On Fri, 6 Mar 2020, Damien Miller wrote: > On Thu, 5 Mar 2020, Reza Tavakoli wrote: > > > Hello, > > > > I'm helping the Git for windows team and contributing in git-for-windows > > repository to help expand the OpenSSH support for fido2 devices on Windows. > > Currently we are using your internal implementation(sk-usbhic.c) however > > since Windows 10 version 1903 this requires administrator privileges. > > > > I'm trying to create a module for OpenSSH to use webauthn.dll instead of > > direct calling to libfido2 to eliminate the need for administrator > > privileges > > I noticed that in ssh-sk.c in function sshsk_sign you hash the input data > > before passing it to external module sk_sign function. The problem is, > > Windows API automatically hash the input before sending it to fido device, > > so I need to receive the data without hashing to be able to use this or > > else the data will be hashed two times and verification will fail. > > > > May I suggest that you do this part inside sk_sign command so the module > > using your sk-api.h interface can do this if it's needed? > > That sounds reasonable - do you have a patch you can share? We'd need to > increase the SSH_SK_VERSION_MAJOR, but we'll probably do that before the > next release anyway. Hi, I committed a change to move the hashing from ssh-sk.c to the middleware, bumping the expected middleware version along the way. Please take a look (commit 59d2de956e). -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev