Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fido_hid_read: read: Resource temporarily unavailable when trying to generate FIDO key #800

Closed
TV4Fun opened this issue Apr 6, 2024 · 1 comment
Closed

fido_hid_read: read: Resource temporarily unavailable when trying to generate FIDO key #800

TV4Fun opened this issue Apr 6, 2024 · 1 comment
Labels
bug report Something isn't working

Comments

@TV4Fun
Copy link

TV4Fun commented Apr 6, 2024
edited
Loading

What version of libfido2 are you using?
Latest checkout from git/main, built on my machine.
What operating system are you running?
macOS 14.4.1 (23E224)

What application are you using in conjunction with libfido2?
OpenSSH_9.7p1, OpenSSL 3.2.1 30 Jan 2024, specifically with ssh-keygen
How does the problem manifest itself?
I am trying to generate a FIDO2 key on my YubiKey Nano 5C:

$ ykman info
Device type: YubiKey 5C Nano
Serial number: 15969169
Firmware version: 5.4.3
Form factor: Nano (USB-C)
Enabled USB interfaces: OTP, FIDO, CCID

Applications
FIDO2       	Enabled
OTP         	Enabled
FIDO U2F    	Enabled
OATH        	Enabled
YubiHSM Auth	Enabled
OpenPGP     	Enabled
PIV         	Enabled

I tried using the standard command ssh-keygen -t ed25519-sk -O resident -O application=ssh:Nomad -O verify-required and after verifying my PIN and my tap, I got Key enrollment failed: invalid format. Running with -vvvv showed both a FIDO_ERR_RX and a FIDO_ERR_NO_CREDENTIALS. Following the advice here I installed a custom libsk-libfido2, which then gave different errors but still ended with invalid format. Following the advice here I built my own version of libsk-libfido2.dylib with -DSK_DEBUG. That gave a lot of detail which doesn't mean much to me, but hopefully will to you. I also installed my own debug build of libfido2 and ran with FIDO_DEBUG=1. It looks like the error that is now stopping it is fido_hid_read: read: Resource temporarily unavailable and I am not sure why that is appearing. It appears consistently every time I try to run it. Have tried rebooting, updating OpenSSH and LibFido2 from Homebrew. Let me know what else I should try.

ETA: Trying to run examples/cred gives:

$ ./cred ioreg://4294982390
fido_hid_open: get_ioreg_entry: ioreg://4294982390
fido_dev_open_tx: dev->io.open
cred: fido_dev_open: FIDO_ERR_INTERNAL (0xfffffff7)

Is the problem reproducible?
Happens every time, haven't figured out a way to generate a key successfully.
What are the steps that lead to the problem?
Try to generate a key per instructions here with ssh-keygen -t ed25519-sk -O resident -O application=ssh:Nomad -O verify-required

Does the problem happen with different authenticators?
Tried a few different versions of OpenSSH and libfido2

Please include the output of fido2-token -L.

fido2-token -L 
$ fido2-token -L
run_manifest: found 1 hid device
ioreg://4294982390: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)

Please include the output of fido2-token -I.

fido2-token -I 
$ fido2-token -I ioreg://4294982390
fido_tx: dev=0x600003aac6c0, cmd=0x06
fido_tx: buf=0x600003aac6c0, len=8
0000: 64 60 94 df 7b 26 2b 6f
fido_rx: dev=0x600003aac6c0, cmd=0x06, ms=-1
rx_preamble: buf=0x16ba26ea8, len=64
0000: ff ff ff ff 86 00 11 64 60 94 df 7b 26 2b 6f 16
0016: b6 75 87 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x600003aac6c8, len=17
0000: 64 60 94 df 7b 26 2b 6f 16 b6 75 87 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x600003aac6c0
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x16ba26f07, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600003aac6c0, ci=0x6000037a8000, ms=-1
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26e38, len=64
0000: 16 b6 75 87 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16ba26e38, len=64
0000: 16 b6 75 87 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16ba26e38, len=64
0000: 16 b6 75 87 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16ba26e38, len=64
0000: 16 b6 75 87 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x122809e00, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
proto: 0x02
major: 0x05
minor: 0x04
build: 0x03
caps: 0x05 (wink, cbor, msg)
fido_dev_get_cbor_info_tx: dev=0x600003aac6c0
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x16ba26fd7, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600003aac6c0, ci=0x6000037a8000, ms=-1
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x12300dc00, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
version strings: U2F_V2, FIDO_2_0, FIDO_2_1_PRE
extension strings: credProtect, hmac-secret
transport strings: usb
algorithms: es256 (public-key), eddsa (public-key)
aaguid: ee882879721c491397753dfcce97072a
options: rk, up, noplat, clientPin, credentialMgmtPreview
fwversion: 0x50403
maxmsgsiz: 1200
maxcredcntlst: 8
maxcredlen: 128
maxlargeblob: 0
minpinlen: 4
pin protocols: 2, 1
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x600000aa4210, len=6
0000: 06 a2 01 01 02 01
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26f48, len=64
0000: 16 b6 75 87 90 00 04 00 a1 03 08 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=4
fido_rx: buf=0x12300dc00, len=4
0000: 00 a1 03 08
pin retries: 8
pin change required: false
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x600000aa4260, len=6
0000: 06 a2 01 01 02 07
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26f48, len=64
0000: 16 b6 75 87 90 00 01 33 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x12300dc00, len=1
0000: 33
cbor_parse_reply: blob[0]=0x33
fido_dev_get_uv_retry_count_rx: parse_uv_retry_count
uv retries: undefined
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x600000aa4220, len=6
0000: 40 a2 01 01 02 07
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 90 00 01 01 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x12300dc00, len=1
0000: 01
cbor_parse_reply: blob[0]=0x01
bio_rx_info: bio_parse_info
bio_get_info_wait: tx/rx

