Add make target for standalone sk-libfido2

author Jeremy Stott <jeremy@stott.co.nz>

Fri, 18 Oct 2024 23:10:52 +0000 (12:10 +1300)

committer Damien Miller <djm@mindrot.org>

Thu, 28 Nov 2024 16:15:49 +0000 (03:15 +1100)
author Jeremy Stott <jeremy@stott.co.nz>
Fri, 18 Oct 2024 23:10:52 +0000 (12:10 +1300)
committer Damien Miller <djm@mindrot.org>
Thu, 28 Nov 2024 16:15:49 +0000 (03:15 +1100)
diff --git a/.github/configs b/.github/configs

index 376398a5b208b79bd5ec2c04cc7b4c7acbdf7a88..3cdcfeac71b58a3b932fe80088cf02e545fee3b9 100755 (executable)
--- a/.github/configs
+++ b/.github/configs
@@ -181,7 +181,7 @@ case "$config" in
         CONFIGFLAGS="--with-selinux"
         ;;
      sk)
-       CONFIGFLAGS="--with-security-key-builtin"
+       CONFIGFLAGS="--with-security-key-builtin --with-security-key-standalone"
          ;;
      without-openssl)
         LIBCRYPTOFLAGS="--without-openssl"
diff --git a/.gitignore b/.gitignore

index c9d4166a739879865749ff95649028be07114c74..363df5b4a1c03cc2fb11eaf310b8797bb08e58b4 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,8 @@ survey.sh
  **/*.o
  **/*.lo
  **/*.so
+**/*.dylib
+**/*.dll
  **/*.out
  **/*.a
  **/*.un~
diff --git a/Makefile.in b/Makefile.in

index 43cc2c3859c60ad076b8d5e2c3bd28eacb0307fa..389e5d9cb7aa3ae15ef9c3f335b5b11b91f1033a 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -33,6 +33,7 @@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
  STRIP_OPT=@STRIP_OPT@
  TEST_SHELL=@TEST_SHELL@
  BUILDDIR=@abs_top_builddir@
+SK_STANDALONE=@SK_STANDALONE@
  
  PATHS= -DSSHDIR=\"$(sysconfdir)\" \
         -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
@@ -73,7 +74,7 @@ MKDIR_P=@MKDIR_P@
  
  .SUFFIXES: .lo
  
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) sshd-auth$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) sshd-auth$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) $(SK_STANDALONE)
  
  XMSS_OBJS=\
         ssh-xmss.o \
@@ -272,6 +273,16 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
  logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
         $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
  
+# compile libssh objects with -fPIC for use in the sk_libfido2 shared library
+LIBSSH_PIC_OBJS=$(LIBSSH_OBJS:.o=.lo)
+libssh-pic.a: $(LIBSSH_PIC_OBJS)
+       $(AR) rv $@ $(LIBSSH_PIC_OBJS)
+       $(RANLIB) $@
+
+$(SK_STANDALONE): sk-usbhid.c $(LIBCOMPAT) libssh-pic.a
+       $(CC) -o $@ -shared $(CFLAGS_NOPIE) $(CPPFLAGS) -DSK_STANDALONE $(PICFLAG) sk-usbhid.c \
+       libssh-pic.a $(LDFLAGS_NOPIE) -lopenbsd-compat $(LIBS) $(LIBFIDO2) $(CHANNELLIBS)
+
  $(MANPAGES): $(MANPAGES_IN)
         if test "$(MANTYPE)" = "cat"; then \
                 manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \
diff --git a/configure.ac b/configure.ac

index 4e0539fa27e5e97a8b156d54b4f5734bb1ec63c5..3728187c433572fbafad57a4eb828d25df1f82c5 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -614,6 +614,9 @@ SPP_MSG="no"
  # the --with-solaris-privs option and --with-sandbox=solaris).
  SOLARIS_PRIVS="no"
  
+# Default shared library extension
+SHLIBEXT=".so"
+
  # Check for some target-specific stuff
  case "$host" in
  *-*-aix*)
@@ -732,6 +735,7 @@ case "$host" in
         # Cygwin defines optargs, optargs as declspec(dllimport) for historical
         # reasons which cause compile warnings, so we disable those warnings.
         OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
+       SHLIBEXT=".dll"
         ;;
  *-*-dgux*)
         AC_DEFINE([IP_TOS_IS_BROKEN], [1],
@@ -791,6 +795,7 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         # cf. Apple bug 3710161 (not public, but searchable)
         AC_DEFINE([BROKEN_POLL], [1],
             [System poll(2) implementation is broken])
+       SHLIBEXT=".dylib"
         ;;
  *-*-dragonfly*)
         SSHDLIBS="$SSHDLIBS"
@@ -2079,6 +2084,12 @@ AC_ARG_WITH([security-key-builtin],
         [ enable_sk_internal=$withval ]
  )
  
+enable_sk_standalone=
+AC_ARG_WITH([security-key-standalone],
+       [  --with-security-key-standalone build standalone sk-libfido2 SecurityKeyProvider],
+       [ enable_sk_standalone=$withval ]
+)
+
  enable_dsa=
  AC_ARG_ENABLE([dsa-keys],
         [  --enable-dsa-keys       enable DSA key support [no]],
@@ -3316,6 +3327,16 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
         fi
  fi
  
+# Check for standalone SecurityKeyProvider
+AC_MSG_CHECKING([whether to build standlone sk-libfido2])
+if test "x$enable_sk_standalone" = "xyes" ; then
+       AC_MSG_RESULT([yes])
+       AC_SUBST([SK_STANDALONE], [sk-libfido2$SHLIBEXT])
+else
+       AC_MSG_RESULT([no])
+       AC_SUBST([SK_STANDALONE], [""])
+fi
+
  AC_CHECK_FUNCS([ \
         arc4random \
         arc4random_buf \
diff --git a/sk-usbhid.c b/sk-usbhid.c

index 812b28d83e922866c923d31a2c6ad81b9a041d67..36f089a57197e4a8b0c16cefa1d831a2942719d7 100644 (file)
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -77,10 +77,11 @@
  #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0
  #endif
  
+# include "misc.h"
+
  #ifndef SK_STANDALONE
  # include "log.h"
  # include "xmalloc.h"
-# include "misc.h"
  /*
   * If building as part of OpenSSH, then rename exported functions.
   * This must be done before including sk-api.h.
author	Jeremy Stott <jeremy@stott.co.nz>
	Fri, 18 Oct 2024 23:10:52 +0000 (12:10 +1300)
committer	Damien Miller <djm@mindrot.org>
	Thu, 28 Nov 2024 16:15:49 +0000 (03:15 +1100)
.github/configs		patch \| blob \| blame \| history
.gitignore		patch \| blob \| blame \| history
Makefile.in		patch \| blob \| blame \| history
configure.ac		patch \| blob \| blame \| history
sk-usbhid.c		patch \| blob \| blame \| history