[FIDO] Fido doesn't seem to work anywhere

MatthewCroughan commented 1 year ago

Describe the bug Whenever I try to use the new FIDO functionality via USB on v0.2.25.223616 or 2a19ef4, the transport handler crashes when indicating presence on the FIDO device. In the Android UI, nothing graphical can be seen, but the results of logcat show what is happening. The ultimate result is that FIDO doesn't work in any context. The system UI will allow me to attempt to add keys in Firefox or Chromium, but will not do anything when I press the key.

Logcat

11-09 13:11:25.648  9321  9321 D FidoCtapHidConnection: Received packet YY4IcAInZHR5cGVqcHVibGljLWtleQ0EDhoABQQDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-09 13:11:25.648  9321  9321 D FidoCtapHidConnection: Received CtapHidCborResponse(statusCode=0x0, payload=rAGDZlUyRl9WMmhGSURPXzJfMGxGSURPXzJfMV9QUkUCgmtjcmVkUHJvdGVjdGtobWFjLXNlY3JldANQ7ogoeXIcSROXdT38zpcHKgSlYnJr9WJ1cPVkcGxhdPRpY2xpZW50UGlu9XVjcmVkZW50aWFsTWdtdFByZXZpZXf1BRkEsAaCAgEHCAgYgAmBY3VzYgqComNhbGcmZHR5cGVqcHVibGljLWtleaJjYWxnJ2R0eXBlanB1YmxpYy1rZXkNBA4aAAUEAw==) in 4 packets
11-09 13:11:25.648  9321  9321 D UsbRequestJNI: close
11-09 13:11:25.650  9321  9321 D FidoCtapHidConnection: Got info: AuthenticatorGetInfoResponse(versions=[], extensions=[], aaguid=[-18, -120, 40, 121, 114, 28, 73, 19, -105, 117, 61, -4, -50, -105, 7, 42], options=Options[platformDevice=false, residentKey=true, clientPin=true, userPresence=true, noMcGaPermissionsWithClientPin=false, credentialMgmtPreview=true, makeCredUvNotRqd=false], maxMsgSize=1200, pinProtocols=[])
11-09 13:11:25.650  9321  9321 D UsbDeviceConnectionJNI: close
11-09 13:11:25.651  9321  9321 W FidoUsbHandler: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.TransportHandler.register$play_services_fido_core_release(TransportHandler.kt:156)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invokeSuspend(UsbTransportHandler.kt:87)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invoke(Unknown Source:8)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invoke(Unknown Source:4)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.ctaphid.CtapHidConnection.open(CtapHidConnection.kt:176)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.ctaphid.CtapHidConnection$open$2.invokeSuspend(Unknown Source:15)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:33)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:102)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue.drainQueue(DispatchQueue.kt:75)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue.enqueue(DispatchQueue.kt:112)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue.dispatchAndEnqueue$lambda-2$lambda-1(DispatchQueue.kt:100)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue.$r8$lambda$G2ay370n_s_ksSHUJaD9zIU8eCw(Unknown Source:0)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue$$ExternalSyntheticLambda0.run(Unknown Source:4)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at android.os.Handler.handleCallback(Handler.java:938)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at android.os.Handler.dispatchMessage(Handler.java:99)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at android.os.Looper.loopOnce(Looper.java:201)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at android.os.Looper.loop(Looper.java:288)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at android.app.ActivityThread.main(ActivityThread.java:7870)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at java.lang.reflect.Method.invoke(Native Method)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
11-09 13:11:25.651  9321  9321 W FidoUsbHandler:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1003)
11-09 13:11:25.652  9321  9321 D FidoUi  : USB status set to waiting-for-device (null)

To Reproduce Steps to reproduce the behavior:

Open Firefox/Chromium
Go to webauthn.io
Try to register a username
Observe that Firefox/Chromium will prompt you for your key
Observe that tapping the FIDO key when asked results in no activity and no progress being made

Expected behavior I expect tapping the FIDO key to do something, but it does nothing.

System Android Version: 12 Custom ROM: LineageOS 19.1

Additional context I am using a Yubikey 5 NFC, and NFC/USB. NFC does not work either.

