-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fido2luks does not work #177
Comments
This is caused by a bug in a |
Though the algorithm field is really missing: https://github.com/shimunn/ctap/blob/bf862f6a4bbc007263cbe679db33c8dd3c2ffc79/src/cbor.rs#L589-L590 I’m not sure whether this is valid. |
Okay, it’s optional:
https://www.rfc-editor.org/rfc/rfc8152#section-7
|
This patch replaces upstream ctap-types with a fork that improves compatibility when deserializing COSE keys. Fixes Nitrokey#177
Hi, sorry to bump this, but I'm curious about the state of this issue. Since the fido2luks project seems unmaintained/dead (although the software still works fine with the NK FIDO2), I'm wondering if this can be resolved from this side of the fence. |
@intr-cx The CTAP2 issues described above are fixed in the firmware, although we might revert some of the fixes in the future because the specification requires a strict implementation that rejects invalid data. Additionally, there is a bug in the USB descriptor parser used by fido2luks. We don’t want to work around that bug in the firmware. I’ve submitted patches to fix the parser. They might work for you, though I have only tested the device selection, not the entire LUKS setup: |
Fido2luks fails with setting up LUKS device. This works with Nitrokey FIDO2.
Dev returns:
Device returned error: CborError: 0x14: Missing non-optional parameter.)
If I have not made mistake during the early retest, this was the
kty
field, as reported byserde
.Logs with full traffic attached, as well as the used Makefile.
Sim version:
v1.2.2-alpha.20221130-111-ga1d9dd0
(currentmain
), with updated dependencies to the latest (cargo update
; see attached Cargo lock file).PS I expect the same problem occurs, while running example of the responsible for the ctap communication underlying
ctap_hmac
crate. Might be easier for the debugging.cc @robin-nitrokey
The text was updated successfully, but these errors were encountered: