Re: GSoC Project: Integrating FIDO/U2F key support in libssh

[Diego Roux <diegoroux04@xxxxxxxxxxxxxx>]

Hi,

On Thursday, 28 March 2024 at 12:53, Jakub Jelen <jjelen@xxxxxxxxxx> wrote:

> So far we were planning to approach the testing the same way the
> OpenSSH developers did, but we are open to your suggestion if there is a
> reasonable implementation of virtual FIDO devices.

Oh, I can see where I caused some confusion, I meant the virtual devices as
part of my experience with FIDO/U2F. My primary focus is bringing support for
the physical CTAP1 and CTAP2 devices. However, I wouldn't mind exploring
that possibility, some password managers are picking up with virtual
FIDO devices, although I don't know if they present themselves as 'USB
devices' (as they should, better thing to do for everyone).

> I think this will need some more work, but lets discuss in the MR itself.

Yeah, no worries, I'll check it out, thanks for the feedback.

Brief proposal:
1. First month (Bonding Period):
   - Get to know the libssh ecosystem.
   - Design of the API, refining it with feedback (community/mentor)
   - Design of the FIDO 'driver', same as before.
   - Dealing with FIDO specifics (CBOR, etc)
2. Second month (1° coding one):
   - Getting ready (FIDO specifics, if needed).
   - Handling & communicating with FIDO devices (implementing CTAP).
   - Set up basic testing to ensure we're conforming with the
     CTAP spec.
   - Document everything.
3. Third month:
   - Finish up the CTAP implementation (FIDO driver), if not done yet.
   - Start with libssh integration, i.e, define the    
     abstraction layer that libssh will use.
4. Fourth month:
   - Finish the abstraction layer.
   - Document everything.
   - Write tests to ensure correctness.
   - Testing against servers with FIDO authn.

Roux