More Logcat that proves data is being sent back from the Yubikey and being handled

11-09 12:51:30.553  9321  9321 D FidoUsbHandler: YubiKey OTP+FIDO+CCID has permission
11-09 12:51:30.554  1376  9292 W InputManager-JNI: Input channel object '6443bd5 com.android.systemui/com.android.systemui.usb.UsbPermissionActivity (client)' was disposed without first being removed with the input manager!
11-09 12:51:30.556  9321  9321 D FidoUsbHandler: Signature: BtDxCQGhAQkgFQAm/wB1CJVAgQIJIRUAJv8AdQiVQJECwA==
11-09 12:51:30.556  9321  9321 D UsbDeviceConnectionJNI: close
11-09 12:51:30.556  9321  9321 D FidoUsbHandler: Trying to use YubiKey OTP+FIDO+CCID for SIGN
11-09 12:51:30.557  9321  9321 D AuthFidoHandler: onStatusChanged: USB, waiting-for-user
11-09 12:51:30.557  9321  9321 D FidoCtapHidConnection: Opening connection
11-09 12:51:30.560  9321  9321 D FidoCtapHidConnection: Sending CtapHidInitRequest(nonce=KDkQEd4b9Mo=) in 1 packets
11-09 12:51:30.560  9321  9321 D UsbRequestJNI: init
11-09 12:51:30.549     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:36
11-09 12:51:30.549     0     0 I tas2562 2-004c: IRQ reg is: irq_work_routine, 0, 559
11-09 12:51:30.549     0     0 D tas2562 2-004c: PowSts B: 0x2, check again after 10ms
11-09 12:51:30.564  9321  9321 D FidoCtapHidConnection: Sent packet /////4YACCg5EBHeG/TKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-09 12:51:30.564  9321  9321 D UsbRequestJNI: close
11-09 12:51:30.566  9321  9321 D UsbRequestJNI: init
11-09 12:51:30.566  9321  9321 D FidoCtapHidConnection: Reading 64 bytes from usb
11-09 12:51:30.568  9321  9321 D FidoCtapHidConnection: Received packet /////4YAESg5EBHeG/TKALYAAQIFAgYFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-09 12:51:30.569  9321  9321 D FidoCtapHidConnection: Received CtapHidInitResponse(nonce=0xKDkQEd4b9Mo=, channelId=0xb60001, protocolVersion=0x2, version=5.2.6, capabilities=0x5) in 1 packets
11-09 12:51:30.569  9321  9321 D UsbRequestJNI: close
11-09 12:51:30.570  9321  9321 D FidoCtapHidConnection: Sending CtapHidCborRequest(Ctap2Request(command=0x4, payload=)) in 1 packets
11-09 12:51:30.570  9321  9321 D UsbRequestJNI: init
11-09 12:51:30.569     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:2
11-09 12:51:30.569     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:26, VAL: 0xf8
11-09 12:51:30.572  9321  9321 D FidoCtapHidConnection: Sent packet ALYAAZAAAQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-09 12:51:30.572  9321  9321 D UsbRequestJNI: close
11-09 12:51:30.572  9321  9321 D UsbRequestJNI: init
11-09 12:51:30.572  9321  9321 D FidoCtapHidConnection: Reading 64 bytes from usb
11-09 12:51:30.569     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:27, VAL: 0xb1
11-09 12:51:30.569     0     0 I tas2562 2-004c: tas2562_enableIRQ, Enable irq
11-09 12:51:30.569     0     0 I tas2562 2-004c: tas2562_set_bitwidth 6
11-09 12:51:30.569     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:8, mask: 0xc, val=0x8
