[patch] Add support for ecdsa-sk, ed25519-sk ssh keys

DoneSubmitted by Ahmad Jarara.
Details
2 participants
  • Ahmad Jarara
  • Ludovic Courtès
Owner
unassigned
Severity
normal
A
A
Ahmad Jarara wrote on 5 Nov 2021 19:24
(address . guix-patches@gnu.org)
cae65d60-67c5-4484-b2b2-707e6dbc188e@www.fastmail.com
* gnu/packages/compression.scm (libcbor): New variable.
* gnu/packages/security-token.scm (libfido2): New variable.
* gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys
Attachment: file
A
A
Ahmad Jarara wrote on 5 Nov 2021 19:28
[PATCH 1/3] gnu: Add libcbor 0.8.0
(address . 51618@debbugs.gnu.org)
5df39120-9f22-4b86-90f9-f2f6f8d827bd@www.fastmail.com
Attachment: file
From 0cec908a97f2ce538d0dbf62fc8c43e05a2907a5 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 12:42:05 -0400
Subject: [PATCH 1/3] gnu: Add libcbor 0.8.0

* gnu/packages/compression.scm (libcbor): New variable.
---
gnu/packages/compression.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (45 lines)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 3098230bd5..2729aaaa60 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -2730,3 +2730,36 @@ (define-public tarlz
 tar tools like GNU tar, which treat it like any other tar.lz archive.  Tarlz
 can append files to the end of such compressed archives.")
     (license license:gpl2+)))
+
+(define-public libcbor
+  (package
+    (name "libcbor")
+    (version "0.8.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/PJK/libcbor")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256 (base32 "01dv4vxcmbvpphqy16vqiwh25wx11x630js5wfnx7cryarsh9ld7"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:configure-flags
+       (let* ((out (assoc-ref %outputs "out"))
+              (lib (string-append out "/lib")))
+         (list
+          "-DCMAKE_BUILD_TYPE=Release"
+          "-DBUILD_SHARED_LIBS=ON"
+          "-DCBOR_CUSTOM_ALLOC=ON"
+          (string-append "-DCMAKE_INSTALL_LIBDIR=" lib)
+          (string-append "-DCMAKE_INSTALL_RPATH=" lib)))))
+    (synopsis "The C library for parsing and generating CBOR")
+    (description
+     "The Concise Binary Object Representation (CBOR) is a data format whose
+design goals include the possibility of extremely small code size, fairly
+small message size, and extensibility without the need for version
+negotiation.  These design goals make it different from earlier binary
+serializations such as ASN.1 and MessagePack.")
+    (license license:expat)
+    (home-page "https://github.com/PJK/libcbor")))

base-commit: 1ffc0a6be3c1613b2d99ceea098174d1f11f6f3f
-- 
2.33.1
A
A
Ahmad Jarara wrote on 5 Nov 2021 19:28
[PATCH 2/3] gnu: Add libfido2 1.9.0
(address . 51618@debbugs.gnu.org)
37cea710-db0c-4e7b-b77c-29528a26ac19@www.fastmail.com
Attachment: file
From 6696c5325bb96e7fa08318ed7a5ec5cdb5912703 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 13:59:27 -0400
Subject: [PATCH 2/3] gnu: Add libfido2 1.9.0

* gnu/packages/security-token.scm (libfido2): New variable.
---
gnu/packages/security-token.scm | 34 +++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)

Toggle diff (51 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index e006b4cf25..2dc62674b7 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -44,6 +44,7 @@ (define-module (gnu packages security-token)
   #:use-module (gnu packages base)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages crates-io)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages documentation)
@@ -776,3 +777,36 @@ (define-public ausweisapp2
 titles.  To use this app, a supported RFID card reader or NFC-enabled smart
 phone is required.")
     (license license:eupl1.2)))
+
+(define-public libfido2
+  (package
+    (name "libfido2")
+    (version "1.9.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "git://github.com/Yubico/libfido2")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256 (base32 "12zy4cnlcffcb64lsx8198y09j1dwi0bcn9rr82q6i1k950yzd3p"))))
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("zlib" ,zlib)
+       ("udev" ,eudev)
+       ("libcbor" ,libcbor)
+       ("openssl" ,openssl)))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         ;; regress tests enabled only for debug builds
+         (delete 'check))))
+    (synopsis "Library functionality and command-line tools for FIDO devices")
+    (description "libfido2 provides library functionality and command-line
+tools to communicate with a FIDO device over USB, and to verify attestation
+and assertion signatures.
+
+libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.")
+    (license license:bsd-2)
+    (home-page "https://github.com/Yubico/libfido2")))
-- 
2.33.1
A
A
Ahmad Jarara wrote on 5 Nov 2021 19:29
[PATCH 3/3] gnu: Add support for ecdsa-sk, ed25519-sk ssh keys
(address . 51618@debbugs.gnu.org)
fa0475c0-1696-4e36-b9b3-fe80f60f1d46@www.fastmail.com
Attachment: file
From 461ade27b8dd175c175e333b8d11b6e8a9a70a19 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 14:12:56 -0400
Subject: [PATCH 3/3] gnu: Add support for ecdsa-sk, ed25519-sk ssh keys

* gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys
---
gnu/packages/ssh.scm | 5 +++++
1 file changed, 5 insertions(+)

Toggle diff (32 lines)
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 4e217888fd..c0d7a6debc 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -63,6 +63,7 @@ (define-module (gnu packages ssh)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages security-token)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xorg)
@@ -199,6 +200,7 @@ (define-public openssh
    (native-inputs `(("groff" ,groff)
                     ("pkg-config" ,pkg-config)))
    (inputs `(("libedit" ,libedit)
+             ("libfido2" ,libfido2)
              ("openssl" ,openssl)
              ,@(if (hurd-target?)
                  '()
@@ -229,6 +231,9 @@ (define-public openssh
                                '()
                                '("--with-pam"))
 
+                          ;; supports creation and use of ecdsa-sk, ed25519-sk keys
+                          "--with-security-key-builtin"
+
                           ;; "make install" runs "install -s" by default,
                           ;; which doesn't work for cross-compiled binaries
                           ;; because it invokes 'strip' instead of
-- 
2.33.1
L
L
Ludovic Courtès wrote on 1 Dec 2021 17:38
Re: bug#51618: [patch] Add support for ecdsa-sk, ed25519-sk ssh keys
(name . Ahmad Jarara)(address . ajarara@fastmail.com)(address . 51618-done@debbugs.gnu.org)
87lf141dra.fsf@gnu.org
Hi,

"Ahmad Jarara" <ajarara@fastmail.com> skribis:

Toggle quote (4 lines)
> * gnu/packages/compression.scm (libcbor): New variable.
> * gnu/packages/security-token.scm (libfido2): New variable.
> * gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys

Applied all three patches (I tweaked the commit message of the last one
to specify modified inputs etc.). I added a copyright line for you,
lemme know if I got it wrong.

Thanks!

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 51618@debbugs.gnu.org