Browse Source

Merge pull request #14415 from linosgian/openssh_add_fido2_support

openssh: Add FIDO2 hardware token support
lilik-openwrt-22.03
Rosen Penev 4 years ago
committed by GitHub
parent
commit
8ede7162e5
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 123 additions and 4 deletions
  1. +47
    -0
      libs/libcbor/Makefile
  2. +51
    -0
      libs/libfido2/Makefile
  3. +12
    -0
      net/openssh/Config.in
  4. +13
    -4
      net/openssh/Makefile

+ 47
- 0
libs/libcbor/Makefile View File

@ -0,0 +1,47 @@
#
# Copyright (C) 2020 Linos Giannopoulos
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=libcbor
PKG_VERSION:=0.8.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/PJK/libcbor/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=618097166ea4a54499646998ccaa949a5816e6a665cf1d6df383690895217c8b
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Linos Giannopoulos <linosgian00+openwrt@gmail.com>
CMAKE_OPTIONS += \
-DBUILD_SHARED_LIBS=ON
CMAKE_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/libcbor
SECTION:=libs
CATEGORY:=Libraries
TITLE:=libcbor
URL:=https://github.com/PJK/libcbor
ABI_VERSION:=0
endef
define Package/libcbor/description
libcbor is a C library for parsing and generating CBOR, the general-purpose schema-less binary data format.
endef
define Package/libcbor/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcbor.so.* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libcbor))

+ 51
- 0
libs/libfido2/Makefile View File

@ -0,0 +1,51 @@
#
# Copyright (C) 2020 Linos Giannopoulos
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=libfido2
PKG_VERSION:=1.6.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/Yubico/libfido2/tar.gz/$(PKG_VERSION)?
PKG_HASH:=6aed47aafd22be49c38f9281fb88ccd08c98678d9b8c39cdc87d1bb3ea2c63e4
PKG_FORTIFY_SOURCE:=0
CMAKE_INSTALL:=1
TARGET_CFLAGS += -Wno-error=overflow -Wno-error=sign-conversion
PKG_MAINTAINER:=Linos Giannopoulos <linosgian00+openwrt@gmail.com>
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/libfido2
SECTION:=libs
CATEGORY:=Libraries
TITLE:=FIDO2 Library
URL:=https://github.com/Yubico/libfido2
ABI_VERSION:=1
DEPENDS += +libcbor +libopenssl +libudev
endef
define Package/libfido2/description
libfido2 provides library functionality and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
endef
define Package/libfido2/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfido2.so.* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libfido2))

+ 12
- 0
net/openssh/Config.in View File

@ -0,0 +1,12 @@
if PACKAGE_openssh-server
config OPENSSH_LIBFIDO2
bool
default y
prompt "Include libfido2 support in openssh-server"
help
OpenSSH version 8.2 added two new ssh authentication methods,
namely `ecdsa_sk` and `ed25519_sk`. These two methods make use
of hardware keys that implement the FIDO and FIDO2 protocols.
In order to use these two types, libfido2 is required.
endif

+ 13
- 4
net/openssh/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openssh
PKG_VERSION:=8.4p1
PKG_RELEASE:=3
PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
@ -21,6 +21,10 @@ PKG_LICENSE_FILES:=LICENCE
PKG_CPE_ID:=cpe:/a:openssh:openssh
PKG_REMOVE_FILES:=
PKG_CONFIG_DEPENDS := \
CONFIG_OPENSSH_LIBFIDO2
PKG_BUILD_DEPENDS += OPENSSH_LIBFIDO2:libfido2
include $(INCLUDE_DIR)/package.mk
@ -82,11 +86,15 @@ endef
define Package/openssh-server
$(call Package/openssh/Default)
DEPENDS+= +openssh-keygen
DEPENDS+= +openssh-keygen +OPENSSH_LIBFIDO2:libfido2
TITLE+= server
USERID:=sshd=22:sshd=22
endef
define Package/openssh-server/config
source "$(SOURCE)/Config.in"
endef
define Package/openssh-server/description
OpenSSH server.
endef
@ -164,8 +172,9 @@ CONFIGURE_ARGS += \
--without-bsd-auth \
--without-kerberos5 \
--with-stackprotect \
--with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine
--with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \
--with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin
ifeq ($(BUILD_VARIANT),with-pam)
CONFIGURE_ARGS += \
--with-pam


Loading…
Cancel
Save