Open estan opened 7 months ago
Using Rust 1.76.0-nightly, running on Linux 6.2.0.
Could you try the threads
branch? That's what I'm using and I would like to merge that into master if it works.
Hm, with the threads
branch I get this when I try to attach the kernel module to the server:
estan@edison:~/orexplore/softfido$ usbip attach -r 127.0.0.1 -d 1-1
usbip: error: import device
estan@edison:~/orexplore/softfido$
While this happens, there's no additional output from the server, i.e:
estan@edison:~/orexplore/softfido$ target/debug/softfido --token-label softfido
softfido::crypto: Found secret key.
softfido::crypto: Found token counter. (67108868)
Softfido server is listening.
usbip: error: import device
This could be permission problem. You must run usbip
as root. Also try the --debug
flag:
usbip --debug attach -r 127.0.0.1 -d 1-1
to get some feedback.
Ah yes, my bad. Running usbip
with sudo it works. Confirmed with lsusb -d 0:0 -v
that the virtual USB device showed up.
However I'm not getting any popup when testing at on Yubico's test page or webauthn.io. Tested with Firefox 119 and Chromium 120, but they both just ask me to push my security key. Is the softfido server supposed to pop something up?
I have the following udev rule:
estan@edison:~$ cat /etc/udev/rules.d/90-hidraw.rules
SUBSYSTEM=="hidraw", ATTRS{manufacturer}=="Fakecompany", \
,ATTRS{product}=="Softproduct", TAG+="uaccess", GROUP="plugdev", MODE="0660"
estan@edison:~$
Have rebooted my laptop since I added that, so it should be in effect. Do you know where below the /sys/class/hidraw directory the actual virtual USB device is, if I want to confirm permissions are set correctly by udev?
Thanks :pray:
Confirmed with lsusb -d 0:0 -v that the virtual USB device showed up.
I just discovered that lsusb
crashes the server: it sends a request for a DEBUG
descriptor that wasn't handled (needed?) before. I added code for this case now and lsusb
should complete normally. Please try the newest version of the threads
branch.
Is the softfido server supposed to pop something up?
Yes, a dialog asking for "consent" should pop up.
Do you know where below the /sys/class/hidraw directory the actual virtual USB device is, if I want to confirm permissions are set correctly by udev?
For me ls -l /sys/class/hidraw
shows:
lrwxrwxrwx 1 root root 0 Dec 14 08:29 hidraw0 -> ../../devices/pci0000:00/0000:00:1d.0/usb2/2-2/2-2:1.0/0003:046D:C31C.0004/hidraw/hidraw0
lrwxrwxrwx 1 root root 0 Dec 14 08:29 hidraw1 -> ../../devices/pci0000:00/0000:00:1d.0/usb2/2-2/2-2:1.1/0003:046D:C31C.0005/hidraw/hidraw1
lrwxrwxrwx 1 root root 0 Dec 14 10:22 hidraw2 -> ../../devices/platform/vhci_hcd.0/usb6/6-1/61:0.0/0003:0000:0000.001D/hidraw/hidraw2
The one with vhci_hcd
interests us. The actual device /dev/hidraw2
should have permissions like:
shell> ls -l /dev/hidraw2
crw-rw----+ 1 root plugdev 248, 2 Dec 14 10:22 /dev/hidraw2
Thanks, hm, I pulled latest threads
branch and tried:
Start server:
estan@edison:~/orexplore/softfido$ target/debug/softfido --token-label softfido
softfido::crypto: Found secret key.
softfido::crypto: Found token counter. (67108870)
Softfido server is listening.
Attach kernel module:
estan@edison:~/orexplore/softfido$ sudo usbip attach -r 127.0.0.1 -d 1-1
estan@edison:~/orexplore/softfido$
Check with lsusb -d 0:0 -v
. Output: lsusb.txt
Check which hidraw devices I have:
estan@edison:~$ ls -l /sys/class/hidraw
totalt 0
lrwxrwxrwx 1 root root 0 dec 15 19:39 hidraw0 -> ../../devices/platform/vhci_hcd.0/usb5/5-1/5-1:0.0/0003:0000:0000.0020/hidraw/hidraw0
estan@edison:~$
Check ownership/permissions of hidraw0 device:
estan@edison:~$ ls -l /dev/hidraw0
crw-rw----+ 1 root plugdev 240, 0 dec 15 19:39 /dev/hidraw0
estan@edison:~$
Double-check I'm in plugdev
group:
estan@edison:~$ id estan
uid=1000(estan) gid=1000(estan) grupper=1000(estan),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare),127(docker),129(kvm),998(softhsm)
estan@edison:~$
Visit https://demo.yubico.com/webauthn-technical/registration in Firefox 119 and press Next. Firefox asks me to push my security key, but softfido server is not popping up any dialog. Same with Chromium 120.
