Fwd: sk-api suggestions
Reza Tavakoli
rta.0070 at gmail.com
Tue Mar 10 06:41:31 AEDT 2020
Here is the patch I've used.
I've also changed sk-dummy.c but seems like I can't invoke it properly(no
test fail in any case).
So far with these changes everything is working fine(I SSHed to myself with
both internal implementation and my custom module)
On Fri, Mar 6, 2020 at 2:50 AM Damien Miller <djm at mindrot.org> wrote:
> On Thu, 5 Mar 2020, Reza Tavakoli wrote:
>
> > Hello,
> >
> > I'm helping the Git for windows team and contributing in git-for-windows
> > repository to help expand the OpenSSH support for fido2 devices on
> Windows.
> > Currently we are using your internal implementation(sk-usbhic.c) however
> > since Windows 10 version 1903 this requires administrator privileges.
> >
> > I'm trying to create a module for OpenSSH to use webauthn.dll instead of
> > direct calling to libfido2 to eliminate the need for administrator
> > privileges
> > I noticed that in ssh-sk.c in function sshsk_sign you hash the input data
> > before passing it to external module sk_sign function. The problem is,
> > Windows API automatically hash the input before sending it to fido
> device,
> > so I need to receive the data without hashing to be able to use this or
> > else the data will be hashed two times and verification will fail.
> >
> > May I suggest that you do this part inside sk_sign command so the module
> > using your sk-api.h interface can do this if it's needed?
>
> That sounds reasonable - do you have a patch you can share? We'd need to
> increase the SSH_SK_VERSION_MAJOR, but we'll probably do that before the
> next release anyway.
>
> -d
>
More information about the openssh-unix-dev
mailing list