11-09 12:51:30.570     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:8, mask: 0x3, val=0x2
11-09 12:51:30.570     0     0 I tas2562 2-004c: mnCh_size: 24,  slot_width_tmp: 32
11-09 12:51:30.570     0     0 I tas2562 2-004c: blr_clk_ratio: 48
11-09 12:51:30.574  9321  9321 D FidoCtapHidConnection: Received packet ALYAAZAAwwCqAYNmVTJGX1YyaEZJRE9fMl8wbEZJRE9fMl8xX1BSRQKCa2NyZWRQcm90ZWN0a2htYWMtc2Vjcg==
11-09 12:51:30.574  9321  9321 D FidoCtapHidConnection: Reading 64 bytes from usb
11-09 12:51:30.570     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:11, mask: 0xff, val=0x44
11-09 12:51:30.570     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:12, mask: 0xff, val=0x40
11-09 12:51:30.570     0     0 I tas2562 2-004c: tas2562_hw_params, sample rate: 48000
11-09 12:51:30.570     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:6, mask: 0x20, val=0x0
11-09 12:51:30.571     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:6, mask: 0xe, val=0x8
11-09 12:51:30.572     0     0 E afe_callback: cmd = 0x100ef returned error = 0x2
11-09 12:51:30.572     0     0 E afe_apr_send_pkt: DSP returned error[ADSP_EBADPARAM]
11-09 12:51:30.572     0     0 E afe_send_port_topology_id: AFE set topology id enable for port 0x1000 failed -22
11-09 12:51:30.576  9321  9321 D FidoCtapHidConnection: Received packet ALYAAQBldANQL8BXn4ETR+qxFrtajbkgKgSlYnJr9WJ1cPVkcGxhdPRpY2xpZW50UGlu9XVjcmVkZW50aWFsTQ==
11-09 12:51:30.577  9321  9321 D FidoCtapHidConnection: Reading 64 bytes from usb
11-09 12:51:30.578  9321  9321 D FidoCtapHidConnection: Received packet ALYAAQFnbXRQcmV2aWV39QUZBLAGgQEHCAgYgAmCY25mY2N1c2IKgqJjYWxnJmR0eXBlanB1YmxpYy1rZXmiYw==
11-09 12:51:30.578  9321  9321 D FidoCtapHidConnection: Reading 64 bytes from usb
11-09 12:51:30.580  9321  9321 D FidoCtapHidConnection: Received packet ALYAAQJhbGcnZHR5cGVqcHVibGljLWtleQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-09 12:51:30.580  9321  9321 D FidoCtapHidConnection: Received CtapHidCborResponse(statusCode=0x0, payload=qgGDZlUyRl9WMmhGSURPXzJfMGxGSURPXzJfMV9QUkUCgmtjcmVkUHJvdGVjdGtobWFjLXNlY3JldANQL8BXn4ETR+qxFrtajbkgKgSlYnJr9WJ1cPVkcGxhdPRpY2xpZW50UGlu9XVjcmVkZW50aWFsTWdtdFByZXZpZXf1BRkEsAaBAQcICBiACYJjbmZjY3VzYgqComNhbGcmZHR5cGVqcHVibGljLWtleaJjYWxnJ2R0eXBlanB1YmxpYy1rZXk=) in 4 packets
11-09 12:51:30.580  9321  9321 D UsbRequestJNI: close
11-09 12:51:30.575     0     0 D tas2562 2-004c: tas2562_mute, 0
11-09 12:51:30.575     0     0 E tas2562 2-004c: set power state: 0
11-09 12:51:30.575     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:4, VAL: 0xcf
11-09 12:51:30.575     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:10, VAL: 0x01
11-09 12:51:30.575     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:56, VAL: 0x0c
11-09 12:51:30.576     0     0 D tas2562 2-004c: tas2562_dev_bulk_write: BOOK:PAGE:REG 100:7:72, len: 0x04
11-09 12:51:30.576     0     0 D tas2562 2-004c: tas2562_dev_bulk_write: BOOK:PAGE:REG 100:7:76, len: 0x04
