Thanks - this seems perfectly reasonable. I'll queue this for a bit as I think it's fairly likely that we'll make some other changes that will require an API break, and I'd like to do them all at once. -d On Mon, 9 Mar 2020, Reza Tavakoli wrote: > Here is the patch I've used. > I've also changed sk-dummy.c but seems like I can't invoke it properly(no > test fail in any case).So far with these changes everything is working > fine(I SSHed to myself with both internal implementation and my custom > module) > > On Fri, Mar 6, 2020 at 2:50 AM Damien Miller <djm@xxxxxxxxxxx> wrote: > On Thu, 5 Mar 2020, Reza Tavakoli wrote: > > > Hello, > > > > I'm helping the Git for windows team and contributing in > git-for-windows > > repository to help expand the OpenSSH support for fido2 > devices on Windows. > > Currently we are using your internal > implementation(sk-usbhic.c) however > > since Windows 10 version 1903 this requires administrator > privileges. > > > > I'm trying to create a module for OpenSSH to use webauthn.dll > instead of > > direct calling to libfido2 to eliminate the need for > administrator > > privileges > > I noticed that in ssh-sk.c in function sshsk_sign you hash the > input data > > before passing it to external module sk_sign function. The > problem is, > > Windows API automatically hash the input before sending it to > fido device, > > so I need to receive the data without hashing to be able to > use this or > > else the data will be hashed two times and verification will > fail. > > > > May I suggest that you do this part inside sk_sign command so > the module > > using your sk-api.h interface can do this if it's needed? > > That sounds reasonable - do you have a patch you can share? We'd > need to > increase the SSH_SK_VERSION_MAJOR, but we'll probably do that > before the > next release anyway. > > -d > > > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