Please include the output of FIDO_DEBUG=1.

FIDO_DEBUG=1 
$ export FIDO_DEBUG=1
$ ssh-keygen -vvvv -t ed25519-sk -O resident -O application=ssh:Nomad -O verify-required
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug3: start_helper: started pid=26412
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /opt/homebrew/Cellar/openssh/9.7p1/libexec/ssh-sk-helper
debug1: sshsk_enroll: provider "/usr/local/lib/libsk-libfido2.dylib", device "(null)", application "ssh:Nomad", userid "(null)", flags 0x25, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: sshsk_open: provider /usr/local/lib/libsk-libfido2.dylib implements version 0x000a0000
run_manifest: found 1 hid device
sk_probe: 1 device(s) detected
sk_probe: selecting sk by touch
fido_tx: dev=0x600002768000, cmd=0x06
fido_tx: buf=0x600002768000, len=8
0000: 1d 8d fe 40 37 5b 0e 74
fido_rx: dev=0x600002768000, cmd=0x06, ms=-1
rx_preamble: buf=0x16d38eae8, len=64
0000: ff ff ff ff 86 00 11 1d 8d fe 40 37 5b 0e 74 69
0016: da 0e 15 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x600002768008, len=17
0000: 1d 8d fe 40 37 5b 0e 74 69 da 0e 15 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x600002768000
fido_tx: dev=0x600002768000, cmd=0x10
fido_tx: buf=0x16d38eb47, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600002768000, ci=0x600002a60000, ms=-1
fido_rx: dev=0x600002768000, cmd=0x10, ms=-1
rx_preamble: buf=0x16d38ea78, len=64
0000: 69 da 0e 15 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16d38ea78, len=64
0000: 69 da 0e 15 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16d38ea78, len=64
0000: 69 da 0e 15 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16d38ea78, len=64
0000: 69 da 0e 15 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x11d80e000, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
sk_enroll: using device ioreg://4294982390
fido_dev_get_cbor_info_tx: dev=0x600002768000
fido_tx: dev=0x600002768000, cmd=0x10
fido_tx: buf=0x16d38ecf7, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600002768000, ci=0x600002a61950, ms=-1
fido_rx: dev=0x600002768000, cmd=0x10, ms=-1
rx_preamble: buf=0x16d38ec28, len=64
0000: 69 da 0e 15 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16d38ec28, len=64
0000: 69 da 0e 15 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16d38ec28, len=64
0000: 69 da 0e 15 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16d38ec28, len=64
0000: 69 da 0e 15 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x11d811000, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
check_sk_options: option uv is unknown
fido_tx: dev=0x600002768000, cmd=0x10
fido_tx: buf=0x600000065200, len=54
0000: 02 a3 01 69 73 73 68 3a 4e 6f 6d 61 64 02 58 20
0016: 66 68 7a ad f8 62 bd 77 6c 8f c1 8b 8e 9f 8e 20
0032: 08 97 14 85 6e e2 33 b3 90 2a 59 1d 0d 5f 29 25
0048: 05 a1 62 75 70 f4
fido_rx: dev=0x600002768000, cmd=0x10, ms=-1
rx_preamble: buf=0x16d38ec48, len=64
0000: 69 da 0e 15 90 00 01 2e 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x11d811000, len=1
0000: 2e
cbor_parse_reply: blob[0]=0x2e
fido_dev_get_assert_rx: adjust_assert_count
key_lookup: fido_dev_get_assert: FIDO_ERR_NO_CREDENTIALS