During step (7), no further output is shown from softfido server besides what's shown above.
Check with lsusb -d 0:0 -v. Output: lsusb.txt
Hmm, the line Couldn't open device, some information will be missing
looks suspiscious. I don't see that on my machine.
During step (7), no further output is shown from softfido server besides what's shown above.
I added a --debug
command line option to make the server more verbose. Maybe you could try that to get some clue.
I'm running a bit out of ideas what the problem could be. Maybe I need to test with a newer kernel.
Alright, thanks. I pulled latest threads
branch and tried running server with --debug
.
During startup, the server now additionally prints:
softfido::ctaphid: start output loop
softfido::ctaphid: start input loop
When attaching the kernel module, the server prints:
softfido::usbip: TCP: TcpStream { addr: 127.0.0.1:3240, peer: 127.0.0.1:35856, fd: 5 }
softfido::usbip: REQ_IMPORT
softfido::usbip: import request busid 1-1 complete
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 29 transfer: 64
softfido::usb: GET_DESCRIPTOR: type: Device index: 0 lang: 0 length: 64
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 30 transfer: 18
softfido::usb: GET_DESCRIPTOR: type: Device index: 0 lang: 0 length: 18
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 31 transfer: 9
softfido::usb: GET_DESCRIPTOR: type: Configuration index: 0 lang: 0 length: 9
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 32 transfer: 41
softfido::usb: GET_DESCRIPTOR: type: Configuration index: 0 lang: 0 length: 41
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 33 transfer: 255
softfido::usb: GET_DESCRIPTOR: type: String index: 0 lang: 0 length: 255
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 34 transfer: 255
softfido::usb: GET_DESCRIPTOR: type: String index: 2 lang: 1033 length: 255
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 35 transfer: 255
softfido::usb: GET_DESCRIPTOR: type: String index: 1 lang: 1033 length: 255
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 36 transfer: 255
softfido::usb: GET_DESCRIPTOR: type: String index: 3 lang: 1033 length: 255
softfido::usbip: handle_submit ep: 0 host->dev seqnum: 37 transfer: 0
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 38 transfer: 255
softfido::usb: GET_DESCRIPTOR: type: String index: 4 lang: 1033 length: 255
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 39 transfer: 255
softfido::usb: GET_DESCRIPTOR: type: String index: 5 lang: 1033 length: 255
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 40 transfer: 255
softfido::usb: GET_DESCRIPTOR: type: String index: 3 lang: 1033 length: 255
softfido::usbip: handle_submit ep: 0 host->dev seqnum: 41 transfer: 0
softfido::usbip: handle_submit ep: 0 dev->host seqnum: 42 transfer: 30
But when visiting https://demo.yubico.com/webauthn-technical/registration in Firefox 119 and pressing Next, Firefox prompts me to push my security key, but there is no output from the softfido server.
Thanks, understood it is hard to debug this without hands-on access.
I may have some time to look closer at it during holidays.
Alright with me to close the issue if you want, since with the threads
branch that issue seems resolved, while this is now something else.
Let me know if you need to know any sw versions besides the kernel and Rust.
If you don't mind installing the Python libraries, you coud also try the tests in the python directory. This might give more useful error messages than Firefox. For that you need to install the fido2 library version 1.1 or so; version 0.9 no longer works.
To install the dependencies I did something like:
As root:sudo apt install python3-venv
as user:
cd python
python3 -m venv ~/softfido-venv
~/softfido-venv/bin/pip install fido2
~/softfido-venv/bin/python3 softfido_tests.py
Or run just a single test with
~/softfido-venv/bin/python3 softfido_tests.py Tests.test_info
@ellerh Hey, I tried following the instructions in the README, but when attaching the kernel module to the server with
usbip attach -r 127.0.0.1 -d 1-1
the server crashes with:Running with
RUST_BACKTRACE=full
, the backtrace is: