Pin and Touch not working simultaneously in libfido2
VedaviBalaji opened this issue · 8 comments
What version of libfido2 are you using?
1.13.0
What operating system are you running?
macOS Ventura 13.3.1
What application are you using in conjunction with libfido2?
Using webauthn.io and native messaging using Chromium
How does the problem manifest itself?
I am unable to get PIN and touch to work simultaneously.
Trying to perform registration using my YubiKey 5C Nano device.
I have a YubiKey 5C Nano device with PIN set. Product details - YubiKey OTP+FIDO+CCID.
I tried to use fido_dev_make_cred(device, cred, pin)
, this returns a FIDO_ERR_SUCCESS
but the attstmt and authdata are null. AFAIK, this device requires a touch to generate credentials, however, the UV support is FALSE and when fido_dev_make_cred
is called, it bypasses the wait for touch and returns SUCCESS.
If the pin is not configures and passed as NULL in fido_dev_make_cred
, the device waits for the touch and the data are generated properly.
If I set the UV to fido_opt_t_FIDO_OPT_TRUE, it fails with UNSUPPORTED error, but that is because the fido_dev_supports_uv returns false.
Is the problem reproducible?
Yes. Code snippet is available in this stackoverflow qs.
https://stackoverflow.com/questions/76144744/fido-dev-make-cred-returns-success-but-attstmt-and-authdata-are-null
What are the steps that lead to the problem?
Set the pin and long touch configured. Use libfido2 rust library to make a credential passing the PIN as a non-null UTF-8 string to the fido_dev_make_cred
method.
Does the problem happen with different authenticators?
Happens with Yubikey only if the PIN is configured.
Please include the output of fido2-token -L
.
fido2-token -L
$ fido2-token -L ioreg://4295330919: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)
Please include the output of fido2-token -I
.
fido2-token -I
$ fido2-token -I <device> proto: 0x02 major: 0x05 minor: 0x04 build: 0x03 caps: 0x0d (wink, cbor, nomsg) version strings: FIDO_2_0, FIDO_2_1_PRE extension strings: credProtect, hmac-secret transport strings: usb algorithms: es256 (public-key), eddsa (public-key) aaguid: ee882879721c491397753dfcce97072a options: rk, up, noplat, clientPin, credentialMgmtPreview fwversion: 0x50403 maxmsgsiz: 1200 maxcredcntlst: 8 maxcredlen: 128 maxlargeblob: 0 minpinlen: 8 pin protocols: 2, 1 pin retries: 8 pin change required: false uv retries: undefined
Please include the output of FIDO_DEBUG=1
.
FIDO_DEBUG=1
$ export FIDO_DEBUG=1 $ <command1> $ <command2> (...) $ <commandn> 16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] run_manifest: found 1 hid device16:54:49 [TRACE] (1) NativeHost: [src/main.rs:218] found 1 fido devices
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:227] Device 0, Path:ioreg://4295330919, name: YubiKey OTP+FIDO+CCID, manufacturer: Yubico
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_tx: dev=0x7fc1e43043a0, cmd=0x0616:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_tx: buf=0x7fc1e43043a0, len=8
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: e5 da de 5b cc 3f 0b 68
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_rx: dev=0x7fc1e43043a0, cmd=0x06, ms=-1
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] rx_preamble: buf=0x7ff7b345b4d0, len=64
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: ff ff ff ff 86 00 11 e5 da de 5b cc 3f 0b 68 53
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 6e 64 56 02 05 04 03 0d 00 00 00 00 00 00 00 00
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] rx: payload_len=17
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_rx: buf=0x7fc1e43043a8, len=17
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: e5 da de 5b cc 3f 0b 68 53 6e 64 56 02 05 04 03
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 0d
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_dev_get_cbor_info_tx: dev=0x7fc1e43043a0
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_tx: dev=0x7fc1e43043a0, cmd=0x10
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_tx: buf=0x7ff7b345b517, len=1
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 04
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_dev_get_cbor_info_rx: dev=0x7fc1e43043a0, ci=0x7fc1e4205da0, ms=-1
