[bug#51618] [patch] Add support for ecdsa-sk, ed25519-sk ssh keys

[bug#51618] [patch] Add support for ecdsa-sk, ed25519-sk ssh keys

[Ahmad Jarara]

[-- Attachment #1: Type: text/plain, Size: 196 bytes --]

* gnu/packages/compression.scm (libcbor): New variable.
* gnu/packages/security-token.scm (libfido2): New variable.
* gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys

[-- Attachment #2: Type: text/html, Size: 385 bytes --]

[bug#51618] [PATCH 1/3] gnu: Add libcbor 0.8.0

[Ahmad Jarara]

[-- Attachment #1.1: Type: text/plain, Size: 0 bytes --]



[-- Attachment #1.2: Type: text/html, Size: 151 bytes --]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-Add-libcbor-0.8.0.patch --]
[-- Type: text/x-patch; name="0001-gnu-Add-libcbor-0.8.0.patch", Size: 2143 bytes --]

From 0cec908a97f2ce538d0dbf62fc8c43e05a2907a5 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 12:42:05 -0400
Subject: [PATCH 1/3] gnu: Add libcbor 0.8.0

* gnu/packages/compression.scm (libcbor): New variable.
---
 gnu/packages/compression.scm | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 3098230bd5..2729aaaa60 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -2730,3 +2730,36 @@ (define-public tarlz
 tar tools like GNU tar, which treat it like any other tar.lz archive.  Tarlz
 can append files to the end of such compressed archives.")
     (license license:gpl2+)))
+
+(define-public libcbor
+  (package
+    (name "libcbor")
+    (version "0.8.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/PJK/libcbor")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256 (base32 "01dv4vxcmbvpphqy16vqiwh25wx11x630js5wfnx7cryarsh9ld7"))))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:configure-flags
+       (let* ((out (assoc-ref %outputs "out"))
+              (lib (string-append out "/lib")))
+         (list
+          "-DCMAKE_BUILD_TYPE=Release"
+          "-DBUILD_SHARED_LIBS=ON"
+          "-DCBOR_CUSTOM_ALLOC=ON"
+          (string-append "-DCMAKE_INSTALL_LIBDIR=" lib)
+          (string-append "-DCMAKE_INSTALL_RPATH=" lib)))))
+    (synopsis "The C library for parsing and generating CBOR")
+    (description
+     "The Concise Binary Object Representation (CBOR) is a data format whose
+design goals include the possibility of extremely small code size, fairly
+small message size, and extensibility without the need for version
+negotiation.  These design goals make it different from earlier binary
+serializations such as ASN.1 and MessagePack.")
+    (license license:expat)
+    (home-page "https://github.com/PJK/libcbor")))

base-commit: 1ffc0a6be3c1613b2d99ceea098174d1f11f6f3f
-- 
2.33.1

[bug#51618] [PATCH 2/3] gnu: Add libfido2 1.9.0

[Ahmad Jarara]

[-- Attachment #1.1: Type: text/plain, Size: 0 bytes --]



[-- Attachment #1.2: Type: text/html, Size: 151 bytes --]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0002-gnu-Add-libfido2-1.9.0.patch --]
[-- Type: text/x-patch; name="0002-gnu-Add-libfido2-1.9.0.patch", Size: 2263 bytes --]

From 6696c5325bb96e7fa08318ed7a5ec5cdb5912703 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 13:59:27 -0400
Subject: [PATCH 2/3] gnu: Add libfido2 1.9.0

* gnu/packages/security-token.scm (libfido2): New variable.
---
 gnu/packages/security-token.scm | 34 +++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index e006b4cf25..2dc62674b7 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -44,6 +44,7 @@ (define-module (gnu packages security-token)
   #:use-module (gnu packages base)
   #:use-module (gnu packages curl)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages crates-io)
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages documentation)
@@ -776,3 +777,36 @@ (define-public ausweisapp2
 titles.  To use this app, a supported RFID card reader or NFC-enabled smart
 phone is required.")
     (license license:eupl1.2)))
+
+(define-public libfido2
+  (package
+    (name "libfido2")
+    (version "1.9.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "git://github.com/Yubico/libfido2")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256 (base32 "12zy4cnlcffcb64lsx8198y09j1dwi0bcn9rr82q6i1k950yzd3p"))))
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("zlib" ,zlib)
+       ("udev" ,eudev)
+       ("libcbor" ,libcbor)
+       ("openssl" ,openssl)))
+    (build-system cmake-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         ;; regress tests enabled only for debug builds
+         (delete 'check))))
+    (synopsis "Library functionality and command-line tools for FIDO devices")
+    (description "libfido2 provides library functionality and command-line
+tools to communicate with a FIDO device over USB, and to verify attestation
+and assertion signatures.
+
+libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.")
+    (license license:bsd-2)
+    (home-page "https://github.com/Yubico/libfido2")))
-- 
2.33.1

[bug#51618] [PATCH 3/3] gnu: Add support for ecdsa-sk, ed25519-sk ssh keys

[Ahmad Jarara]

[-- Attachment #1.1: Type: text/plain, Size: 0 bytes --]



[-- Attachment #1.2: Type: text/html, Size: 151 bytes --]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0003-gnu-Add-support-for-ecdsa-sk-ed25519-sk-ssh-keys.patch --]
[-- Type: text/x-patch; name="0003-gnu-Add-support-for-ecdsa-sk-ed25519-sk-ssh-keys.patch", Size: 1647 bytes --]

From 461ade27b8dd175c175e333b8d11b6e8a9a70a19 Mon Sep 17 00:00:00 2001
From: Ahmad Jarara <git@ajarara.io>
Date: Fri, 5 Nov 2021 14:12:56 -0400
Subject: [PATCH 3/3] gnu: Add support for ecdsa-sk, ed25519-sk ssh keys

* gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys
---
 gnu/packages/ssh.scm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 4e217888fd..c0d7a6debc 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -63,6 +63,7 @@ (define-module (gnu packages ssh)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages security-token)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xorg)
@@ -199,6 +200,7 @@ (define-public openssh
    (native-inputs `(("groff" ,groff)
                     ("pkg-config" ,pkg-config)))
    (inputs `(("libedit" ,libedit)
+             ("libfido2" ,libfido2)
              ("openssl" ,openssl)
              ,@(if (hurd-target?)
                  '()
@@ -229,6 +231,9 @@ (define-public openssh
                                '()
                                '("--with-pam"))
 
+                          ;; supports creation and use of ecdsa-sk, ed25519-sk keys
+                          "--with-security-key-builtin"
+
                           ;; "make install" runs "install -s" by default,
                           ;; which doesn't work for cross-compiled binaries
                           ;; because it invokes 'strip' instead of
-- 
2.33.1

bug#51618: [patch] Add support for ecdsa-sk, ed25519-sk ssh keys

[Ludovic Courtès]

Hi,

"Ahmad Jarara" <ajarara@fastmail.com> skribis:

> * gnu/packages/compression.scm (libcbor): New variable.
> * gnu/packages/security-token.scm (libfido2): New variable.
> * gnu/packages/ssh.scm (openssh): Add support for ecdsa-sk, ed25519-sk ssh keys

Applied all three patches (I tweaked the commit message of the last one
to specify modified inputs etc.).  I added a copyright line for you,
lemme know if I got it wrong.

Thanks!

Ludo’.