search

tavrez / openssh-sk-winhello

A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
GNU Lesser General Public License v3.0
184 stars 14 forks source link

#13 - Update SSH_SK_VERSION_MAJOR from 7 to 9 #16

Open madaster97 opened 1 year ago

madaster97 commented 1 year ago

Addressing issue 13, I copied this version of sk-api.h and changed a couple variables to match the names within (from message to data).

After that, I was able to create a key against Openssh_9.0p1, OpenSSL 1.1.1q Jul 5 2022 using my yubikey + windows hello.

By bumping from 7 to 9, we'll notably be missing support for 8 and a. See mentions of SSH_SK_VERSION_MAJOR in the OpenSSH release notes, and these commits that edit the sk-api.h file.

tavrez commented 1 year ago

Many thanks! I’ll release a preview version based on this!

On Tue, Aug 9, 2022 at 7:23 AM Adam Strickland @.***> wrote:

Addressing issue 13 https://github.com/tavrez/openssh-sk-winhello/issues/13, I copied this version of sk-api.h and changed a couple variables to match the names within (from message to data).

After that, I was able to create a key against Openssh_9.0p1, OpenSSL 1.1.1q Jul 5 2022 using my yubikey + windows hello.

You can view, comment on, or merge this pull request online at:

https://github.com/tavrez/openssh-sk-winhello/pull/16 Commit Summary

File Changes

(3 files https://github.com/tavrez/openssh-sk-winhello/pull/16/files)

Patch Links:

— Reply to this email directly, view it on GitHub https://github.com/tavrez/openssh-sk-winhello/pull/16, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACFM2DLRLV5GVDHJFTCBX73VYHB4BANCNFSM557E662A . You are receiving this because you are subscribed to this thread.Message ID: @.***>

ivan commented 1 year ago

This is also working for me. I tested with OpenSSH_9.0p1 in cygwin (64-bit).

ivan commented 1 year ago

With OpenSSH_9.1p1, this is broken again:

Provider "/usr/lib/winhello.dll" implements unsupported version 0x00090000 (supported: 0x000a0000)
sign_and_send_pubkey: signing failed for ED25519-SK "/cygdrive/c/home/.ssh/id_ed25519_sk": invalid format

but it can be fixed with:

diff --git a/src/sk-api.h b/src/sk-api.h
index 2445438..ca2015e 100644
--- a/src/sk-api.h
+++ b/src/sk-api.h
@@ -77,7 +77,7 @@ struct sk_option {
    uint8_t required;
 };

-#define SSH_SK_VERSION_MAJOR       0x00090000 /* current API version */
+#define SSH_SK_VERSION_MAJOR       0x000a0000 /* current API version */
 #define SSH_SK_VERSION_MAJOR_MASK  0xffff0000

 /* Return the version of the middleware API */
madaster97 commented 1 year ago

@tavrez , how do you think we should handle these frequent version bumps in OpenSSH-portable? Should we tag a release for major version 9, and then make a new one for major version a?

@ivan , it looks like this commit did more than just update the version number, and may have introduced other changes we need to make. Did you take a look at/test that?