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_rx: dev=0x7fc1e43043a0, cmd=0x10, ms=-1
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] rx_preamble: buf=0x7ff7b345b490, len=64
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 53 6e 64 56 90 00 c1 00 ac 01 82 68 46 49 44 4f
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] rx: payload_len=193
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] rx: buf=0x7ff7b345b490, len=64
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 53 6e 64 56 00 79 72 1c 49 13 97 75 3d fc ce 97
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 07 2a 04 a5 62 72 6b f5 62 75 70 f5 64 70 6c 61
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: 74 f4 69 63 6c 69 65 6e 74 50 69 6e f5 75 63 72
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 65 64 65 6e 74 69 61 6c 4d 67 6d 74 50 72 65 76
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] rx: buf=0x7ff7b345b490, len=64
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 53 6e 64 56 01 69 65 77 f5 05 19 04 b0 06 82 02
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 01 07 08 08 18 80 09 81 63 75 73 62 0a 82 a2 63
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: 61 6c 67 26 64 74 79 70 65 6a 70 75 62 6c 69 63
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 2d 6b 65 79 a2 63 61 6c 67 27 64 74 79 70 65 6a
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] rx: buf=0x7ff7b345b490, len=64
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 53 6e 64 56 02 70 75 62 6c 69 63 2d 6b 65 79 0d
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 08 0e 1a 00 05 04 03 00 00 00 00 00 00 00 00 00
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_rx: buf=0x7fc1e5008200, len=193
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 00 ac 01 82 68 46 49 44 4f 5f 32 5f 30 6c 46 49
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 44 4f 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: 64 50 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 63 72 65 74 03 50 ee 88 28 79 72 1c 49 13 97 75
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0064: 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62 75 70 f5
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0080: 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74 50 69 6e
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0096: f5 75 63 72 65 64 65 6e 74 69 61 6c 4d 67 6d 74
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0112: 50 72 65 76 69 65 77 f5 05 19 04 b0 06 82 02 01
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0128: 07 08 08 18 80 09 81 63 75 73 62 0a 82 a2 63 61
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0144: 6c 67 26 64 74 79 70 65 6a 70 75 62 6c 69 63 2d
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0160: 6b 65 79 a2 63 61 6c 67 27 64 74 79 70 65 6a 70
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0176: 75 62 6c 69 63 2d 6b 65 79 0d 08 0e 1a 00 05 04
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0192: 03
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_tx: dev=0x7fc1e43043a0, cmd=0x10
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] fido_tx: buf=0x7fc1e420d540, len=98
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 01 a6 01 58 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: c8 99 6f b9 24 27 ae 41 e4 64 9b 93 4c a4 95 99
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: 1b 78 52 b8 55 02 a1 62 69 64 69 6c 6f 63 61 6c
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 68 6f 73 74 03 a2 62 69 64 41 01 64 6e 61 6d 65
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0064: 65 64 75 6d 6d 79 04 81 a2 63 61 6c 67 26 64 74
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0080: 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79 08 40
16:54:49 [TRACE] (1) NativeHost: [src/main.rs:28] 0096: 09 02
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] fido_dev_authkey_tx: dev=0x7fc1e43043a016:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] fido_tx: dev=0x7fc1e43043a0, cmd=0x10
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] fido_tx: buf=0x7fc1e4409470, len=6
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 06 a2 01 02 02 02
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] fido_dev_authkey_rx: dev=0x7fc1e43043a0, authkey=0x7fc1e44097b0, ms=-1
