuil-5
Landry Breuil <[hidden email]> wrote:

> On Tue, Dec 10, 2019 at 10:18:37AM -0700, Theo de Raadt wrote:
> > Landry Breuil <[hidden email]> wrote:
> >
> > > Well, i managed to have a 'video' pledge class, so you can probably get
> > > an 'uhidioctl' class :)
> >
> > I still feel the addition of 'video' pledge was an abuse of the concept.
> >
> > firefox has done a pretty weak version of privsep that requires a
> > 'master process' to have nearly all the pledges.  The pledge options are
> > designed to encourage best-practice privsep, but firefox wants to
> > operate a master process with such a vast subset of full-posix, it is as
> > if it doesn't use pledge at all.
> >
> > It is similar with unveil, with this new diff.  That process wants to
> > use a library which accesses many tens of files.  This new subsystem
> > hasn't been seperated out into a process with a specific purpose.
>
> I've been told they welcome new contributors sending patches :)

Landry,

This is a technical discussion.  You don't need to inject such attitude.
I would be happy to take the pledge design back to it's original concept
where it influences design rather than rolls on it's back, and leave you to
cope with it in firefox, probably by turning off all the vague security
attempts.

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support (WebAuthn)

Christian Weisgerber
In reply to this post by Reyk Floeter-2
Reyk Floeter:

> TL;DR: this is an experimental port update to add U2F/FIDO support and
> I'd appreciate testing and feedback.

https://demo.yubico.com/webauthn/

Registration and subsequent login work fine for me with
* HyperFIDO Titanium  (9 EUR, Amazon's Choice)
* Yubico Security Key

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support - using fido(4)

Reyk Floeter-2
In reply to this post by Reyk Floeter-2
On Tue, Dec 10, 2019 at 01:57:42PM +0000, Reyk Floeter wrote:
> TL;DR: this is an experimental port update to add U2F/FIDO support and
...
> I've implemented the missing bits in the Rust crate that is
> responsible for accessing the USB HID devices, see
> https://github.com/reyk/authenticator-rs/tree/reyk/openbsd
>

This updated version has some changes:
1. It uses the new fido(4) driver in OpenBSD-current instead of uhid(4).
2. It works under pledge(2), so it doesn't need any changes in pledge.main.
3. It works better under unveil(2) with the /dev/fido/ directory.
4. It fixes a TOCTOU problem that was given by the authenticator-rs design:
   the existing OS backends (such as freebsd) first scan for devices
   (in monitor) before they pass the device name (e.g. /dev/uhid0) to
   the Device struct that opens it on demand.  I've had the same approach
   in my earlier diff but now I open the devices in monitor and pass the
   fd to the Device struct instead of the (totally pointless) device name.

To test this diff, you need to upgrade to -current or to the latest
snapshot (Dec 18 or newer).

Known issues:

- If you're in the middle of the authentication (Firefox shows a
little fingerprint in the status bar), you cannot use SSH with U2F at
the same time.  The device can only be opened by one user at a time
and sometimes blocks it for a bit too long.  But once you've done the
authentication, firefox closes the device again and you should be fine
and there's no need to kill firefox for SSH.
- The device sometimes doesn't respond immediately.
- I didn't manage to run firefox with RUST_LOG=debug to see the
debug!() output of the authenticator module.  Any hints would be
welcome.

I'm working on an additional approach on top of fido(4) that
eventually helps to fix or mitigate the known issues.  So this diff
might not be the final concept or version, and I will not try to
upstream it yet.

Please test, for example:
https://webauthn.io/, first Register, then Login.

Reyk

Index: www/mozilla-firefox/Makefile
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/Makefile,v
retrieving revision 1.405
diff -u -p -u -p -r1.405 Makefile
--- www/mozilla-firefox/Makefile 3 Dec 2019 17:00:46 -0000 1.405
+++ www/mozilla-firefox/Makefile 18 Dec 2019 10:30:27 -0000
@@ -9,6 +9,7 @@ MOZILLA_VERSION = 71.0
 MOZILLA_BRANCH = release
 MOZILLA_PROJECT = firefox
 MOZILLA_CODENAME = browser
+REVISION = 0
 
 WRKDIST = ${WRKDIR}/${MOZILLA_DIST}-${MOZILLA_DIST_VERSION:C/b[0-9]*//}
 HOMEPAGE = https://www.mozilla.org/firefox/
Index: www/mozilla-firefox/files/unveil.main
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/files/unveil.main,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 unveil.main
--- www/mozilla-firefox/files/unveil.main 3 Dec 2019 17:00:46 -0000 1.1
+++ www/mozilla-firefox/files/unveil.main 18 Dec 2019 10:30:27 -0000
@@ -2,6 +2,7 @@
 /dev/urandom r
 /dev/video rw
 /dev/video0 rw
+/dev/fido rw
 