fido_tx: dev=0x600002768000, cmd=0x10
fido_tx: buf=0x6000022680b0, len=169
0000: 01 a6 01 58 20 a9 39 39 cf 86 51 a6 b7 8f 7e f6
0016: 54 35 ba fe 3d 10 9b ee b9 dd 45 7b 57 a7 f5 ba
0032: c4 bd 60 d0 b5 02 a1 62 69 64 69 73 73 68 3a 4e
0048: 6f 6d 61 64 03 a3 62 69 64 58 20 00 00 00 00 00
0064: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080: 00 00 00 00 00 00 00 00 00 00 00 64 6e 61 6d 65
0096: 67 6f 70 65 6e 73 73 68 6b 64 69 73 70 6c 61 79
0112: 4e 61 6d 65 67 6f 70 65 6e 73 73 68 04 81 a2 63
0128: 61 6c 67 27 64 74 79 70 65 6a 70 75 62 6c 69 63
0144: 2d 6b 65 79 06 a1 6b 63 72 65 64 50 72 6f 74 65
0160: 63 74 03 07 a1 62 72 6b f5
fido_rx: dev=0x600002768000, cmd=0x10, ms=-1
rx_preamble: buf=0x16d38ec38, len=64
0000: 69 da 0e 15 90 00 01 36 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x11d810000, len=1
0000: 36
cbor_parse_reply: blob[0]=0x36
fido_dev_make_cred_rx: parse_makecred_reply
sk_enroll: fido_dev_make_cred: FIDO_ERR_PIN_REQUIRED
fido_tx: dev=0x600002768000, cmd=0x11
fido_tx: buf=0x0, len=0
debug1: sshsk_enroll: provider "/usr/local/lib/libsk-libfido2.dylib" failure -3
debug1: ssh-sk-helper: Enrollment failed: incorrect passphrase supplied to decrypt private key
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -43
debug3: reap_helper: pid=26412
Enter PIN for authenticator:
You may need to touch your authenticator again to authorize key generation.
debug3: start_helper: started pid=26415
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /opt/homebrew/Cellar/openssh/9.7p1/libexec/ssh-sk-helper
debug1: sshsk_enroll: provider "/usr/local/lib/libsk-libfido2.dylib", device "(null)", application "ssh:Nomad", userid "(null)", flags 0x25, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
debug1: sshsk_open: provider /usr/local/lib/libsk-libfido2.dylib implements version 0x000a0000
run_manifest: found 1 hid device
sk_probe: 1 device(s) detected
sk_probe: selecting sk by touch
fido_tx: dev=0x600003364750, cmd=0x06
fido_tx: buf=0x600003364750, len=8
0000: 29 82 81 0e 91 44 e1 94
fido_rx: dev=0x600003364750, cmd=0x06, ms=-1
rx_preamble: buf=0x16d326ae8, len=64
0000: ff ff ff ff 86 00 11 29 82 81 0e 91 44 e1 94 c7
0016: 87 df d0 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x600003364758, len=17
0000: 29 82 81 0e 91 44 e1 94 c7 87 df d0 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x600003364750
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x16d326b47, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600003364750, ci=0x600003e60000, ms=-1
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326a78, len=64
0000: c7 87 df d0 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16d326a78, len=64
0000: c7 87 df d0 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16d326a78, len=64
0000: c7 87 df d0 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16d326a78, len=64
0000: c7 87 df d0 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x14680e400, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
sk_enroll: using device ioreg://4294982390
fido_dev_authkey_tx: dev=0x600003364750
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x60000036c0d0, len=6
0000: 06 a2 01 02 02 02