11-09 12:51:30.577     0     0 D tas2562 2-004c: tas2562_dev_bulk_write: BOOK:PAGE:REG 100:5:76, len: 0x04
11-09 12:51:30.577     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:59, VAL: 0x38
11-09 12:51:30.577     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:60, VAL: 0x3c
11-09 12:51:30.577     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:53, VAL: 0x78
11-09 12:51:30.578     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:253:13, VAL: 0x0d
11-09 12:51:30.578     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:253:51, VAL: 0x8e
11-09 12:51:30.578     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:253:50, VAL: 0x49
11-09 12:51:30.578     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:253:63, VAL: 0x21
11-09 12:51:30.578     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:253:25, VAL: 0x80
11-09 12:51:30.578     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:253:95, VAL: 0xc1
11-09 12:51:30.578     0     0 I tas2562 2-004c: INV format: IBNF
11-09 12:51:30.584  9321  9321 D FidoCtapHidConnection: Got info: AuthenticatorGetInfoResponse(versions=[], extensions=[], aaguid=[47, -64, 87, -97, -127, 19, 71, -22, -79, 22, -69, 90, -115, -71, 32, 42], options=Options[platformDevice=false, residentKey=true, clientPin=true, userPresence=true, noMcGaPermissionsWithClientPin=false, credentialMgmtPreview=true, makeCredUvNotRqd=false], maxMsgSize=1200, pinProtocols=[])
11-09 12:51:30.586  9321  9321 D FidoCtapHidConnection: Sending CtapHidCborRequest(AuthenticatorGetAssertionRequest(rpId=google.com,clientDataHash=0xI6pYMBwJYlRUn3/npKJ07R4ndvS9Rnf3NvV8JhBbLwI=, allowList=[PublicKeyCredentialDescriptor[q3el6NHQWcY-LiPg8ZDCgZ8u0AG3h_OijjSS6-S8mmguc_0KFIGESe9RxUz9UIRPjGuIzy-zdYCX0T5psXP1qw, type=public-key, transports=[]], PublicKeyCredentialDescriptor[lIeS-zvbFl108C1Jt3_9jerwE3TznCD9WQA6HyXUoC24lxM6jyGfuLVLJoBac-YvDezmlgCHG2XY3HDjXm6rpA, type=public-key, transports=[]]],extensions=[],options=org.microg.gms.fido.core.protocol.msgs.AuthenticatorGetAssertionRequest$Companion$Options@540a99c,pinAuth=null,pinProtocol=null)) in 5 packets
11-09 12:51:30.586  9321  9321 D UsbRequestJNI: init
11-09 12:51:30.588  9321  9321 D FidoCtapHidConnection: Sent packet ALYAAZAA+QKkAWpnb29nbGUuY29tAlggI6pYMBwJYlRUn3/npKJ07R4ndvS9Rnf3NvV8JhBbLwIDgqNiaWRYQA==
11-09 12:51:30.579     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:7, mask: 0x1, val=0x1
11-09 12:51:30.579     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:7, mask: 0x3e, val=0x2
11-09 12:51:30.579     0     0 D tas2562 2-004c: tas2562_dev_write: BOOK:PAGE:REG 0:0:10, VAL: 0x01
11-09 12:51:30.580     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:48, mask: 0x4, val=0x4
11-09 12:51:30.580     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:36
11-09 12:51:30.580     0     0 I tas2562 2-004c: IRQ reg is: tas2562_set_power_state 0, 307
11-09 12:51:30.590  9321  9321 D FidoCtapHidConnection: Sent packet ALYAAQCrd6Xo0dBZxj4uI+DxkMKBny7QAbeH86KONJLr5LyaaC5z/QoUgYRJ71HFTP1QhE+Ma4jPL7N1gJfRPg==