 /etc/fonts r
 /etc/machine-id r
Index: www/mozilla-firefox/patches/patch-Cargo_lock
===================================================================
RCS file: www/mozilla-firefox/patches/patch-Cargo_lock
diff -N www/mozilla-firefox/patches/patch-Cargo_lock
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-Cargo_lock 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,32 @@
+$OpenBSD$
+
+Index: Cargo.lock
+--- Cargo.lock.orig
++++ Cargo.lock
+@@ -144,7 +144,7 @@ dependencies = [
+ [[package]]
+ name = "authenticator"
+ version = "0.2.6"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
++source = "git+https://github.com/reyk/authenticator-rs?rev=44cde6a41568954c88288ed81babc70bb27d79bf#44cde6a41568954c88288ed81babc70bb27d79bf"
+ dependencies = [
+  "bitflags 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+  "boxfnonce 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)",
+@@ -1222,7 +1222,7 @@ dependencies = [
+  "audio_thread_priority 0.20.2 (registry+https://github.com/rust-lang/crates.io-index)",
+  "audioipc-client 0.4.0",
+  "audioipc-server 0.2.3",
+- "authenticator 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
++ "authenticator 0.2.6 (git+https://github.com/reyk/authenticator-rs?rev=44cde6a41568954c88288ed81babc70bb27d79bf)",
+  "bitsdownload 0.1.0",
+  "bookmark_sync 0.1.0",
+  "cert_storage 0.0.1",
+@@ -3812,7 +3812,7 @@ dependencies = [
+ "checksum atomic_refcell 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fb2dcb6e6d35f20276943cc04bb98e538b348d525a04ac79c10021561d202f21"
+ "checksum atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "9a7d5b8723950951411ee34d271d99dddcc2035a16ab25310ea2c8cfd4369652"
+ "checksum audio_thread_priority 0.20.2 (registry+https://github.com/rust-lang/crates.io-index)" = "197b2d259505d11c92d266e1784f01cc935eb764d2f54e16aedf4e5085197871"
+-"checksum authenticator 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "ec149e5d5d4caa2c9ead53a8ce1ea9c4204c388c65bf3b96c2d1dc0fcf4aeb66"
++"checksum authenticator 0.2.6 (git+https://github.com/reyk/authenticator-rs?rev=44cde6a41568954c88288ed81babc70bb27d79bf)" = "<none>"
+ "checksum autocfg 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "b671c8fb71b457dd4ae18c4ba1e59aa81793daacc361d82fcd410cef0d491875"
+ "checksum backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "89a47830402e9981c5c41223151efcced65a0510c13097c769cede7efb34782a"
+ "checksum backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)" = "c66d56ac8dabd07f6aacdaf633f4b8262f5b3601a810a0dcddffd5c22c69daa0"
Index: www/mozilla-firefox/patches/patch-Cargo_toml
===================================================================
RCS file: www/mozilla-firefox/patches/patch-Cargo_toml
diff -N www/mozilla-firefox/patches/patch-Cargo_toml
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-Cargo_toml 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,15 @@
+$OpenBSD$
+
+Index: Cargo.toml
+--- Cargo.toml.orig
++++ Cargo.toml
+@@ -70,5 +70,9 @@ rev = "182414f15c18538dfebbe040469ec8001e93ecc5"
+ git = "https://github.com/CraneStation/Cranelift"
+ rev = "182414f15c18538dfebbe040469ec8001e93ecc5"
+
++[patch.crates-io.authenticator]
++git = "https://github.com/reyk/authenticator-rs"
++rev = "44cde6a41568954c88288ed81babc70bb27d79bf"
++
+ [patch.crates-io.coreaudio-sys]
+ path = "third_party/rust/coreaudio-sys"
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_Cargo_toml
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_Cargo_toml
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_Cargo_toml
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_Cargo_toml 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,92 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/Cargo.toml
+--- third_party/rust/authenticator/Cargo.toml.orig
++++ third_party/rust/authenticator/Cargo.toml
+@@ -1,53 +1,45 @@
+-# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO
+-#
+-# When uploading crates to the registry Cargo will automatically
+-# "normalize" Cargo.toml files for maximal compatibility
+-# with all versions of Cargo and also rewrite `path` dependencies
+-# to registry (e.g., crates.io) dependencies
+-#
+-# If you believe there's an error in this file please file an
+-# issue against the rust-lang/cargo repository. If you're
+-# editing this file be aware that the upstream Cargo.toml
+-# will likely look very different (and much more reasonable)
+-
+ [package]
+ name = "authenticator"
+ version = "0.2.6"
+ authors = ["J.C. Jones <[hidden email]>", "Tim Taubert <[hidden email]>", "Kyle Machulis <[hidden email]>"]
+-description = "Library for interacting with CTAP1/2 security keys for Web Authentication. Used by Firefox."
+-license = "MPL-2.0"
+ repository = "https://github.com/mozilla/authenticator-rs/"
+-[dependencies.bitflags]
+-version = "1.0"
++license = "MPL-2.0"
++description = "Library for interacting with CTAP1/2 security keys for Web Authentication. Used by Firefox."
+
+-[dependencies.boxfnonce]
+-version = "0.0.3"
++[features]
++binding-recompile = ["bindgen"]
+
+-[dependencies.libc]
+-version = "0.2"
++[target.'cfg(target_os = "linux")'.dependencies]
++libudev = "^0.2"
+
+-[dependencies.log]
+-version = "0.4"
++[target.'cfg(target_os = "freebsd")'.dependencies]
++devd-rs = "0.3"
+
+-[dependencies.rand]
+-version = "0.6"
++[target.'cfg(target_os = "macos")'.dependencies]
++core-foundation = "0.6.2"
+
+-[dependencies.runloop]
+-version = "0.1.0"
+-[dev-dependencies.base64]
+-version = "^0.10"
++[target.'cfg(target_os = "windows")'.dependencies.winapi]
++version = "0.3"
++features = [
++    "handleapi",
++    "hidclass",
++    "hidpi",
++    "hidusage",
++    "setupapi",
++]
+
+-[dev-dependencies.env_logger]
+-version = "0.6"
++[build-dependencies]
