On Thu, 5 Mar 2020, Reza Tavakoli wrote: > Hello, > > I'm helping the Git for windows team and contributing in git-for-windows > repository to help expand the OpenSSH support for fido2 devices on Windows. > Currently we are using your internal implementation(sk-usbhic.c) however > since Windows 10 version 1903 this requires administrator privileges. > > I'm trying to create a module for OpenSSH to use webauthn.dll instead of > direct calling to libfido2 to eliminate the need for administrator > privileges > I noticed that in ssh-sk.c in function sshsk_sign you hash the input data > before passing it to external module sk_sign function. The problem is, > Windows API automatically hash the input before sending it to fido device, > so I need to receive the data without hashing to be able to use this or > else the data will be hashed two times and verification will fail. > > May I suggest that you do this part inside sk_sign command so the module > using your sk-api.h interface can do this if it's needed? That sounds reasonable - do you have a patch you can share? We'd need to increase the SSH_SK_VERSION_MAJOR, but we'll probably do that before the next release anyway. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