ale5000-git commented 1 year ago

Does your device has a PIN? Currently it isn't supported, microG can fallback to CTAP1 to avoid this problem but only if requireResidentKey is false.

@mar-v-in It seems to have a "java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference" on this line: https://github.com/microg/GmsCore/blob/d63fed9c310a4b949857e5504496c202d3b88880/play-services-fido-core/src/main/kotlin/org/microg/gms/fido/core/transport/TransportHandler.kt#L156

MatthewCroughan commented 1 year ago

@ale5000-git My device does not have a pin, it only has touch authentication.

MatthewCroughan commented 1 year ago

However, indeed I did try this with a device that does have a PIN as well, which would be why the log I chose to focus on failed in this way.

MatthewCroughan commented 1 year ago

The experience with my Yubikey 5 NFC which does not have a PIN is the same, although I'm sure the logs may be a bit different. Let me try to get a log with that.

The following is what happens when I try to register a device via webauthn.io on Firefox, this time without the device that has a PIN. Graphically there is no difference and the experience is the same. Tapping the device does nothing.

11-10 09:46:15.785 15055 15055 D FidoUsbHandler: YubiKey OTP+FIDO+CCID has permission
11-10 09:46:15.786  2751  2897 D OpenGLRenderer: endAllActiveAnimators on 0x7204fd6ba0 (RippleDrawable) with handle 0x7114f58c10
11-10 09:46:15.786  1376  9293 W InputManager-JNI: Input channel object '3e5249a com.android.systemui/com.android.systemui.usb.UsbPermissionActivity (client)' was disposed without first being removed with the input manager!
11-10 09:46:15.787 15055 15055 D FidoUsbHandler: Signature: BtDxCQGhAQkgFQAm/wB1CJVAgQIJIRUAJv8AdQiVQJECwA==
11-10 09:46:15.787 15055 15055 D UsbDeviceConnectionJNI: close
11-10 09:46:15.787 15055 15055 D FidoUsbHandler: Trying to use YubiKey OTP+FIDO+CCID for REGISTER
11-10 09:46:15.787 15055 15055 D FidoUi  : USB status set to waiting-for-user (Bundle[{device=UsbDevice[mName=/dev/bus/usb/001/002,mVendorId=4176,mProductId=1031,mClass=0,mSubclass=0,mProtocol=0,mManufacturerName=Yubico,mProductName=YubiKey OTP+FIDO+CCID,mVersion=5.26,mSerialNumberReader=android.hardware.usb.IUsbSerialReader$Stub$Proxy@9f1256d, mHasAudioPlayback=false, mHasAudioCapture=false, mHasMidi=false, mHasVideoCapture=false, mHasVideoPlayback=false, mConfigurations=[
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbConfiguration[mId=1,mName=null,mAttributes=128,mMaxPower=15,mInterfaces=[
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbInterface[mId=0,mAlternateSetting=0,mName=null,mClass=3,mSubclass=1,mProtocol=1,mEndpoints=[
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbEndpoint[mAddress=129,mAttributes=3,mMaxPacketSize=8,mInterval=10]]
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbInterface[mId=1,mAlternateSetting=0,mName=null,mClass=3,mSubclass=0,mProtocol=0,mEndpoints=[
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbEndpoint[mAddress=4,mAttributes=3,mMaxPacketSize=64,mInterval=2]
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbEndpoint[mAddress=132,mAttributes=3,mMaxPacketSize=64,mInterval=2]]
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbInterface[mId=2,mAlternateSetting=0,mName=null,mClass=11,mSubclass=0,mProtocol=0,mEndpoints=[
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbEndpoint[mAddress=2,mAttributes=2,mMaxPacketSize=64,mInterval=0]
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbEndpoint[mAddress=130,mAttributes=2,mMaxPacketSize=64,mInterval=0]
11-10 09:46:15.787 15055 15055 D FidoUi  : UsbEndpoint[mAddress=131,mAttributes=3,mMaxPacketSize=8,mInterval=32]]]]}])
11-10 09:46:15.787 15055 15055 D FidoCtapHidConnection: Opening connection
11-10 09:46:15.789 15055 15055 D FidoCtapHidConnection: Sending CtapHidInitRequest(nonce=2Z3+lD53EMI=) in 1 packets
11-10 09:46:15.789 15055 15055 D UsbRequestJNI: init
11-10 09:46:15.325     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:38
11-10 09:46:15.325     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:39
11-10 09:46:15.325     0     0 I tas2562 2-004c: IRQ status : 0x0, 0x0, 0x0, 0x0, 0x0
11-10 09:46:15.325     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:42
11-10 09:46:15.326     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:43
11-10 09:46:15.326     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:44
11-10 09:46:15.326     0     0 D tas2562 2-004c: VBAT status : 0x3c, 0x80, temperature: 0x72
11-10 09:46:15.326     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:18
11-10 09:46:15.326     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:18
11-10 09:46:15.326     0     0 D tas2562 2-004c: Thermal foldback : 0x12, limiter status: 0x12
11-10 09:46:15.327     0     0 D tas2562 2-004c: tas2562_hw_params, format: 6
11-10 09:46:15.327     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:2
11-10 09:46:15.327     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:36
11-10 09:46:15.327     0     0 I tas2562 2-004c: IRQ reg is: irq_work_routine 0, 545
11-10 09:46:15.327     0     0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:2, mask: 0x3, val=0x0
11-10 09:46:15.327     0     0 I tas2562 2-004c: set ICN to -80dB