++bindgen = { version = "0.51", optional = true }
+
+-[dev-dependencies.sha2]
+-version = "^0.8"
+-[target."cfg(target_os = \"freebsd\")".dependencies.devd-rs]
+-version = "0.3"
+-[target."cfg(target_os = \"linux\")".dependencies.libudev]
+-version = "^0.2"
+-[target."cfg(target_os = \"macos\")".dependencies.core-foundation]
+-version = "0.6.2"
+-[target."cfg(target_os = \"windows\")".dependencies.winapi]
+-version = "0.3"
+-features = ["handleapi", "hidclass", "hidpi", "hidusage", "setupapi"]
++[dependencies]
++rand = "0.6"
++log = "0.4"
++libc = "0.2"
++boxfnonce = "0.0.3"
++runloop = "0.1.0"
++bitflags = "1.0"
++
++[dev-dependencies]
++sha2 = "^0.8"
++base64 = "^0.10"
++env_logger = "0.6"
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator__cargo-checksum_json
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator__cargo-checksum_json
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator__cargo-checksum_json
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator__cargo-checksum_json 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,10 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/.cargo-checksum.json
+--- third_party/rust/authenticator/.cargo-checksum.json.orig
++++ third_party/rust/authenticator/.cargo-checksum.json
+@@ -1 +1 @@
+-{"files":{"Cargo.toml":"5af2217a89aa4af5db14fd48c05144e264b53e067a8cf0433638e5196ad85f25","LICENSE":"e147f11fd8c5b7d151db93eabbb02ddb8b481082047008062025afd1ff7e2a27","README.md":"1c291ddb3f131b55e706f13a98eec871055ceb17ef502ce75f608b67136cc7c3","examples/main.rs":"7af9e288b1836fb9362589b6bf54c1f1d277bdf64df60c1caccef98c1bfe792c","rustfmt.toml":"de4e1daab481c1572805aed3e51e72c5dc1b3e5af757bc675e1717b251c6e922","src/capi.rs":"33b91e8e43003fb11b0fbb4ea72e4a5dba8f4dcc11e2503a8186eaea020c13c3","src/consts.rs":"4c34980f94d1017e5e75e29b26750c1678e0609c9227296951ffbb9e180a5adf","src/freebsd/device.rs":"914ac446ff24cc3fc050732372e286e1fedf8341a8d4754e392bc9f38393b142","src/freebsd/mod.rs":"42dcb57fbeb00140003a8ad39acac9b547062b8f281a3fa5deb5f92a6169dde6","src/freebsd/monitor.rs":"3683370931b15f05403d240a788a87b1bea801284ee74b849e1f330a4a231dd0","src/freebsd/transaction.rs":"e3615cfdd7f23e9a80a53c32e0fa2a5ae290a432b009bed2b2e74e0df77f8266","src/freebsd/uhid.rs":"d19ade6e808e63981ba5f93d482d676ffa9dff29cb2b7011486591f69ddbbdcd","src/hidproto.rs":"966ee74341e2ecff262e5490f99dcc9b9f9427451f3ded1b9cb9698a6984a3cc","src/lib.rs":"1dc04a7d7af14e9f1172a3839522386492a47218df14dfb0f24f98fe314c3d06","src/linux/device.rs":"2271fbb8d176ec01f83a899c0c8194a954465fdd8670a9b136ab88baaba2ee48","src/linux/hidraw.rs":"179cf38a1bd86c191c625a814d16e7ac00a774df9b3828ac4f735313a030f1e5","src/linux/mod.rs":"1056db0c258ccd9975066ffa8407ded689ecf5ece67fc17e732c487b69557b2c","src/linux/monitor.rs":"876d4e095d77858412c61d35560a3b85855a9c00beea6950b5f50796d8fd3eab","src/linux/transaction.rs":"e3615cfdd7f23e9a80a53c32e0fa2a5ae290a432b009bed2b2e74e0df77f8266","src/macos/device.rs":"57186092fd937124f96afacef57d0493efce86553ac50d527e6365b93eaabddf","src/macos/iokit.rs":"a0fd818224718e96ad5d106dfc235f4bc9218a59f5114b9f9825abe3ee62bce7","src/macos/mod.rs":"333e561554fc901d4f6092f6e4c85823e2b0c4ff31c9188d0e6d542b71a0a07c","src/macos/monitor.rs":"1f132a8566858b22309b33f8ae96d5596c42f515785be841bb51db80e20471d1","src/macos/transaction.rs":"b8e362575b2bcc54232022131bfa073d605969119326dcb549f4d87037a31541","src/manager.rs":"7428fc23038b004841936d8f27f8dc33234d5c06361efa75b73c7a5c035dae75","src/statemachine.rs":"28477fba601f5086b85e911da1e4f04af3f0060329e6e0e1172b960f9c52fd41","src/stub/device.rs":"32e134fc8826667d16b02fe32831fc29f4d52d0a7a065d7d649c4a1c5faa0dcc","src/stub/mod.rs":"6a7fec504a52d403b0241b18cd8b95088a31807571f4c0a67e4055afc74f4453","src/stub/transaction.rs":"8655bc37b69c318ff0bc69a62fcb31820eb6ad7921a53e0cecffa15e80d97630","src/u2fhid-capi.h":"fc2575f720ab8f6bc0c523c57310f35c464576bd5150c3c2b1873d3abde5909b","src/u2fprotocol.rs":"77b6d5005d8b3d98cd96e480013c1e97155da5df3cf5e19819ee82ac8e3b6c7d","src/u2ftypes.rs":"a28c07956a339d97d37f91b7257d1a5d1ea3b34f5c37bb9da0e17490115e5d8d","src/util.rs":"70c8b9b8d90e6d581a7d2568aeff3bbde6c2d9f3864cee9fbc2486c1f3002a13","src/windows/device.rs":"86a6ecc239608977a963f375336780746e90e95c3eb9ff303347beb983c40ab6","src/windows/mod.rs":"218e7f2fe91ecb390c12bba5a5ffdad2c1f0b22861c937f4d386262e5b3dd617","src/windows/monitor.rs":"d8e8316e5bd9fc6ebed737bd8d6e0713c99287aca04f392f6319cdfd8576f754","src/windows/transaction.rs":"1b9a5af866048911ccaec8c94b698b28ae1b80e3d4842f9d6ed38462f459c796","src/windows/winapi.rs":"a4286fd5e8dcb178e37df512ba7752b2a3c38fe30e1176022767d2c05c242bf8"},"package":"ec149e5d5d4caa2c9ead53a8ce1ea9c4204c388c65bf3b96c2d1dc0fcf4aeb66"}
+\ No newline at end of file
++{"files":{".clippy.toml":"e4825bd4c3e9b0d59a10f4427b9d979a3bc09ed99002cf4d37da79a9e09d7af2",".travis.yml":"0fea6ccda66d81d7d5282bac3234e0840c60923fe6370d46b30a1d1dab47d23d","Cargo.toml":"46b700225274e99b1f2a5f289b1f7e56d46bbe3d39655b4750667bbbb0f83749","LICENSE":"e147f11fd8c5b7d151db93eabbb02ddb8b481082047008062025afd1ff7e2a27","README.md":"1c291ddb3f131b55e706f13a98eec871055ceb17ef502ce75f608b67136cc7c3","build.rs":"9bda0e33ccd049d4f48de8b22edf8fd3cbd5addd04e605dc22d2afe564b463b3","examples/main.rs":"7af9e288b1836fb9362589b6bf54c1f1d277bdf64df60c1caccef98c1bfe792c","rustfmt.toml":"de4e1daab481c1572805aed3e51e72c5dc1b3e5af757bc675e1717b251c6e922","src/capi.rs":"33b91e8e43003fb11b0fbb4ea72e4a5dba8f4dcc11e2503a8186eaea020c13c3","src/consts.rs":"4c34980f94d1017e5e75e29b26750c1678e0609c9227296951ffbb9e180a5adf","src/freebsd/device.rs":"914ac446ff24cc3fc050732372e286e1fedf8341a8d4754e392bc9f38393b142","src/freebsd/mod.rs":"42dcb57fbeb00140003a8ad39acac9b547062b8f281a3fa5deb5f92a6169dde6","src/freebsd/monitor.rs":