Skip to content

Avoid wrongly filtering Yubikey4 devices#15975

Merged
codingllama merged 2 commits into
masterfrom
codingllama/yubi4
Aug 31, 2022
Merged

Avoid wrongly filtering Yubikey4 devices#15975
codingllama merged 2 commits into
masterfrom
codingllama/yubi4

Conversation

@codingllama
Copy link
Copy Markdown
Contributor

@codingllama codingllama commented Aug 30, 2022

Fixes an issue where libfido2 code wrongly interprets libfido2.ErrUserPresenceRequired as libfido2.ErrNoCredentials.

Added some logging for good measure.

#14657

@github-actions github-actions Bot removed the request for review from tobiaszheller August 31, 2022 07:56
@codingllama codingllama enabled auto-merge (squash) August 31, 2022 13:48
@codingllama codingllama merged commit b420aa8 into master Aug 31, 2022
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Aug 31, 2022

@codingllama See the table below for backport results.

Branch Result
branch/v10 Create PR

@codingllama codingllama mentioned this pull request Aug 31, 2022
Merged
@codingllama codingllama deleted the codingllama/yubi4 branch August 31, 2022 16:39
codingllama added a commit that referenced this pull request Sep 1, 2022
@codingllama
[v10] Avoid wrongly filtering Yubikey4 devices (#16011)
8af896f 
Fixes an issue where libfido2 code wrongly interprets
`libfido2.ErrUserPresenceRequired` as `libfido2.ErrNoCredentials`.

Added some logging for good measure.

#14657

Backport #15975 to branch/v10

* Simulate Yubikey4 UP=false behavior
* Avoid wrongly filtering Yubikey4 devices
@codingllama codingllama mentioned this pull request Sep 26, 2022
Merged
codingllama added a commit that referenced this pull request Sep 27, 2022
@codingllama
fix: Handle failures when checking for excluded credentials (#16737)
53b3c93 
U2F devices, like the Yubikey4, fail in a slightly unexpected way when
assertions set UP=false. Handle this edge case and also make sure that failures
when checking for excluded credentials won't break the entire ceremony.

Similar to #15975, but in the registration flow this time.

Repro steps:

1. Register a Yubikey 4
2. Attempt to register a different security key
3. Registration fails with a "user presence required" error
@codingllama codingllama mentioned this pull request Sep 27, 2022
Merged
codingllama added a commit that referenced this pull request Sep 27, 2022
@codingllama
[v10] fix: Handle failures when checking for excluded credentials (#1…
9777fa9 
…6765)

U2F devices, like the Yubikey4, fail in a slightly unexpected way when
assertions set UP=false. Handle this edge case and also make sure that failures
when checking for excluded credentials won't break the entire ceremony.

Similar to #15975, but in the registration flow this time.

Repro steps:

1. Register a Yubikey 4
2. Attempt to register a different security key
3. Registration fails with a "user presence required" error

Backport #16737 to branch/v10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanclark ryanclark ryanclark approved these changes

@strideynet strideynet strideynet approved these changes

+1 more reviewer

@tobiaszheller tobiaszheller tobiaszheller approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@codingllama @ryanclark @tobiaszheller @strideynet