11-10 09:46:15.328     0     0 D tas2562 2-004c: tas2562_dev_bulk_write: BOOK:PAGE:REG 0:2:100, len: 0x04
11-10 09:46:15.328     0     0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:36
11-10 09:46:15.328     0     0 I tas2562 2-004c: IRQ reg is: irq_work_routine, 0, 559
11-10 09:46:15.328     0     0 D tas2562 2-004c: PowSts B: 0x2, check again after 10ms
11-10 09:46:15.791 15055 15055 D FidoCtapHidConnection: Sent packet /////4YACNmd/pQ+dxDCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-10 09:46:15.791 15055 15055 D UsbRequestJNI: close
11-10 09:46:15.791 15055 15055 D UsbRequestJNI: init
11-10 09:46:15.791 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.796 15055 15055 D FidoCtapHidConnection: Received packet /////4YAEdmd/pQ+dxDCAL0AAQIFAgYFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-10 09:46:15.797 15055 15055 D FidoCtapHidConnection: Received CtapHidInitResponse(nonce=0x2Z3+lD53EMI=, channelId=0xbd0001, protocolVersion=0x2, version=5.2.6, capabilities=0x5) in 1 packets
11-10 09:46:15.797 15055 15055 D UsbRequestJNI: close
11-10 09:46:15.797 15055 15055 D FidoCtapHidConnection: Sending CtapHidCborRequest(Ctap2Request(command=0x4, payload=)) in 1 packets
11-10 09:46:15.797 15055 15055 D UsbRequestJNI: init
11-10 09:46:15.799 15055 15055 D FidoCtapHidConnection: Sent packet AL0AAZAAAQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-10 09:46:15.799 15055 15055 D UsbRequestJNI: close
11-10 09:46:15.799 15055 15055 D UsbRequestJNI: init
11-10 09:46:15.800 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.801 15055 15055 D FidoCtapHidConnection: Received packet AL0AAZAAwwCqAYNmVTJGX1YyaEZJRE9fMl8wbEZJRE9fMl8xX1BSRQKCa2NyZWRQcm90ZWN0a2htYWMtc2Vjcg==
11-10 09:46:15.801 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.803 15055 15055 D FidoCtapHidConnection: Received packet AL0AAQBldANQL8BXn4ETR+qxFrtajbkgKgSlYnJr9WJ1cPVkcGxhdPRpY2xpZW50UGlu9XVjcmVkZW50aWFsTQ==
11-10 09:46:15.803 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.805 15055 15055 D FidoCtapHidConnection: Received packet AL0AAQFnbXRQcmV2aWV39QUZBLAGgQEHCAgYgAmCY25mY2N1c2IKgqJjYWxnJmR0eXBlanB1YmxpYy1rZXmiYw==
11-10 09:46:15.805 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.807 15055 15055 D FidoCtapHidConnection: Received packet AL0AAQJhbGcnZHR5cGVqcHVibGljLWtleQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-10 09:46:15.807 15055 15055 D FidoCtapHidConnection: Received CtapHidCborResponse(statusCode=0x0, payload=qgGDZlUyRl9WMmhGSURPXzJfMGxGSURPXzJfMV9QUkUCgmtjcmVkUHJvdGVjdGtobWFjLXNlY3JldANQL8BXn4ETR+qxFrtajbkgKgSlYnJr9WJ1cPVkcGxhdPRpY2xpZW50UGlu9XVjcmVkZW50aWFsTWdtdFByZXZpZXf1BRkEsAaBAQcICBiACYJjbmZjY3VzYgqComNhbGcmZHR5cGVqcHVibGljLWtleaJjYWxnJ2R0eXBlanB1YmxpYy1rZXk=) in 4 packets
11-10 09:46:15.807 15055 15055 D UsbRequestJNI: close
11-10 09:46:15.808 15055 15055 D FidoCtapHidConnection: Got info: AuthenticatorGetInfoResponse(versions=[], extensions=[], aaguid=[47, -64, 87, -97, -127, 19, 71, -22, -79, 22, -69, 90, -115, -71, 32, 42], options=Options[platformDevice=false, residentKey=true, clientPin=true, userPresence=true, noMcGaPermissionsWithClientPin=false, credentialMgmtPreview=true, makeCredUvNotRqd=false], maxMsgSize=1200, pinProtocols=[])
11-10 09:46:15.809 15055 15055 D UsbDeviceConnectionJNI: close
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.TransportHandler.register$play_services_fido_core_release(TransportHandler.kt:156)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invokeSuspend(UsbTransportHandler.kt:87)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invoke(Unknown Source:8)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invoke(Unknown Source:4)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.ctaphid.CtapHidConnection.open(CtapHidConnection.kt:176)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at org.microg.gms.fido.core.transport.usb.ctaphid.CtapHidConnection$open$2.invokeSuspend(Unknown Source:15)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:33)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:102)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue.drainQueue(DispatchQueue.kt:75)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue.enqueue(DispatchQueue.kt:112)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue.dispatchAndEnqueue$lambda-2$lambda-1(DispatchQueue.kt:100)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue.$r8$lambda$G2ay370n_s_ksSHUJaD9zIU8eCw(Unknown Source:0)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at androidx.lifecycle.DispatchQueue$$ExternalSyntheticLambda0.run(Unknown Source:4)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at android.os.Handler.handleCallback(Handler.java:938)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at android.os.Handler.dispatchMessage(Handler.java:99)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at android.os.Looper.loopOnce(Looper.java:201)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at android.os.Looper.loop(Looper.java:288)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at android.app.ActivityThread.main(ActivityThread.java:7870)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at java.lang.reflect.Method.invoke(Native Method)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1003)
11-10 09:46:15.811 15055 15055 D FidoUi  : USB status set to waiting-for-device (null)