"3683370931b15f05403d240a788a87b1bea801284ee74b849e1f330a4a231dd0","src/freebsd/transaction.rs":"e3615cfdd7f23e9a80a53c32e0fa2a5ae290a432b009bed2b2e74e0df77f8266","src/freebsd/uhid.rs":"d19ade6e808e63981ba5f93d482d676ffa9dff29cb2b7011486591f69ddbbdcd","src/hidproto.rs":"966ee74341e2ecff262e5490f99dcc9b9f9427451f3ded1b9cb9698a6984a3cc","src/lib.rs":"4b43ad18b4eae9356ba6d7954542a38f3015ab8a72ab1fde28169aaf343721d8","src/linux/device.rs":"2271fbb8d176ec01f83a899c0c8194a954465fdd8670a9b136ab88baaba2ee48","src/linux/hidraw.rs":"0d5804d1cd99e7c30c8bde3089f8ed98d7d683d3cd487821e29b133b1ee90228","src/linux/hidwrapper.h":"72785db3a9b27ea72b6cf13a958fee032af54304522d002f56322473978a20f9","src/linux/hidwrapper.rs":"b6dfb20e16f97eb534dfa9742b97443368f08fde962d789f044ec8cc2536502f","src/linux/ioctl_powerpc64le.rs":"8c698780df59ba0215a02b88569f48a0b384bfc1c0eaca34a2f2578c0104e439","src/linux/ioctl_x86_64.rs":"dc072df769e4a99c1cadc019041123966792b97db3a2b0f660099d8decce9a14","src/linux/mod.rs":"9dacd694fdb52911a5b22f97ea22ff9505f05a246700dd10e72d4186ce369631","src/linux/monitor.rs":"876d4e095d77858412c61d35560a3b85855a9c00beea6950b5f50796d8fd3eab","src/linux/transaction.rs":"e3615cfdd7f23e9a80a53c32e0fa2a5ae290a432b009bed2b2e74e0df77f8266","src/macos/device.rs":"57186092fd937124f96afacef57d0493efce86553ac50d527e6365b93eaabddf","src/macos/iokit.rs":"a0fd818224718e96ad5d106dfc235f4bc9218a59f5114b9f9825abe3ee62bce7","src/macos/mod.rs":"333e561554fc901d4f6092f6e4c85823e2b0c4ff31c9188d0e6d542b71a0a07c","src/macos/monitor.rs":"1f132a8566858b22309b33f8ae96d5596c42f515785be841bb51db80e20471d1","src/macos/transaction.rs":"b8e362575b2bcc54232022131bfa073d605969119326dcb549f4d87037a31541","src/manager.rs":"7428fc23038b004841936d8f27f8dc33234d5c06361efa75b73c7a5c035dae75","src/openbsd/device.rs":"b5de51a8b3ae0e542373a2064cff1ae6e1f91ac78e1406805d9ca8a05ce758c9","src/openbsd/mod.rs":"514274d414042ff84b3667a41a736e78581e22fda87ccc97c2bc05617e381a30","src/openbsd/monitor.rs":"953800ab8fd6adf5d70633059b20d2cf0f5a2701d92e58a06d1ec33208983bc4","src/openbsd/transaction.rs":"10be1ce983c72513fec57baaa6869ef02b9cdbd8ea66bb2dfe24d857faf054f5","src/statemachine.rs":"28477fba601f5086b85e911da1e4f04af3f0060329e6e0e1172b960f9c52fd41","src/stub/device.rs":"32e134fc8826667d16b02fe32831fc29f4d52d0a7a065d7d649c4a1c5faa0dcc","src/stub/mod.rs":"6a7fec504a52d403b0241b18cd8b95088a31807571f4c0a67e4055afc74f4453","src/stub/transaction.rs":"8655bc37b69c318ff0bc69a62fcb31820eb6ad7921a53e0cecffa15e80d97630","src/u2fhid-capi.h":"fc2575f720ab8f6bc0c523c57310f35c464576bd5150c3c2b1873d3abde5909b","src/u2fprotocol.rs":"77b6d5005d8b3d98cd96e480013c1e97155da5df3cf5e19819ee82ac8e3b6c7d","src/u2ftypes.rs":"a28c07956a339d97d37f91b7257d1a5d1ea3b34f5c37bb9da0e17490115e5d8d","src/util.rs":"c517750c9bf00f44fb63cada8c40d0227a4d3765488499a1f4d3c0f01daa67a7","src/windows/device.rs":"86a6ecc239608977a963f375336780746e90e95c3eb9ff303347beb983c40ab6","src/windows/mod.rs":"218e7f2fe91ecb390c12bba5a5ffdad2c1f0b22861c937f4d386262e5b3dd617","src/windows/monitor.rs":"d8e8316e5bd9fc6ebed737bd8d6e0713c99287aca04f392f6319cdfd8576f754","src/windows/transaction.rs":"1b9a5af866048911ccaec8c94b698b28ae1b80e3d4842f9d6ed38462f459c796","src/windows/winapi.rs":"a4286fd5e8dcb178e37df512ba7752b2a3c38fe30e1176022767d2c05c242bf8"},"package":null}
+\ No newline at end of file
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator__clippy_toml
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator__clippy_toml
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator__clippy_toml
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator__clippy_toml 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,8 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/.clippy.toml
+--- third_party/rust/authenticator/.clippy.toml.orig
++++ third_party/rust/authenticator/.clippy.toml
+@@ -0,0 +1 @@
++type-complexity-threshold = 384
+\ No newline at end of file
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator__travis_yml
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator__travis_yml
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator__travis_yml
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator__travis_yml 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,48 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/.travis.yml
+--- third_party/rust/authenticator/.travis.yml.orig
++++ third_party/rust/authenticator/.travis.yml
+@@ -0,0 +1,42 @@
++sudo: false
++language: rust
++cache: cargo
++rust:
++  - stable
++  - beta
++  - nightly
++
++matrix:
++  allow_failures:
++    - rust: nightly
++
++addons:
++  apt:
++    packages:
++      - build-essential
++      - libudev-dev
++
++before_install:
++  - pkg-config --list-all
++  - pkg-config --libs libudev
++  - pkg-config --modversion libudev
++
++install:
++  - rustup install nightly
++  - rustup component add rustfmt-preview
++  - rustup component add clippy-preview
++
++script:
++- |
++  if [ "$TRAVIS_RUST_VERSION" == "nightly" ] ; then
++    export ASAN_OPTIONS="detect_odr_violation=1:leak_check_at_exit=0:detect_leaks=0"
++    export RUSTFLAGS="-Z sanitizer=address"
++  fi
++- |
++  if [ "$TRAVIS_RUST_VERSION" == "stable" ] ; then
++    echo "Running rustfmt"
++    cargo fmt --all -- --check
++    echo "Running clippy"
++    cargo clippy --all-targets -- -A renamed_and_removed_lints -A clippy::new-ret-no-self -D warnings
++  fi
++- cargo test
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_build_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_build_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_build_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_build_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,56 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/build.rs
