user_id behavior mismatch with OpenSSH

tavrez / openssh-sk-winhello

A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API

GNU Lesser General Public License v3.0

184 stars 14 forks source link

user_id behavior mismatch with OpenSSH #14

Open carlreinke opened 2 years ago

carlreinke commented 2 years ago

https://github.com/tavrez/openssh-sk-winhello/blob/2cde67670551fdb136053ac884d0591468987fea/src/winhello.c#L273-L279

This doesn't match OpenSSH but not for the reasons mentioned in the README.

OpenSSH always uses 32 bytes for user_id. I.e., WEBAUTHN_USER_ENTITY_INFORMATION.cbId should always be 32 and not be based on strlen. If the user didn't specify anything, user_id will contain 32 zero bytes.

https://github.com/openssh/openssh-portable/blob/V_8_9_P1/sk-usbhid.c#L839

tavrez commented 2 years ago

Thanks for pointing this, I'll fix it with the next version which has the support for OpenSSH 8.9