Yubico/libfido2

Issue while authenticating with PIN (taken from user) in libfido2

alpha-check opened this issue · 3 comments

alpha-check commented

Hi
I am trying to authenticate with the PIN taken from user . if I pass that pin in the program ( in "fido_dev_get_assert
" function) then it is getting stuck ,while if I hardcode it then authentication is working fine .
this problem is coming with ThinC-AUTH by ENSURITY TECHNOLOGIES FIDO2 key . but same is working fine with yubico -5

debug logs which i am getting is as below:-
fido_dev_authkey_tx: dev=0xb390c360
fido_tx: dev=0xb390c360, cmd=0x10
fido_tx: buf=0xb3925248, len=6
0000: 06 a2 01 01 02 02
fido_dev_authkey_rx: dev=0xb390c360, authkey=0xb3925268, ms=-1
fido_rx: dev=0xb390c360, cmd=0x10, ms=-1

and after this program gets stuck.

martelletto commented

It is not immediately clear to me why the authenticator would stop responding at that point. Is it blinking or waiting for user consent? On a side note, what do you mean by "hardcoding the PIN"? Thanks.

alpha-check commented

key is not blinking for any user interaction.

Actually we have tried to authenticate in 2 ways using PIN

  1. hardcoding the PIN :- which means we have written the value of the PIN in code itself .
  2. taking PIN from user interaction:- in this case we are taking PIN from user and then passing it in the function fido_dev_get_assert
    in 1st case yubico-5 and ThinC-AUTH by ENSURITY TECHNOLOGIES both are working fine but in 2nd case yubico is working fine but ThinC-AUTH is getting stuck .

one more thing which we have found is that in case of ThinC-AUTH in 2nd case if we perform the user interaction in < 10sec and assign PIN value in that time then ThinC-AUTH is also working in 2nd case.
but don't have any clue why that thing is happening

Is there any way by which i can set the timeout in FIDO key from the libfido2 ?

martelletto commented

Sounds like a timing-related authenticator idiosyncrasy. We provide fido_dev_set_timeout(), which would help you not get stuck when the authenticator stops responding. There is otherwise not much we can do in libfido2. Perhaps prompt for the PIN before opening the device in your application?