Re: Fwd: sk-api suggestions

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, 5 Mar 2020, Reza Tavakoli wrote:

> Hello,
> 
> I'm helping the Git for windows team and contributing in git-for-windows
> repository to help expand the OpenSSH support for fido2 devices on Windows.
> Currently we are using your internal implementation(sk-usbhic.c) however
> since Windows 10 version 1903 this requires administrator privileges.
> 
> I'm trying to create a module for OpenSSH to use webauthn.dll instead of
> direct calling to libfido2 to eliminate the need for administrator
> privileges
> I noticed that in ssh-sk.c in function sshsk_sign you hash the input data
> before passing it to external module sk_sign function. The problem is,
> Windows API automatically hash the input before sending it to fido device,
> so I need to receive the data without hashing to be able to use this or
> else the data will be hashed two times and verification will fail.
> 
> May I suggest that you do this part inside sk_sign command so the module
> using your sk-api.h interface can do this if it's needed?

That sounds reasonable - do you have a patch you can share? We'd need to
increase the SSH_SK_VERSION_MAJOR, but we'll probably do that before the
next release anyway.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux