Add libfido2 to the build

From https://github.com/Yubico/libfido2: libfido2 provides library functionality and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures. libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols. libfido2 will be used by ssh to support FIDO/U2F keys. It is currently intended only for use by ssh, and so is installed as a PRIVATELIB and is placed in the ssh pkgbase package. This is currently disabled for the 32-bit library build as libfido2 is not compatible with the COMPAT_32BIT hack in usb_ioctl.h. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32448
2024-07-21 18:27:22 +00:00 · 2021-10-06 21:52:05 -04:00 · 2021-10-06 21:52:05 -04:00 · 7b1e19ad78
parent 362c6d8dec
commit 7b1e19ad78
4 changed files with 80 additions and 1 deletions
--- a/lib/Makefile
+++ b/lib/Makefile
@ -216,7 +216,7 @@ SUBDIR.${MK_BHYVE}+=	libvmmapi
 SUBDIR.${MK_OPENMP}+=	libomp
 .endif
 .if !defined(COMPAT_32BIT)
-SUBDIR.${MK_OPENSSH}+=	libcbor
+SUBDIR.${MK_OPENSSH}+=	libcbor libfido2
 .endif
 SUBDIR.${MK_OPENSSL}+=	libmp
 SUBDIR.${MK_PF}+=	libpfctl
--- a/lib/libfido2/Makefile
+++ b/lib/libfido2/Makefile
@ -0,0 +1,73 @@
+PACKAGE=ssh
+LIB=	fido2
+PRIVATELIB=
+DIST=	${SRCTOP}/contrib/libfido2
+
+.PATH:	${DIST}/src ${DIST}
+
+SRCS+=	aes256.c
+SRCS+=	assert.c
+SRCS+=	authkey.c
+SRCS+=	bio.c
+SRCS+=	blob.c
+SRCS+=	buf.c
+SRCS+=	cbor.c
+SRCS+=	compress.c
+SRCS+=	config.c
+SRCS+=	cred.c
+SRCS+=	credman.c
+SRCS+=	dev.c
+SRCS+=	ecdh.c
+SRCS+=	eddsa.c
+SRCS+=	err.c
+SRCS+=	es256.c
+SRCS+=	hid_freebsd.c
+SRCS+=	hid_unix.c
+SRCS+=	hid.c
+SRCS+=	info.c
+SRCS+=	io.c
+SRCS+=	iso7816.c
+SRCS+=	largeblob.c
+SRCS+=	log.c
+SRCS+=	pin.c
+SRCS+=	random.c
+SRCS+=	reset.c
+SRCS+=	rs256.c
+SRCS+=	u2f.c
+
+SRCS+=	openbsd-compat/freezero.c
+SRCS+=	openbsd-compat/recallocarray.c
+
+CFLAGS+= -I ${DIST}/src -I${SRCTOP}/contrib/libcbor/src -I${.CURDIR}/../libcbor
+CFLAGS+= -D_FIDO_INTERNAL
+CFLAGS+= -DHAVE_ARC4RANDOM_BUF
+CFLAGS+= -DHAVE_CLOCK_GETTIME
+CFLAGS+= -DHAVE_DEV_URANDOM
+CFLAGS+= -DHAVE_ERR_H
+CFLAGS+= -DHAVE_EXPLICIT_BZERO
+CFLAGS+= -DHAVE_GETLINE
+CFLAGS+= -DHAVE_GETOPT
+CFLAGS+= -DHAVE_GETPAGESIZE
+CFLAGS+= -DHAVE_GETRANDOM
+CFLAGS+= -DHAVE_OPENSSLV_H
+CFLAGS+= -DHAVE_READPASSPHRASE
+CFLAGS+= -DHAVE_SIGNAL_H
+CFLAGS+= -DHAVE_STRLCAT
+CFLAGS+= -DHAVE_STRLCPY
+CFLAGS+= -DHAVE_STRSEP
+CFLAGS+= -DHAVE_SYSCONF
+CFLAGS+= -DHAVE_SYS_RANDOM_H
+CFLAGS+= -DHAVE_TIMESPECSUB
+CFLAGS+= -DHAVE_TIMINGSAFE_BCMP
+CFLAGS+= -DHAVE_UNISTD_H
+CFLAGS+= -DTLS=__thread
+CFLAGS+= -D_FIDO_MAJOR=1
+CFLAGS+= -D_FIDO_MINOR=9
+CFLAGS+= -D_FIDO_PATCH=0
+
+LIBADD=	crypto z
+
+WARNS=2
+MAN=
+
+.include <bsd.lib.mk>
--- a/share/mk/src.libnames.mk
+++ b/share/mk/src.libnames.mk
@ -20,6 +20,7 @@ _PRIVATELIBS=	\
 		cbor \
 		devdctl \
 		event1 \
+		fido2 \
 		gmock \
 		gtest \
 		gmock_main \
@ -339,6 +340,7 @@ _DP_pam=	radius tacplus opie md util
 _DP_pam+=	krb5
 .endif
 .if ${MK_OPENSSH} != "no"
+_DP_fido2+=	crypto z
 _DP_pam+=	ssh
 .endif
 .if ${MK_NIS} != "no"
@ -690,6 +692,7 @@ LIBCAP_SYSCTLDIR=	${OBJTOP}/lib/libcasper/services/cap_sysctl
 LIBCAP_SYSLOGDIR=	${OBJTOP}/lib/libcasper/services/cap_syslog
 LIBCBORDIR=	${OBJTOP}/lib/libcbor
 LIBBSDXMLDIR=	${OBJTOP}/lib/libexpat
+LIBFIDO2DIR=	${OBJTOP}/lib/libfido2
 LIBKVMDIR=	${OBJTOP}/lib/libkvm
 LIBPTHREADDIR=	${OBJTOP}/lib/libthr
 LIBMDIR=	${OBJTOP}/lib/msun
--- a/tools/build/mk/OptionalObsoleteFiles.inc
+++ b/tools/build/mk/OptionalObsoleteFiles.inc
@ -7124,6 +7124,9 @@ OLD_FILES+=usr/bin/ssh-keyscan
 OLD_FILES+=usr/lib/libprivatecbor.a
 OLD_FILES+=usr/lib/libprivatecbor.so
 OLD_LIBS+=usr/lib/libprivatecbor.so.5
+OLD_FILES+=/usr/lib/libprivatefido2.a
+OLD_FILES+=/usr/lib/libprivatefido2.so
+OLD_LIBS+=/usr/lib/libprivatefido2.so.5
 OLD_FILES+=usr/lib/pam_ssh.so
 OLD_LIBS+=usr/lib/pam_ssh.so.6
 OLD_FILES+=usr/lib/libprivatessh.a