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] fido_rx: dev=0x7fc1e43043a0, cmd=0x10, ms=-1
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] rx_preamble: buf=0x7ff7b345b390, len=64
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 53 6e 64 56 90 00 51 00 a1 01 a5 01 02 03 38 18
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 20 01 21 58 20 a9 98 47 da 3a cc 4f bf 17 14 40
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: b8 68 1f 86 3d fa b9 b1 54 72 58 64 15 4b 77 f1
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: d5 d9 1e 79 f5 22 58 20 19 13 97 a4 47 aa 76 39
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] rx: payload_len=81
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] rx: buf=0x7ff7b345b390, len=64
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 53 6e 64 56 00 32 c8 f2 bf 90 10 a3 1d 36 cb f1
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: af 3d 2c 58 5f fc d9 da d6 6c d8 07 14 00 00 00
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] fido_rx: buf=0x7fc1e680a000, len=81
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0000: 00 a1 01 a5 01 02 03 38 18 20 01 21 58 20 a9 98
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0016: 47 da 3a cc 4f bf 17 14 40 b8 68 1f 86 3d fa b9
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0032: b1 54 72 58 64 15 4b 77 f1 d5 d9 1e 79 f5 22 58
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0048: 20 19 13 97 a4 47 aa 76 39 32 c8 f2 bf 90 10 a3
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0064: 1d 36 cb f1 af 3d 2c 58 5f fc d9 da d6 6c d8 07
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] 0080: 14
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] hkdf_sha256: EVP_PKEY_CTX
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] kdf: hkdf
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] do_ecdh: kdf
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] fido_do_ecdh: do_ecdh
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:28] fido_dev_make_cred_tx: fido_do_ecdh
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:454] fido_dev_make_cred
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:455] fido_dev_make_cred status "FIDO_ERR_SUCCESS"
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:468] fido_dev_make_cred SUCCESS!
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:473] ATT len=0
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:478] AUTH len=0
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:488] ID len=0
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:493] PUBKEY len=0
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:502] CLIENTDATAHASH from cred len=32
[46, 0, 116, 229, 76, 232, 216, 32, 129, 122, 36, 51, 247, 28, 142, 87, 7, 86, 223, 83, 106, 254, 157, 61, 242, 13, 197, 199, 109, 65, 103, 248]
16:54:54 [TRACE] (1) NativeHost: [src/main.rs:512] CLIENTDATAHASH from computed client data len=32
[46, 0, 116, 229, 76, 232, 216, 32, 129, 122, 36, 51, 247, 28, 142, 87, 7, 86, 223, 83, 106, 254, 157, 61, 242, 13, 197, 199, 109, 65, 103, 248]
Thank you! Something seems to be failing in https://github.com/Yubico/libfido2/blob/main/src/ecdh.c#L61; I'm not sure why. It's also unclear why fido_dev_make_cred() is returning FIDO_OK. Is the binding you're using opensource?
Yes its open source.
I installed libfido using brew install libfido2
And I build my rust library using:
$ export FIDO2_LIB_DIR=/usr/local/Cellar/libfido2/1.13.0/lib
$ cargo rustc -- -L /usr/local/opt/openssl/lib -l framework=CoreFoundation -l framework=IOKit
Yes its open source.
Can you point us at it? From a quick look, it does not appear to be https://github.com/PvdBerg1998/libfido2.
I installed libfido using
brew install libfido
There does not appear to be a package called libfido in Homebrew. Did you mean libfido2, or did you install a package from a tap (third-party Homebrew repository)?
And I build my rust library using:
$ export FIDO2_LIB_DIR=/usr/local/Cellar/libfido2/1.13.0/lib
$cargo rustc -- -L /usr/local/opt/openssl/lib -l framework=CoreFoundation -l framework=IOKit
The difference in prefix is a bit suspicious. Can you use otool -L
to verify that libfido2 is linked against the same libcrypto as your application?
