All looks fine to me, thanks. You can view the middleware I created (code and a video clip) in https://github.com/tavrez/openssh-sk-winhello if you are interested(currently shipped with a custom ssh-sk-helper). As a side note, sk-api.h is not listed in .depend for ssh-sk.o and sk-usbhic.o although it's included in both. On Fri, May 1, 2020 at 8:00 AM Damien Miller <djm@xxxxxxxxxxx> wrote: > On Fri, 6 Mar 2020, Damien Miller wrote: > > > On Thu, 5 Mar 2020, Reza Tavakoli wrote: > > > > > Hello, > > > > > > I'm helping the Git for windows team and contributing in > git-for-windows > > > repository to help expand the OpenSSH support for fido2 devices on > Windows. > > > Currently we are using your internal implementation(sk-usbhic.c) > however > > > since Windows 10 version 1903 this requires administrator privileges. > > > > > > I'm trying to create a module for OpenSSH to use webauthn.dll instead > of > > > direct calling to libfido2 to eliminate the need for administrator > > > privileges > > > I noticed that in ssh-sk.c in function sshsk_sign you hash the input > data > > > before passing it to external module sk_sign function. The problem is, > > > Windows API automatically hash the input before sending it to fido > device, > > > so I need to receive the data without hashing to be able to use this or > > > else the data will be hashed two times and verification will fail. > > > > > > May I suggest that you do this part inside sk_sign command so the > module > > > using your sk-api.h interface can do this if it's needed? > > > > That sounds reasonable - do you have a patch you can share? We'd need to > > increase the SSH_SK_VERSION_MAJOR, but we'll probably do that before the > > next release anyway. > > Hi, > > I committed a change to move the hashing from ssh-sk.c to the middleware, > bumping the expected middleware version along the way. Please take a look > (commit 59d2de956e). > > -d > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