mar-v-in commented 1 year ago

@MatthewCroughan

when using webauthn.io, did you disable "Require User Verification" in advanced settings? This is currently required when using Yubikeys on Android.
There should be a log line that says FidoUi: onCreate, somewhere earlier in the logs. Can you share that as well please?

MatthewCroughan commented 1 year ago

@mar-v-in

I disabled Require User Verification in the advanced settings of webauthn.io, the results are the same. The Firefox UI never asks me to press my key, as if it never saw it plugged in, in the first place. It remains asking me to plug in the authenticator, despite the GMS UI acknowledging that I have plugged it in.

11-10 10:03:45.179 13876 13876 D Fido2Privileged: onBind: Intent { act=com.google.android.gms.fido.fido2.privileged.START pkg=com.google.android.gms }
11-10 10:03:45.187 13876 13891 D Fido2Privileged: bound by: GetServiceRequest{serviceId=FIDO2_PRIVILEGED, gmsVersion=12451000, packageName='org.mozilla.firefox', extras=Bundle[{FIDO2_ACTION_START_SERVICE=com.google.android.gms.fido.fido2.privileged.START}]}
11-10 10:03:45.217 16036 16036 I WebAuthnFeature: Received activity delegate request with code: 11
11-10 10:03:45.219  1376  9289 I ActivityTaskManager: START u0 {cmp=com.google.android.gms/org.microg.gms.fido.core.ui.AuthenticatorActivity (has extras)} from uid 10084
11-10 10:03:45.239  1376  9289 W ActivityTaskManager: Tried to set launchTime (0) < mLastActivityLaunchTime (6389517)
11-10 10:03:45.253 15055 15055 D FidoUi  : onCreate caller=org.mozilla.firefox options=BrowserPublicKeyCredentialCreationOptions[PublicKeyCredentialCreationOptions[rp=PublicKeyCredentialRpEntity[webauthn.io, name="webauthn.io", icon=""], user=PublicKeyCredentialUserEntity[ZEdWemRERXlNdw, name="test123", icon="", displayName="test123"], challenge=ppQQjxijNMf1rQh0USozPr7d1mvpJRfcRij562kPAAdI_JTfD4eXiPposMhkWd9sifU9kQMWUm2lo6zCvpybrw, parameters=[PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ES256]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ES384]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ES512]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ED256]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ED512]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[PS256]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[PS384]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[PS512]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[RS256]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[RS384]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[RS512]]], timeoutSeconds=60.0, excludeList=[PublicKeyCredentialDescriptor[hB-peXjsmYQnkShFSbMfoBso8nf-Jpc_0CTL48iXyxo, type=public-key, transports=[]], PublicKeyCredentialDescriptor[tK3fBHN0CI8iKCZBxUruf7JOUppohkzuBVzVDFb3p8hQtHmDJwxdWeFXCbWR7HtQpNNEyO_XQw7ogGP4ZbIgHA, type=public-key, transports=[]]], authenticatorSelection=AuthenticatorSelectionCriteria[], attestationConveyancePreference=none, authenticationExtensions=AuthenticationExtensions[]], origin=https://webauthn.io]
11-10 10:03:45.264 15055 15055 D FidoUi  : facetId=https://webauthn.io, appName=webauthn.io
11-10 10:03:45.313  1376  1683 I ActivityTaskManager: Displayed com.google.android.gms/org.microg.gms.fido.core.ui.AuthenticatorActivity: +87ms

MatthewCroughan commented 1 year ago

Here are fuller logs, should anyone wish to debug further https://gist.githubusercontent.com/MatthewCroughan/10f1e63ba8c572bb72a9a72f42ed1793/raw/c206074854274ad4ff5337ac28275ec249ce4554/gistfile1.txt

mar-v-in commented 1 year ago

I guess I found the issue:

Firefox doesn't set the requireResidentKey attribute to true or false, even though it's required (and no matter if the website is requesting it to be true or false). I will default to understand a missing requireResidentKey value as false, but this is still something Firefox should handle (because sites can't even ask it to be set to true right now). Maybe you could check if there is already an issue filed with them and if not, open one.
Your key reports to have a client pin configured and not support CTAP2 without PIN if configured. In this case, the value of requireResidentKey is used to determine if CTAP1 can be used instead. Without a value this fails in microG.

So it should work to use your key with webauthn.io in Chromium if "Require User Verification" is disabled (Chromium does correctly set the value of requireResidentKey)

MatthewCroughan commented 1 year ago

@mar-v-in What you say is true, it just worked with both NFC and USB, but only in Chromium.

As for other programs, such as Bitwarden, or signing in with Google, the story is different. I cannot use FIDO to log into the webauthn given by Bitwarden, below is the log.