Sorry, yes I used
$ brew install libfido2
$brew info libfido2
/usr/local/Cellar/libfido2/1.13.0
$ otool -L myfidoapp
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1971.0.0)
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit (compatibility version 1.0.0, current version 275.0.0)
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
/usr/local/opt/libcbor/lib/libcbor.0.10.dylib (compatibility version 0.10.0, current version 0.10.2)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11)
**/usr/local/opt/openssl@3/lib/libcrypto.3.dylib (compatibility version 3.0.0, current version 3.0.0)**
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1319.100.3)
$ otool -L /usr/local/Cellar/libfido2/1.13.0/bin/fido2-cred
**/usr/local/opt/openssl@1.1/lib/libcrypto.1.1.dylib (compatibility version 1.1.0, current version 1.1.0)**
/usr/local/Cellar/libfido2/1.13.0/lib/libfido2.1.dylib (compatibility version 1.0.0, current version 1.13.0)
/usr/local/opt/libcbor/lib/libcbor.0.10.dylib (compatibility version 0.10.0, current version 0.10.2)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1953.255.0)
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit (compatibility version 1.0.0, current version 275.0.0)
/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1319.0.0)
Yes, the openssl was different. I used cargo rustc -- -L /usr/local/opt/openssl@1.1/lib -l framework=CoreFoundation -l framework=IOKit
and it looks like its working. I will test a bit more, but thanks for helping me debug. :)
Edit:
Weirdly if the PIN is wrong it still returns a FIDO_ERR_SUCCESS
but data are null.
Weirdly if the PIN is wrong it still returns a FIDO_ERR_SUCCESS but data are null.
Could you please provide information on:
- What Rust bindings you are using; and
- Another trace of this new behavior with
FIDO_DEBUG=1
enabled.
Something else I just spotted in your code snippet over at StackOverflow:
let r = libfido2::fido_cred_set_pin_minlen(cred, 9);
if has_pin {
let r = libfido2::fido_dev_make_cred(device, cred, _cptr);
} else {
let r = libfido2::fido_dev_make_cred(device, cred, std::ptr::null() as *const i8);
}
if r != libfido2::FIDO_OK {
// ...
}
You are shadowing the r
variable in the if-statement's body. Once that scope ends, the inner shadowing ends and r
returns to being the result of the fido_cred_set_pin_minlen()
call. This is likely to be the cause of your confusing fido_dev_make_cred()
return values.
If this is the root cause of your problem, the above request for additional information will not be necessary.
Closing in understanding that the issue was resolved / questions answered.
Hello,
Thanks for helping me debug.
I am trying to debug a similar error that fails fido_dev_make_cred
with FIDO_ERR_INTERNAL
.
...
fido_rx: buf=0x7fd3a7160e00, len=0
fido_tx: dev=0x600003901b00, cmd=0x03
fido_tx: buf=0x6000020f7d58, len=73
0000: 00 01 00 00 00 00 40 e3 b0 c4 42 98 fc 1c 14 9a
0016: fb f4 c8 99 6f b9 24 27 ae 41 e4 64 9b 93 4c a4
0032: 95 99 1b 78 52 b8 55 49 96 0d e5 88 0e 8c 68 74
0048: 34 17 0f 64 76 60 5b 8f e4 ae b9 a2 86 32 c7 99
0064: 5c f3 ba 83 1d 97 63 00 00
fido_rx: dev=0x60000391c990, cmd=0x03, ms=50
fido_hid_read: read: Resource temporarily unavailable
rx: rx_preamble
u2f_get_touch_status: fido_rx
fido_rx: dev=0x60000391c750, cmd=0x10, ms=50
rx_preamble: buf=0x7ff7bfc2d750, len=64
0000: 5a 25 7f b3 90 00 01 31 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x7fd3a5901200, len=1
0000: 31
es256_sk_create: EVP_PKEY_paramgen
fido_do_ecdh: es256_derive_pk
fido_dev_make_cred_tx: fido_do_ecdh
fido_tx: dev=0x60000391c750, cmd=0x11
fido_tx: buf=0x0, len=0
This time, I downloaded the libfido.1.13.0
source and manually built it.
$ otool -L fido-cred
@rpath/libcrypto.1.1.dylib (compatibility version 1.1.0, current version 1.1.0)
@rpath/libfido2.1.dylib (compatibility version 1.0.0, current version 1.13.0)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1770.255.0)
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit (compatibility version 1.0.0, current version 275.0.0)
@rpath/libz.1.dylib (compatibility version 1.0.0, current version 1.2.13)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1292.60.1)
and my app
$ otool -L myapp
/System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics (compatibility version 64.0.0, current
version 1690.5.4)
@rpath/libpcre2-8.0.dylib (compatibility version 12.0.0, current version 12.2.0)
@rpath/libffi.8.dylib (compatibility version 10.0.0, current version 10.1.0)
@rpath/libnghttp2.14.dylib (compatibility version 39.0.0, current version 39.0.0)
@rpath/libsoup-3.0.0.dylib (compatibility version 8.0.0, current version 8.0.0)
@rpath/libgmodule-2.0.0.dylib (compatibility version 7601.0.0, current version 7601.2.0)
@rpath/libavcodec.59.18.100.dylib (compatibility version 59.0.0, current version 59.18.100)
@rpath/libavutil.57.17.100.dylib (compatibility version 57.0.0, current version 57.17.100)
@rpath/libturbojpeg.0.2.0.dylib (compatibility version 0.0.0, current version 0.2.0)
@rpath/libsasl2.3.dylib (compatibility version 4.0.0, current version 4.0.0)
@rpath/libjson-glib-1.0.0.dylib (compatibility version 601.0.0, current version 601.6.0)
@rpath/libprotobuf-c.1.dylib (compatibility version 2.0.0, current version 2.0.0)
@rpath/libcrypto.1.1.dylib (compatibility version 1.1.0, current version 1.1.0)
@rpath/libgio-2.0.0.dylib (compatibility version 7601.0.0, current version 7601.2.0)
@rpath/libgobject-2.0.0.dylib (compatibility version 7601.0.0, current version 7601.2.0)
@rpath/libglib-2.0.0.dylib (compatibility version 7601.0.0, current version 7601.2.0)
@rpath/libintl.8.dylib (compatibility version 11.0.0, current version 11.0.0)
@rpath/libpangocairo-1.0.0.dylib (compatibility version 5001.0.0, current version 5001.7.0)
@rpath/libpango-1.0.0.dylib (compatibility version 5001.0.0, current version 5001.7.0)
@rpath/libharfbuzz.0.dylib (compatibility version 40200.0.0, current version 40200.0.0)
@rpath/libcairo.2.dylib (compatibility version 11603.0.0, current version 11603.0.0)
/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (compatibility version 45.0.0, current version 2299.50.120)
/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore (compatibility version 1.2.0, current version 1.11.0)
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (compatibility version 300.0.0, current version 1971.0.0)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1971.0.0)
/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1319.100.3)
/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
@rpath/libgstreamer-1.0.0.dylib (compatibility version 2203.0.0, current version 2203.0.0)
@rpath/libgtk-3.0.dylib (compatibility version 2406.0.0, current version 2406.32.0)
@rpath/libgdk-3.0.dylib (compatibility version 2406.0.0, current version 2406.32.0)
@rpath/libatk-1.0.0.dylib (compatibility version 23810.0.0, current version 23810.1.0)
@rpath/libcairo-gobject.2.dylib (compatibility version 11603.0.0, current version 11603.0.0)
@rpath/libgdk_pixbuf-2.0.0.dylib (compatibility version 4201.0.0, current version 4201.10.0)
/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa (compatibility version 1.0.0, current version 23.0.0)
/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon (compatibility version 2.0.0, current version 169.0.0)
I see that libcbor is not linked as before, but the code works fine for keys without pin. The code is almost the same (it is just part of a another project).
Thanks