+--- third_party/rust/authenticator/build.rs.orig
++++ third_party/rust/authenticator/build.rs
+@@ -0,0 +1,50 @@
++#[cfg(all(target_os = "linux", feature = "binding-recompile"))]
++extern crate bindgen;
++
++#[cfg(all(target_os = "linux", feature = "binding-recompile"))]
++use std::path::PathBuf;
++
++#[cfg(any(not(target_os = "linux"), not(feature = "binding-recompile")))]
++fn main () {}
++
++#[cfg(all(target_os = "linux", feature = "binding-recompile"))]
++fn main() {
++    let bindings = bindgen::Builder::default()
++        .header("src/linux/hidwrapper.h")
++        .whitelist_var("_HIDIOCGRDESCSIZE")
++        .whitelist_var("_HIDIOCGRDESC")
++        .generate()
++        .expect("Unable to get hidraw bindings");
++
++    let out_path = PathBuf::new();
++    let name = if cfg!(target_arch = "x86") {
++        "ioctl_x86.rs"
++    } else if cfg!(target_arch = "x86_64") {
++        "ioctl_x86_64.rs"
++    } else if cfg!(all(target_arch = "mips", target_endian = "big")) {
++        "ioctl_mipsbe.rs"
++    } else if cfg!(all(target_arch = "mips", target_endian = "little")) {
++        "ioctl_mipsle.rs"
++    } else if cfg!(all(target_arch = "powerpc", target_endian = "little")) {
++        "ioctl_powerpcle.rs"
++    } else if cfg!(all(target_arch = "powerpc", target_endian = "big")) {
++        "ioctl_powerpcbe.rs"
++    } else if cfg!(all(target_arch = "powerpc64", target_endian = "little")) {
++        "ioctl_powerpc64le.rs"
++    } else if cfg!(all(target_arch = "powerpc64", target_endian = "big")) {
++        "ioctl_powerpc64be.rs"
++    } else if cfg!(all(target_arch = "arm", target_endian = "little")) {
++        "ioctl_armle.rs"
++    } else if cfg!(all(target_arch = "arm", target_endian = "big")) {
++        "ioctl_armbe.rs"
++    } else if cfg!(all(target_arch = "aarch64", target_endian = "little")) {
++        "ioctl_aarch64le.rs"
++    } else if cfg!(all(target_arch = "aarch64", target_endian = "big")) {
++        "ioctl_aarch64be.rs"
++    } else {
++        panic!("architecture not supported");
++    };
++    bindings
++        .write_to_file(out_path.join("src").join("linux").join(name))
++        .expect("Couldn't write hidraw bindings");
++}
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_lib_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_lib_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_lib_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_lib_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,24 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/lib.rs
+--- third_party/rust/authenticator/src/lib.rs.orig
++++ third_party/rust/authenticator/src/lib.rs
+@@ -22,6 +22,10 @@ extern crate devd_rs;
+ #[path = "freebsd/mod.rs"]
+ pub mod platform;
+
++#[cfg(any(target_os = "openbsd"))]
++#[path = "openbsd/mod.rs"]
++pub mod platform;
++
+ #[cfg(any(target_os = "macos"))]
+ extern crate core_foundation;
+
+@@ -36,6 +40,7 @@ pub mod platform;
+ #[cfg(not(any(
+     target_os = "linux",
+     target_os = "freebsd",
++    target_os = "openbsd",
+     target_os = "macos",
+     target_os = "windows"
+ )))]
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidraw_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidraw_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidraw_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidraw_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,74 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/linux/hidraw.rs
+--- third_party/rust/authenticator/src/linux/hidraw.rs.orig
++++ third_party/rust/authenticator/src/linux/hidraw.rs
+@@ -6,9 +6,9 @@
+ extern crate libc;
+
+ use std::io;
+-use std::mem;
+ use std::os::unix::io::RawFd;
+
++use super::hidwrapper::{_HIDIOCGRDESC, _HIDIOCGRDESCSIZE};
+ use hidproto::*;
+ use util::{from_unix_result, io_err};
+
+@@ -19,42 +19,26 @@ pub struct LinuxReportDescriptor {
+     value: [u8; 4096],
+ }
+
+-const NRBITS: u32 = 8;
+-const TYPEBITS: u32 = 8;
+-
+-const READ: u8 = 2;
+-const SIZEBITS: u8 = 14;
+-
+-const NRSHIFT: u32 = 0;
+-const TYPESHIFT: u32 = NRSHIFT + NRBITS as u32;
+-const SIZESHIFT: u32 = TYPESHIFT + TYPEBITS as u32;
+-const DIRSHIFT: u32 = SIZESHIFT + SIZEBITS as u32;
+-
+-// https://github.com/torvalds/linux/blob/master/include/uapi/linux/hid.h
+ const HID_MAX_DESCRIPTOR_SIZE: usize = 4096;
+
+-macro_rules! ioctl {
+-    ($dir:expr, $name:ident, $ioty:expr, $nr:expr; $ty:ty) => {
+-        pub unsafe fn $name(fd: libc::c_int, val: *mut $ty) -> io::Result<libc::c_int> {
+-            let size = mem::size_of::<$ty>();
+-            let ioc = (($dir as u32) << DIRSHIFT)
+-                | (($ioty as u32) << TYPESHIFT)
+-                | (($nr as u32) << NRSHIFT)
+-                | ((size as u32) << SIZESHIFT);
++#[cfg(not(target_env = "musl"))]
++type IocType = libc::c_ulong;
++#[cfg(target_env = "musl")]
++type IocType = libc::c_int;
+
+-            #[cfg(not(target_env = "musl"))]
+-            type IocType = libc::c_ulong;
+-            #[cfg(target_env = "musl")]
+-            type IocType = libc::c_int;
+-
+-            from_unix_result(libc::ioctl(fd, ioc as IocType, val))
+-        }
+-    };
++pub unsafe fn hidiocgrdescsize(
++    fd: libc::c_int,
++    val: *mut ::libc::c_int,
++) -> io::Result<libc::c_int> {
++    from_unix_result(libc::ioctl(fd, _HIDIOCGRDESCSIZE as IocType, val))
+ }
+
+-// https://github.com/torvalds/linux/blob/master/include/uapi/linux/hidraw.h
+-ioctl!(READ, hidiocgrdescsize, b'H', 0x01; ::libc::c_int);
+-ioctl!(READ, hidiocgrdesc, b'H', 0x02; /*struct*/ LinuxReportDescriptor);
++pub unsafe fn hidiocgrdesc(
++    fd: libc::c_int,
++    val: *mut LinuxReportDescriptor,
++) -> io::Result<libc::c_int> {
++    from_unix_result(libc::ioctl(fd, _HIDIOCGRDESC as IocType, val))
++}
+
+ pub fn is_u2f_device(fd: RawFd) -> bool {
+     match read_report_descriptor(fd) {
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidwrapper_h
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidwrapper_h
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidwrapper_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidwrapper_h 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/linux/hidwrapper.h
+--- third_party/rust/authenticator/src/linux/hidwrapper.h.orig
++++ third_party/rust/authenticator/src/linux/hidwrapper.h
+@@ -0,0 +1,12 @@
++#include<sys/ioctl.h>
++#include<linux/hidraw.h>
++
++/* we define these constants to work around the fact that bindgen
++   can't deal with the _IOR macro function. We let cpp deal with it
++   for us. */
++
++const __u32 _HIDIOCGRDESCSIZE = HIDIOCGRDESCSIZE;
++#undef HIDIOCGRDESCSIZE
++
++const __u32 _HIDIOCGRDESC = HIDIOCGRDESC;
++#undef HIDIOCGRDESC
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidwrapper_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidwrapper_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidwrapper_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_hidwrapper_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,48 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/linux/hidwrapper.rs
+--- third_party/rust/authenticator/src/linux/hidwrapper.rs.orig
++++ third_party/rust/authenticator/src/linux/hidwrapper.rs
+@@ -0,0 +1,42 @@
++#![allow(non_upper_case_globals)]
++#![allow(non_camel_case_types)]
++#![allow(non_snake_case)]
++// sadly we need this file so we can avoid the suprious warnings that
++// would come with bindgen, as well as to avoid cluttering the mod.rs
++// with spurious architecture specific modules.
++
++#[cfg(target_arch = "x86")]
++include!("ioctl_x86.rs");
++
++#[cfg(target_arch = "x86_64")]
++include!("ioctl_x86_64.rs");
++
++#[cfg(all(target_arch = "mips", target_endian = "little"))]
++include!("ioctl_mipsle.rs");
++
++#[cfg(all(target_arch = "mips", target_endian = "big"))]
++include!("ioctl_mipsbe.rs");
++
++#[cfg(all(target_arch = "powerpc", target_endian = "little"))]
++include!("ioctl_powerpcle.rs");
++
++#[cfg(all(target_arch = "powerpc", target_endian = "big"))]
++include!("ioctl_powerpcbe.rs");
++
++#[cfg(all(target_arch = "powerpc64", target_endian = "little"))]
++include!("ioctl_powerpc64le.rs");
++
++#[cfg(all(target_arch = "powerpc64", target_endian = "big"))]
++include!("ioctl_powerpc64be.rs");
++
++#[cfg(all(target_arch = "arm", target_endian = "little"))]
++include!("ioctl_armle.rs");
++
++#[cfg(all(target_arch = "arm", target_endian = "big"))]
++include!("ioctl_armbe.rs");
++
++#[cfg(all(target_arch = "aarch64", target_endian = "little"))]
++include!("ioctl_aarch64le.rs");
++
++#[cfg(all(target_arch = "aarch64", target_endian = "big"))]
++include!("ioctl_aarch64be.rs");
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_ioctl_powerpc64le_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_ioctl_powerpc64le_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_ioctl_powerpc64le_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_ioctl_powerpc64le_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,10 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/linux/ioctl_powerpc64le.rs
+--- third_party/rust/authenticator/src/linux/ioctl_powerpc64le.rs.orig
++++ third_party/rust/authenticator/src/linux/ioctl_powerpc64le.rs
+@@ -0,0 +1,3 @@
++/* automatically generated by rust-bindgen */
++
++pub type __u32 = :: std :: os :: raw :: c_uint ; pub const _HIDIOCGRDESCSIZE : __u32 = 1074022401 ; pub const _HIDIOCGRDESC : __u32 = 1342457858 ;
+\ No newline at end of file
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_ioctl_x86_64_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_ioctl_x86_64_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_ioctl_x86_64_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_ioctl_x86_64_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,10 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/linux/ioctl_x86_64.rs
+--- third_party/rust/authenticator/src/linux/ioctl_x86_64.rs.orig
++++ third_party/rust/authenticator/src/linux/ioctl_x86_64.rs
+@@ -0,0 +1,3 @@
++/* automatically generated by rust-bindgen */
++
++pub type __u32 = :: std :: os :: raw :: c_uint ; pub const _HIDIOCGRDESCSIZE : __u32 = 2147764225 ; pub const _HIDIOCGRDESC : __u32 = 2416199682 ;
+\ No newline at end of file
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_mod_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_mod_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_mod_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_linux_mod_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/linux/mod.rs
+--- third_party/rust/authenticator/src/linux/mod.rs.orig
++++ third_party/rust/authenticator/src/linux/mod.rs
+@@ -5,5 +5,6 @@
+ pub mod device;
+ pub mod transaction;
+
++mod hidwrapper;
+ mod hidraw;
+ mod monitor;
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_device_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_device_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_device_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_device_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,129 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/openbsd/device.rs
+--- third_party/rust/authenticator/src/openbsd/device.rs.orig
++++ third_party/rust/authenticator/src/openbsd/device.rs
+@@ -0,0 +1,123 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++extern crate libc;
++
++use std::ffi::OsString;
++use std::io::{Read, Result, Write};
++use std::mem;
++
++use consts::CID_BROADCAST;
++use platform::monitor::FidoDev;
