Re: Fwd: sk-api suggestions

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Here is the patch I've used.
I've also changed sk-dummy.c but seems like I can't invoke it properly(no
test fail in any case).
So far with these changes everything is working fine(I SSHed to myself with
both internal implementation and my custom module)

On Fri, Mar 6, 2020 at 2:50 AM Damien Miller <djm@xxxxxxxxxxx> wrote:

> On Thu, 5 Mar 2020, Reza Tavakoli wrote:
>
> > Hello,
> >
> > I'm helping the Git for windows team and contributing in git-for-windows
> > repository to help expand the OpenSSH support for fido2 devices on
> Windows.
> > Currently we are using your internal implementation(sk-usbhic.c) however
> > since Windows 10 version 1903 this requires administrator privileges.
> >
> > I'm trying to create a module for OpenSSH to use webauthn.dll instead of
> > direct calling to libfido2 to eliminate the need for administrator
> > privileges
> > I noticed that in ssh-sk.c in function sshsk_sign you hash the input data
> > before passing it to external module sk_sign function. The problem is,
> > Windows API automatically hash the input before sending it to fido
> device,
> > so I need to receive the data without hashing to be able to use this or
> > else the data will be hashed two times and verification will fail.
> >
> > May I suggest that you do this part inside sk_sign command so the module
> > using your sk-api.h interface can do this if it's needed?
>
> That sounds reasonable - do you have a patch you can share? We'd need to
> increase the SSH_SK_VERSION_MAJOR, but we'll probably do that before the
> next release anyway.
>
> -d
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux