pamu2fcfg failure with Thetis key with libu2f-host 1.1.8-1

[bfm59]

Starting with libu2f-host version 1.1.8-1 from the Yubico Ubuntu PPA, the pamu2fcfg registration procedure fails for my Thetis FIDO U2F security keys. As shown below, the error message is "Unable to generate registration challenge, error in transport layer (-2)." The same error occurs when pamu2fcg is run under sudo. In contrast, pamu2fcfg with libu2f-host version 1.1.8-1 completes successfully for my Yubikey 4 and my Feitian Multipass FIDO U2F security key.

On a separate computer, which has not yet been upgraded to version 1.1.8-1 (still running version 1.1.7-1) I am still able to register my Thetis U2F keys.

Both computers are running Linux Mint 19.1, which is derived from Ubuntu Bionic.

A transcript showing the failure is given below. Please let me know if I can provide more information. Thank you.

$ pamu2fcfg --debug
USB send: 00ffffffff8600082afe8b76dd052cdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
USB write returned 65
now trying with timeout 2
USB read rc read 64
USB recv: ffffffff8600112afe8b76dd052cdb00000001020100010100000000000000000000000000000000000000000000000000000000000000000000000000000000
device /dev/hidraw3 discovered as 'EsecuFIDO HID'
version (Interface, Major, Minor, Build): 2, 1, 0, 1 capFlags: 1
JSON: { "challenge": "if2nsOHbcX_k8rse832UCyc1lSZAded3F2lbbfzHuf4", "version": "U2F_V2", "appId": "pam://MY_HOST_NAME" }
JSON challenge URL-B64: if2nsOHbcX_k8rse832UCyc1lSZAded3F2lbbfzHuf4
client data: { "challenge": "if2nsOHbcX_k8rse832UCyc1lSZAded3F2lbbfzHuf4", "origin": "pam://MY_HOST_NAME", "typ": "navigator.id.finishEnrollment" }
JSON: { "challenge": "if2nsOHbcX_k8rse832UCyc1lSZAded3F2lbbfzHuf4", "version": "U2F_V2", "appId": "pam://MY_HOST_NAME" }
JSON app_id pam://MY_HOST_NAME
USB send: 000100000083004900010300000040908ee472616c4cea006a83606fa12bbc5841061622ebc5889b9800d3aa3bc7823f02c5aed1b8108f08065044cc70e843df
USB write returned 65
USB send: 00010000000061b94c4a5261e141764efb58639c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
USB write returned 65
now trying with timeout 2
USB read rc read 64
USB recv: 01000000bf00010b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
USB rc -2
Unable to generate registration challenge, error in transport layer (-2)
$ dpkg -l | grep u2f
ii libpam-u2f 1.0.7-1ppa1bionic1 amd64 universal 2nd factor (U2F) PAM module
ii libu2f-host0 1.1.8-1ppa1bionic1 amd64 Universal 2nd Factor (U2F) host communication C Library
ii libu2f-server0 1.1.0-1build1 amd64 Universal 2nd Factor (U2F) server communication C Library
ii libu2f-udev 1.1.8-1ppa1bionic1 all Universal 2nd Factor (U2F) common files
ii pamu2fcfg 1.0.7-1ppa1bionic1 amd64 universal 2nd factor (U2F) PAM module command-line helper tool
$ uname -a
Linux MY_HOST_NAME 4.15.0-46-generic #49-Ubuntu SMP Wed Feb 6 09:33:07 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[klali]

Hey, this issue is in libu2f-host not in pam-u2f, I've transferred the issue.

I've pushed a fix on a branch, would you be able to test that and see if this fix works for you?
(https://github.com/Yubico/libu2f-host/tree/cid_check)

[bfm59]

Many thanks for the quick response. Yes, that worked for me. I might note that the configure script did not identify the following dependencies, so make failed until I installed them: gengetopt, help2man.

…

On Wed, Mar 6, 2019 at 4:00 AM Klas Lindfors ***@***.***> wrote: Hey, this issue is in libu2f-host not in pam-u2f, I've transferred the issue. I've pushed a fix on a branch, would you be able to test that and see if this fix works for you? (https://github.com/Yubico/libu2f-host/tree/cid_check) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#115 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AuBwRI_xE2m0B5mjmrMIerPjEYyQSvW9ks5vT4OjgaJpZM4bgXmA> .

[klali]

Ok, I'll make a 1.1.9 release with this fix.