++use u2ftypes::U2FDevice;
++use util::{from_unix_result, io_err};
++
++#[derive(Debug)]
++pub struct Device {
++    path: OsString,
++    fd: libc::c_int,
++    cid: [u8; 4],
++    out_len: usize,
++}
++
++impl Device {
++    pub fn new(fido: FidoDev) -> Result<Self> {
++        debug!("device found: {:?}", fido);
++        Ok(Self {
++            path: fido.os_path,
++            fd: fido.fd,
++            cid: CID_BROADCAST,
++            out_len: 64,
++        })
++    }
++
++    pub fn is_u2f(&mut self) -> bool {
++        debug!("device {:?} is U2F/FIDO", self.path);
++
++        // From OpenBSD's libfido2 in 6.6-current:
++        // "OpenBSD (as of 201910) has a bug that causes it to lose
++        // track of the DATA0/DATA1 sequence toggle across uhid device
++        // open and close. This is a terrible hack to work around it."
++        match self.ping() {
++            Ok(_) => true,
++            Err(err) => {
++                debug!("device {:?} is not responding: {}", self.path, err);
++                false
++            }
++        }
++    }
++
++    fn ping(&mut self) -> Result<()> {
++        let capacity = 256;
++
++        for _ in 0..10 {
++            let mut data = vec![0u8; capacity];
++
++            // Send 1 byte ping
++            self.write_all(&[0, 0xff, 0xff, 0xff, 0xff, 0x81, 0, 1])?;
++
++            // Wait for response
++            let mut pfd: libc::pollfd = unsafe { mem::zeroed() };
++            pfd.fd = self.fd;
++            pfd.events = libc::POLLIN;
++            if from_unix_result(unsafe { libc::poll(&mut pfd, 1, 100) })? == 0 {
++                debug!("device {:?} timeout", self.path);
++                continue;
++            }
++
++            // Read response
++            self.read(&mut data[..])?;
++
++            return Ok(());
++        }
++
++        Err(io_err("no response from device"))
++    }
++}
++
++impl Drop for Device {
++    fn drop(&mut self) {
++        // Close the fd, ignore any errors.
++        let _ = unsafe { libc::close(self.fd) };
++        debug!("device {:?} closed", self.path);
++    }
++}
++
++impl PartialEq for Device {
++    fn eq(&self, other: &Device) -> bool {
++        self.path == other.path
++    }
++}
++
++impl Read for Device {
++    fn read(&mut self, buf: &mut [u8]) -> Result<usize> {
++        let buf_ptr = buf.as_mut_ptr() as *mut libc::c_void;
++        let rv = unsafe { libc::read(self.fd, buf_ptr, buf.len()) };
++        from_unix_result(rv as usize)
++    }
++}
++
++impl Write for Device {
++    fn write(&mut self, buf: &[u8]) -> Result<usize> {
++        // Always skip the first byte (report number)
++        let data = &buf[1..];
++        let data_ptr = data.as_ptr() as *const libc::c_void;
++        let rv = unsafe { libc::write(self.fd, data_ptr, data.len()) };
++        Ok(from_unix_result(rv as usize)? + 1)
++    }
++
++    fn flush(&mut self) -> Result<()> {
++        Ok(())
++    }
++}
++
++impl U2FDevice for Device {
++    fn get_cid(&self) -> &[u8; 4] {
++        &self.cid
++    }
++
++    fn set_cid(&mut self, cid: [u8; 4]) {
++        self.cid = cid;
++    }
++}
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_mod_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_mod_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_mod_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_mod_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/openbsd/mod.rs
+--- third_party/rust/authenticator/src/openbsd/mod.rs.orig
++++ third_party/rust/authenticator/src/openbsd/mod.rs
+@@ -0,0 +1,8 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++pub mod device;
++pub mod transaction;
++
++mod monitor;
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_monitor_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_monitor_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_monitor_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_monitor_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,117 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/openbsd/monitor.rs
+--- third_party/rust/authenticator/src/openbsd/monitor.rs.orig
++++ third_party/rust/authenticator/src/openbsd/monitor.rs
+@@ -0,0 +1,111 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++use std::collections::HashMap;
++use std::ffi::{CString, OsString};
++use std::io;
++use std::os::unix::ffi::OsStrExt;
++use std::os::unix::io::RawFd;
++use std::path::PathBuf;
++use std::sync::Arc;
++use std::thread;
++use std::time::Duration;
++
++use runloop::RunLoop;
++use util::from_unix_result;
++
++const POLL_TIMEOUT: u64 = 500;
++
++#[derive(Debug)]
++pub struct FidoDev {
++    pub fd: RawFd,
++    pub os_path: OsString,
++}
++
++pub struct Monitor<F>
++where
++    F: Fn(FidoDev, &dyn Fn() -> bool) + Sync,
++{
++    runloops: HashMap<OsString, RunLoop>,
++    new_device_cb: Arc<F>,
++}
++
++impl<F> Monitor<F>
++where
++    F: Fn(FidoDev, &dyn Fn() -> bool) + Send + Sync + 'static,
++{
++    pub fn new(new_device_cb: F) -> Self {
++        Self {
++            runloops: HashMap::new(),
++            new_device_cb: Arc::new(new_device_cb),
++        }
++    }
++
++    pub fn run(&mut self, alive: &dyn Fn() -> bool) -> io::Result<()> {
++        // Loop until we're stopped by the controlling thread, or fail.
++        while alive() {
++            // Iterate the first 10 fido(4) devices.
++            for path in (0..10)
++                .map(|unit| PathBuf::from(&format!("/dev/fido/{}", unit)))
++                .filter(|path| path.exists())
++            {
++                let os_path = path.as_os_str().to_os_string();
++                let cstr = CString::new(os_path.as_bytes())?;
++
++                // Try to open the device.
++                let fd = unsafe { libc::open(cstr.as_ptr(), libc::O_RDWR) };