fido_dev_authkey_rx: dev=0x600003364750, authkey=0x600001460600, ms=-1
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326b38, len=64
0000: c7 87 df d0 90 00 51 00 a1 01 a5 01 02 03 38 18
0016: 20 01 21 58 20 06 c1 6d d3 bc 13 60 ec d5 94 78
0032: 15 5f 1b 01 75 97 15 77 cc c5 39 ee da 72 47 b6
0048: 80 d9 33 a4 45 22 58 20 a3 c6 8e 6f 28 37 5d e2
rx: payload_len=81
rx: buf=0x16d326b38, len=64
0000: c7 87 df d0 00 7e d4 47 22 61 a6 00 ab 79 6f 22
0016: 5d 03 ab 5f 9c b3 ee a9 4b 62 09 b8 b6 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x14680e400, len=81
0000: 00 a1 01 a5 01 02 03 38 18 20 01 21 58 20 06 c1
0016: 6d d3 bc 13 60 ec d5 94 78 15 5f 1b 01 75 97 15
0032: 77 cc c5 39 ee da 72 47 b6 80 d9 33 a4 45 22 58
0048: 20 a3 c6 8e 6f 28 37 5d e2 7e d4 47 22 61 a6 00
0064: ab 79 6f 22 5d 03 ab 5f 9c b3 ee a9 4b 62 09 b8
0080: b6
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x600002f63100, len=120
0000: 06 a4 01 02 02 05 03 a5 01 02 03 38 18 20 01 21
0016: 58 20 4a 7f 90 98 98 40 2c 9c 68 54 75 75 3e 16
0032: 85 ea ef 21 fa e1 0e 23 82 3c 55 c4 1b 8f dc 20
0048: 76 9c 22 58 20 82 dc a8 ad de 2f f9 c9 ee 34 99
0064: 73 e1 4b 38 c8 3f 15 d6 4b 4e 44 4b 9d 0d a5 92
0080: a4 30 39 bd ed 06 58 20 e0 21 2f 44 b2 4f 16 75
0096: 17 69 fe b4 79 ee 68 5e b4 06 8f 05 78 72 cc a3
0112: c6 0b 4c 20 81 44 6a 5c
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326ad8, len=64
0000: c7 87 df d0 90 00 35 00 a1 02 58 30 96 2e ce d0
0016: f1 d4 bf 31 98 04 c1 0e 35 da 6d 13 a7 34 1f 1c
0032: d6 0c d1 66 3a ed 4e 7f e7 61 72 47 6a 27 a0 6b
0048: b3 18 54 2f 3c e3 7a 5f 4b 14 1a fe 00 00 00 00
rx: payload_len=53
fido_rx: buf=0x14700aa00, len=53
0000: 00 a1 02 58 30 96 2e ce d0 f1 d4 bf 31 98 04 c1
0016: 0e 35 da 6d 13 a7 34 1f 1c d6 0c d1 66 3a ed 4e
0032: 7f e7 61 72 47 6a 27 a0 6b b3 18 54 2f 3c e3 7a
0048: 5f 4b 14 1a fe
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x60000256c060, len=91
0000: 02 a5 01 69 73 73 68 3a 4e 6f 6d 61 64 02 58 20
0016: 66 68 7a ad f8 62 bd 77 6c 8f c1 8b 8e 9f 8e 20
0032: 08 97 14 85 6e e2 33 b3 90 2a 59 1d 0d 5f 29 25
0048: 05 a1 62 75 70 f4 06 58 20 8c 91 de da 87 0d a1
0064: d7 6e 71 60 74 20 b0 a3 ed e8 f5 43 36 d0 21 01
0080: 2b 4c 7b 81 28 8f 3d cd c1 07 02
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326c48, len=64
0000: c7 87 df d0 90 00 01 2e 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x148808200, len=1
0000: 2e
cbor_parse_reply: blob[0]=0x2e
fido_dev_get_assert_rx: adjust_assert_count
key_lookup: fido_dev_get_assert: FIDO_ERR_NO_CREDENTIALS
fido_dev_authkey_tx: dev=0x600003364750
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x600000374110, len=6
0000: 06 a2 01 02 02 02
fido_dev_authkey_rx: dev=0x600003364750, authkey=0x600001468180, ms=-1
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326b28, len=64
0000: c7 87 df d0 90 00 51 00 a1 01 a5 01 02 03 38 18
0016: 20 01 21 58 20 06 c1 6d d3 bc 13 60 ec d5 94 78
0032: 15 5f 1b 01 75 97 15 77 cc c5 39 ee da 72 47 b6
0048: 80 d9 33 a4 45 22 58 20 a3 c6 8e 6f 28 37 5d e2
rx: payload_len=81
rx: buf=0x16d326b28, len=64
0000: c7 87 df d0 00 7e d4 47 22 61 a6 00 ab 79 6f 22
0016: 5d 03 ab 5f 9c b3 ee a9 4b 62 09 b8 b6 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x148808200, len=81
0000: 00 a1 01 a5 01 02 03 38 18 20 01 21 58 20 06 c1
0016: 6d d3 bc 13 60 ec d5 94 78 15 5f 1b 01 75 97 15
0032: 77 cc c5 39 ee da 72 47 b6 80 d9 33 a4 45 22 58
0048: 20 a3 c6 8e 6f 28 37 5d e2 7e d4 47 22 61 a6 00
0064: ab 79 6f 22 5d 03 ab 5f 9c b3 ee a9 4b 62 09 b8
0080: b6
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x600002f40080, len=120
0000: 06 a4 01 02 02 05 03 a5 01 02 03 38 18 20 01 21
0016: 58 20 f0 5a 86 1c 64 46 a1 e1 35 54 b6 f6 90 79
0032: 37 13 58 06 67 12 48 13 58 40 c2 8b a0 f6 49 08
0048: 65 cb 22 58 20 90 ef 87 b6 f9 2d 55 07 e8 67 ea
0064: e5 35 f3 8b 4a 49 33 90 36 87 0e 6f e1 a0 72 4e
0080: fc e9 6e dc 97 06 58 20 b3 d8 10 38 86 b4 8b 1e
0096: f4 6a 14 9e d2 c0 2a 38 64 e9 51 96 6d d3 dd 70
0112: d6 9e 7c f8 6a e6 61 12
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326ac8, len=64
0000: c7 87 df d0 90 00 35 00 a1 02 58 30 a3 ac 33 e8
0016: 5d e6 51 0a b1 0a 0d 67 1f 1b 88 de 74 47 17 7d
0032: 81 70 bd f5 ab 9f c2 e3 47 01 ca 3b 3e 1a 54 79
0048: 3f 54 31 81 b4 66 8c 7f 90 3a 5e 6f 00 00 00 00
rx: payload_len=53
fido_rx: buf=0x149808200, len=53
0000: 00 a1 02 58 30 a3 ac 33 e8 5d e6 51 0a b1 0a 0d
0016: 67 1f 1b 88 de 74 47 17 7d 81 70 bd f5 ab 9f c2
0032: e3 47 01 ca 3b 3e 1a 54 79 3f 54 31 81 b4 66 8c
0048: 7f 90 3a 5e 6f
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x600003a740d0, len=206
0000: 01 a8 01 58 20 1f bb 1c 8a b9 46 cc 77 8c aa fa
0016: 39 45 5b 99 76 92 a0 db 3c 2c 0c e5 2a 09 c2 44
0032: f1 30 89 68 69 02 a1 62 69 64 69 73 73 68 3a 4e
0048: 6f 6d 61 64 03 a3 62 69 64 58 20 00 00 00 00 00
0064: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080: 00 00 00 00 00 00 00 00 00 00 00 64 6e 61 6d 65
0096: 67 6f 70 65 6e 73 73 68 6b 64 69 73 70 6c 61 79
0112: 4e 61 6d 65 67 6f 70 65 6e 73 73 68 04 81 a2 63
0128: 61 6c 67 27 64 74 79 70 65 6a 70 75 62 6c 69 63
0144: 2d 6b 65 79 06 a1 6b 63 72 65 64 50 72 6f 74 65
0160: 63 74 03 07 a1 62 72 6b f5 08 58 20 ad 13 eb ba
0176: 0b e9 43 e0 15 8d ab 8d f3 48 c9 98 b3 6e 90 e2
0192: 1d 5c d1 22 6a be 5b 0d e0 ee 0a ad 09 02
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
fido_hid_read: read: Resource temporarily unavailable
rx: rx_preamble
fido_dev_make_cred_rx: fido_rx
sk_enroll: fido_dev_make_cred: FIDO_ERR_RX
fido_tx: dev=0x600003364750, cmd=0x11
fido_tx: buf=0x0, len=0
fido_hid_write: IOHIDDeviceSetReport
fido_hid_close: IOHIDDeviceClose
debug1: sshsk_enroll: provider "/usr/local/lib/libsk-libfido2.dylib" failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=26415
Key enrollment failed: invalid format
@TV4Fun TV4Fun added the bug report Something isn't working label Apr 6, 2024
@TV4Fun
Copy link
Author

TV4Fun commented Apr 7, 2024

Okay, it turns out Homebrew's OpenSSH install was not using my build of libfido2. I had to uninstall Homebrew's OpenSSH and libfido2 and install my own version of both built from sources from the latest git/main checkout. After doing that, it generated correctly.

@TV4Fun TV4Fun closed this as completed Apr 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug report Something isn't working
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TV4Fun