11-10 11:05:02.411 15055 15055 D FidoUi  : onCreate caller=org.robotnix.chromium options=BrowserPublicKeyCredentialRequestOptions[PublicKeyCredentialRequestOptions[challenge=JCLkF1O-4f_eQrhlno_XhLyFbmge9GzFcbAVdQPLPXo, timeoutSeconds=60.0, rpId="vaultwarden.croughan.sh", allowList=[PublicKeyCredentialDescriptor[g2dedr57pEwS-M0XNJIrLS3_pznDAzwf_IWRu14PFkMiVBc7upf66gA6XVurMenZ8pbbfaSwadPkCA0TqqDOFA, type=public-key, transports=[usb, ble, nfc, usb, internal]], PublicKeyCredentialDescriptor[NEzCBeCznU5D_GQaOZIn6v3aG2MQuad0g6JgX8VXJD830EV2GQhKc7CgLppgH45p_kfcmLKNF9zK-GhSLon9RA, type=public-key, transports=[usb, ble, nfc, usb, internal]]], userVerificationRequirement=discouraged, authenticationExtensions=AuthenticationExtensions[fidoAppIdExtension="https://vaultwarden.croughan.sh/app-id.json"]], origin=https://vaultwarden.croughan.sh/]
11-10 11:05:02.429 15055 15055 D FidoUi  : Finish with error: Package org.robotnix.chromium does not match facet https://vaultwarden.croughan.sh (NOT_ALLOWED_ERR)
11-10 11:05:02.448 21548 21548 E cr_Fido2Request: FIDO2 API call resulted in error: 35 Package org.robotnix.chromium does not match facet https://vaultwarden.croughan.sh
11-10 11:05:02.462 21548 21548 I cr_OfflineDetector: Running updateState mConnectivityDetectorInitialized: true, mTimeWhenLastForegrounded: 81310641, getElapsedTime: 81310641, mTimeWhenLastOfflineNotificationReceived: 0, mTimeWhenLastOnline: 80940238, mApplicationState: 1, mIsOfflineLastReportedByConnectivityDetector: false, mIsEffectivelyOffline: false
11-10 11:05:02.462 21548 21548 I cr_OfflineDetector: updateState(): timeSinceLastForeground: 0, timeSinceOfflineNotificationReceived: 81310641, timeSinceLastOnline: 370403, timeNeededForForeground: 2000, timeNeededForOffline: -81308641
11-10 11:05:02.486  1376  2580 D CompatibilityChangeReporter: Compat change id reported: 135634846; UID 10109; state: DISABLED
11-10 11:05:02.487  1376  1696 D CompatibilityChangeReporter: Compat change id reported: 143937733; UID 10109; state: ENABLED
11-10 11:05:02.508 21589 21589 D Zygote  : Forked child process 24319
11-10 11:05:02.511  1376  1696 I ActivityManager: Start proc 24319:org.robotnix.chromium:sandboxed_process0:org.chromium.content.app.SandboxedProcessService0:29/u0ai29 for  {org.robotnix.chromium/org.chromium.content.app.SandboxedProcessService0:29}
11-10 11:05:02.516  1376  2580 I ActivityTaskManager: START u0 {act=android.intent.action.VIEW cat=[android.intent.category.BROWSABLE] dat=bitwarden://webauthn-callback?error=NotAllowedError: The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client. flg=0x14000000 cmp=com.x8bit.bitwarden/crc640744bad199c09ddf.WebAuthCallbackActivity (has extras)} from uid 10109

ale5000-git commented 1 year ago

@MatthewCroughan If I'm not wrong Bitwarden bundle a library in the app itself and do not use the API. See here: https://github.com/bitwarden/mobile/pull/1519

MatthewCroughan commented 1 year ago

@ale5000-git That may be true, but even if I try to login to the web interface via Chromium and use webauthn there, it throws the exact same set of errors.

mar-v-in commented 1 year ago

Yes, that seems to be another issue on microG FIDO implementation.

MatthewCroughan commented 1 year ago

@mar-v-in Is this likely to get resolved, or is it out of scope for the feature set that microG wants to implement?

mar-v-in commented 1 year ago

Both issues are going to be fixed / workarounded in the next release.

MatthewCroughan commented 1 year ago

@mar-v-in When do the nightly apks get built for https://microg.org/dl/core-nightly.apk ? I'm patiently waiting to try this out! Thanks for doing this so quickly <3

MatthewCroughan commented 1 year ago

@mar-v-in It looks like the nightly APK still isn't updated. When does this APK get updated?

MatthewCroughan commented 1 year ago

Looks like the nightly APK just got updated. Quick turnaround! Thanks so much.

ale5000-git commented 1 year ago

Can you confirm that it works for you in all cases now?

MatthewCroughan commented 1 year ago

@ale5000-git @mar-v-in I can confirm that https://github.com/microg/GmsCore/commit/d01f3719426be7f5237b098d53548eeeb7806119 fixes each and every one of my use-cases. Signing into Tailscale via Chromium via Google with NFC works fine, as does webauthn via my self-hosted Bitwarden. This is really great. I have also tested that it works fine with USB.

ale5000-git commented 1 year ago

Have you tested also with Firefox?

MatthewCroughan commented 1 year ago

It looks to work in exactly the same way with Firefox 107.1.0 from FFDownloader from F-Droid

ale5000-git commented 1 year ago

Good, thanks.

microg / GmsCore

[FIDO] Fido doesn't seem to work anywhere #1821