++                match from_unix_result(fd) {
++                    Ok(fd) => {
++                        // The device is available if it can be opened.
++                        self.add_device(FidoDev { fd, os_path });
++                    }
++                    Err(ref err) if err.raw_os_error() == Some(libc::EBUSY) => {
++                        // The device is available but currently in use.
++                    }
++                    _ => {
++                        // libc::ENODEV or any other error.
++                        self.remove_device(os_path);
++                    }
++                }
++            }
++
++            thread::sleep(Duration::from_millis(POLL_TIMEOUT));
++        }
++
++        // Remove all tracked devices.
++        self.remove_all_devices();
++
++        Ok(())
++    }
++
++    fn add_device(&mut self, fido: FidoDev) {
++        if !self.runloops.contains_key(&fido.os_path) {
++            let f = self.new_device_cb.clone();
++            let key = fido.os_path.clone();
++
++            let runloop = RunLoop::new(move |alive| {
++                if alive() {
++                    f(fido, alive);
++                }
++            });
++
++            if let Ok(runloop) = runloop {
++                self.runloops.insert(key, runloop);
++            }
++        }
++    }
++
++    fn remove_device(&mut self, path: OsString) {
++        if let Some(runloop) = self.runloops.remove(&path) {
++            runloop.cancel();
++        }
++    }
++
++    fn remove_all_devices(&mut self) {
++        while !self.runloops.is_empty() {
++            let path = self.runloops.keys().next().unwrap().clone();
++            self.remove_device(path);
++        }
++    }
++}
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_transaction_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_transaction_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_transaction_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_openbsd_transaction_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,54 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/openbsd/transaction.rs
+--- third_party/rust/authenticator/src/openbsd/transaction.rs.orig
++++ third_party/rust/authenticator/src/openbsd/transaction.rs
+@@ -0,0 +1,48 @@
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++use platform::monitor::{FidoDev, Monitor};
++use runloop::RunLoop;
++use util::OnceCallback;
++
++pub struct Transaction {
++    // Handle to the thread loop.
++    thread: Option<RunLoop>,
++}
++
++impl Transaction {
++    pub fn new<F, T>(
++        timeout: u64,
++        callback: OnceCallback<T>,
++        new_device_cb: F,
++    ) -> Result<Self, ::Error>
++    where
++        F: Fn(FidoDev, &dyn Fn() -> bool) + Sync + Send + 'static,
++        T: 'static,
++    {
++        let thread = RunLoop::new_with_timeout(
++            move |alive| {
++                // Create a new device monitor.
++                let mut monitor = Monitor::new(new_device_cb);
++
++                // Start polling for new devices.
++                try_or!(monitor.run(alive), |_| callback.call(Err(::Error::Unknown)));
++
++                // Send an error, if the callback wasn't called already.
++                callback.call(Err(::Error::NotAllowed));
++            },
++            timeout,
++        )
++        .map_err(|_| ::Error::Unknown)?;
++
++        Ok(Self {
++            thread: Some(thread),
++        })
++    }
++
++    pub fn cancel(&mut self) {
++        // This must never be None.
++        self.thread.take().unwrap().cancel();
++    }
++}
Index: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_util_rs
===================================================================
RCS file: www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_util_rs
diff -N www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_util_rs
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/mozilla-firefox/patches/patch-third_party_rust_authenticator_src_util_rs 18 Dec 2019 10:30:27 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+
+Index: third_party/rust/authenticator/src/util.rs
+--- third_party/rust/authenticator/src/util.rs.orig
++++ third_party/rust/authenticator/src/util.rs
+@@ -56,6 +56,15 @@ pub fn from_unix_result<T: Signed>(rv: T) -> io::Resul
+     }
+ }
+
++#[cfg(any(target_os = "openbsd"))]
++pub fn from_unix_result<T: Signed>(rv: T) -> io::Result<T> {
++    if rv.is_negative() {
++        Err(io::Error::last_os_error())
++    } else {
++        Ok(rv)
++    }
++}
++
+ pub fn io_err(msg: &str) -> io::Error {
+     io::Error::new(io::ErrorKind::Other, msg)
+ }

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support - using fido(4)

Greg Steuck
> This updated version has some changes:
> 1. It uses the new fido(4) driver in OpenBSD-current instead of uhid(4).

I confirmed this works great (registration and authentication) with these
two devices across github and google:

The original gnubby:
uhidev0 at uhub0 port 2 configuration 1 interface 0 "Yubico Yubico Gnubby
(gnubby1)" rev 2.00/0.97 addr 7

Blue key from Amazon (a few years ago):
uhidev0 at uhub0 port 4 configuration 1 interface 0 "Yubico Security Key by
Yubico" rev 2.00/4.27 addr 7

Thanks
Greg
--
nest.cx is Gmail hosted, use PGP:
https://pgp.key-server.io/0x0B1542BD8DF5A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3  4D50 0B15 42BD 8DF5 A1B0
Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: www/mozilla-firefox U2F/FIDO support - using fido(4)

Greg Steuck
FWIW, the same patch works find with firefox upgraded to 72.0.1 in
ports as of today. I built it from this tree:
https://github.com/blackgnezdo/ports/tree/firefox-fido-2020-01-10

Thanks
Greg