[patch] Add support for ecdsa-sk, ed25519-sk ssh keys

  • Done
  • quality assurance status badge
Details
2 participants
  • Ahmad Jarara
  • Ludovic Courtès
Owner
unassigned
Submitted by
Ahmad Jarara
Severity
normal
A
A
Ahmad Jarara wrote on 5 Nov 2021 19:24
(address . guix-patches@gnu.org)
cae65d60-67c5-4484-b2b2-707e6dbc188e@www.fastmail.com
* gnu/packages/compression.scm (libcbor): New variable.
* gnu/packages/security-token.scm (libfido2): New variable.
* gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys
Attachment: file
A
A
Ahmad Jarara wrote on 5 Nov 2021 19:28
[PATCH 1/3] gnu: Add libcbor 0.8.0
(address . 51618@debbugs.gnu.org)
5df39120-9f22-4b86-90f9-f2f6f8d827bd@www.fastmail.com

Attachment: file
From 0cec908a97f2ce538d0dbf62fc8c43e05a2907a5 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 12:42:05 -0400
Subject: [PATCH 1/3] gnu: Add libcbor 0.8.0

* gnu/packages/compression.scm (libcbor): New variable.
---
gnu/packages/compression.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (45 lines)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 3098230bd5..2729aaaa60 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -2730,3 +2730,36 @@ (define-public tarlz
tar tools like GNU tar, which treat it like any other tar.lz archive. Tarlz
can append files to the end of such compressed archives.")
(license license:gpl2+)))
+
+(define-public libcbor
+ (package
+ (name "libcbor")
+ (version "0.8.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/PJK/libcbor")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256 (base32 "01dv4vxcmbvpphqy16vqiwh25wx11x630js5wfnx7cryarsh9ld7"))))
+ (build-system cmake-build-system)
+ (arguments
+ '(#:configure-flags
+ (let* ((out (assoc-ref %outputs "out"))
+ (lib (string-append out "/lib")))
+ (list
+ "-DCMAKE_BUILD_TYPE=Release"
+ "-DBUILD_SHARED_LIBS=ON"
+ "-DCBOR_CUSTOM_ALLOC=ON"
+ (string-append "-DCMAKE_INSTALL_LIBDIR=" lib)
+ (string-append "-DCMAKE_INSTALL_RPATH=" lib)))))
+ (synopsis "The C library for parsing and generating CBOR")
+ (description
+ "The Concise Binary Object Representation (CBOR) is a data format whose
+design goals include the possibility of extremely small code size, fairly
+small message size, and extensibility without the need for version
+negotiation. These design goals make it different from earlier binary
+serializations such as ASN.1 and MessagePack.")
+ (license license:expat)
+ (home-page "https://github.com/PJK/libcbor")))

base-commit: 1ffc0a6be3c1613b2d99ceea098174d1f11f6f3f
--
2.33.1
A
A
Ahmad Jarara wrote on 5 Nov 2021 19:28
[PATCH 2/3] gnu: Add libfido2 1.9.0
(address . 51618@debbugs.gnu.org)
37cea710-db0c-4e7b-b77c-29528a26ac19@www.fastmail.com

Attachment: file
From 6696c5325bb96e7fa08318ed7a5ec5cdb5912703 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 13:59:27 -0400
Subject: [PATCH 2/3] gnu: Add libfido2 1.9.0

* gnu/packages/security-token.scm (libfido2): New variable.
---
gnu/packages/security-token.scm | 34 +++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)

Toggle diff (51 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index e006b4cf25..2dc62674b7 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -44,6 +44,7 @@ (define-module (gnu packages security-token)
#:use-module (gnu packages base)
#:use-module (gnu packages curl)
#:use-module (gnu packages check)
+ #:use-module (gnu packages compression)
#:use-module (gnu packages crates-io)
#:use-module (gnu packages docbook)
#:use-module (gnu packages documentation)
@@ -776,3 +777,36 @@ (define-public ausweisapp2
titles. To use this app, a supported RFID card reader or NFC-enabled smart
phone is required.")
(license license:eupl1.2)))
+
+(define-public libfido2
+ (package
+ (name "libfido2")
+ (version "1.9.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "git://github.com/Yubico/libfido2")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256 (base32 "12zy4cnlcffcb64lsx8198y09j1dwi0bcn9rr82q6i1k950yzd3p"))))
+ (native-inputs `(("pkg-config" ,pkg-config)))
+ (inputs
+ `(("zlib" ,zlib)
+ ("udev" ,eudev)
+ ("libcbor" ,libcbor)
+ ("openssl" ,openssl)))
+ (build-system cmake-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ ;; regress tests enabled only for debug builds
+ (delete 'check))))
+ (synopsis "Library functionality and command-line tools for FIDO devices")
+ (description "libfido2 provides library functionality and command-line
+tools to communicate with a FIDO device over USB, and to verify attestation
+and assertion signatures.
+
+libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.")
+ (license license:bsd-2)
+ (home-page "https://github.com/Yubico/libfido2")))
--
2.33.1
A
A
Ahmad Jarara wrote on 5 Nov 2021 19:29
[PATCH 3/3] gnu: Add support for ecdsa-sk, ed25519-sk ssh keys
(address . 51618@debbugs.gnu.org)
fa0475c0-1696-4e36-b9b3-fe80f60f1d46@www.fastmail.com

Attachment: file
From 461ade27b8dd175c175e333b8d11b6e8a9a70a19 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 14:12:56 -0400
Subject: [PATCH 3/3] gnu: Add support for ecdsa-sk, ed25519-sk ssh keys

* gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys
---
gnu/packages/ssh.scm | 5 +++++
1 file changed, 5 insertions(+)

Toggle diff (32 lines)
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 4e217888fd..c0d7a6debc 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -63,6 +63,7 @@ (define-module (gnu packages ssh)
#:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages readline)
+ #:use-module (gnu packages security-token)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tls)
#:use-module (gnu packages xorg)
@@ -199,6 +200,7 @@ (define-public openssh
(native-inputs `(("groff" ,groff)
("pkg-config" ,pkg-config)))
(inputs `(("libedit" ,libedit)
+ ("libfido2" ,libfido2)
("openssl" ,openssl)
,@(if (hurd-target?)
'()
@@ -229,6 +231,9 @@ (define-public openssh
'()
'("--with-pam"))
+ ;; supports creation and use of ecdsa-sk, ed25519-sk keys
+ "--with-security-key-builtin"
+
;; "make install" runs "install -s" by default,
;; which doesn't work for cross-compiled binaries
;; because it invokes 'strip' instead of
--
2.33.1
L
L
Ludovic Courtès wrote on 1 Dec 2021 17:38
Re: bug#51618: [patch] Add support for ecdsa-sk, ed25519-sk ssh keys
(name . Ahmad Jarara)(address . ajarara@fastmail.com)(address . 51618-done@debbugs.gnu.org)
87lf141dra.fsf@gnu.org
Hi,

"Ahmad Jarara" <ajarara@fastmail.com> skribis:

Toggle quote (4 lines)
> * gnu/packages/compression.scm (libcbor): New variable.
> * gnu/packages/security-token.scm (libfido2): New variable.
> * gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys

Applied all three patches (I tweaked the commit message of the last one
to specify modified inputs etc.). I added a copyright line for you,
lemme know if I got it wrong.

Thanks!

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 51618@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 51618
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch