pp3345 / ykDroid

YubiKey challenge-response USB and NFC driver for Android
GNU General Public License v3.0
97 stars 14 forks source link

Challenge-Response does not work on Pie with YubiKey 5 NFC an KP2A 1.07-pre5 #10

Closed mabachel closed 5 years ago

mabachel commented 5 years ago

On my Nexus 5X with AOSPExtended (Android Pie) I cannot unlock my KeepassXC database with password and Challenge Response using YubiKey 5 NFC (using ykDroid @pp3345 ). I used 1.07-pre5. I uploaded (expires on 2019-03-30.) a log here: Ubuntu Pastebin

rouzbeh commented 5 years ago

I observe the same thing on my One Plus 3T, using KP2A 1.06. I found this in ykDroid logs:

03-04 10:58:13.544 16864 16864 E ykDroid : Error during challenge-response request
03-04 10:58:13.544 16864 16864 E ykDroid : net.pp3345.ykdroid.yubikey.ConnectionLostException: java.io.IOException
03-04 10:58:13.544 16864 16864 E ykDroid :  at net.pp3345.ykdroid.yubikey.NfcYubiKey.challengeResponse(NfcYubiKey.java:68)
03-04 10:58:13.544 16864 16864 E ykDroid :  at net.pp3345.ykdroid.ChallengeResponseActivity$1.doInBackground(ChallengeResponseActivity.java:102)
03-04 10:58:13.544 16864 16864 E ykDroid :  at net.pp3345.ykdroid.ChallengeResponseActivity$1.doInBackground(ChallengeResponseActivity.java:96)
03-04 10:58:13.544 16864 16864 E ykDroid :  at android.os.AsyncTask$2.call(AsyncTask.java:333)
03-04 10:58:13.544 16864 16864 E ykDroid :  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
03-04 10:58:13.544 16864 16864 E ykDroid :  at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
03-04 10:58:13.544 16864 16864 E ykDroid :  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
03-04 10:58:13.544 16864 16864 E ykDroid :  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
03-04 10:58:13.544 16864 16864 E ykDroid :  at java.lang.Thread.run(Thread.java:764)
03-04 10:58:13.544 16864 16864 E ykDroid : Caused by: java.io.IOException
03-04 10:58:13.544 16864 16864 E ykDroid :  at android.nfc.tech.BasicTagTechnology.connect(BasicTagTechnology.java:85)
03-04 10:58:13.544 16864 16864 E ykDroid :  at android.nfc.tech.IsoDep.connect(Unknown Source:0)
03-04 10:58:13.544 16864 16864 E ykDroid :  at net.pp3345.ykdroid.yubikey.NfcYubiKey.ensureConnected(NfcYubiKey.java:42)
03-04 10:58:13.544 16864 16864 E ykDroid :  at net.pp3345.ykdroid.yubikey.NfcYubiKey.challengeResponse(NfcYubiKey.java:52)
03-04 10:58:13.544 16864 16864 E ykDroid :  ... 8 more
pp3345 commented 5 years ago

Those actually look like different issues.

@rouzbeh This looks like the YubiKey simply lost connection before the transaction could be started. Do you get this very same exception every time? Are there any other exceptions from ykDroid?

@mabachel This is the relevant exception from your logs:

02-27 09:06:01.589 E/ykDroid (12600): Error during challenge-response request
02-27 09:06:01.589 E/ykDroid (12600): net.pp3345.ykdroid.yubikey.ConnectionLostException: java.io.IOException: Transceive length exceeds supported maximum
02-27 09:06:01.589 E/ykDroid (12600):   at net.pp3345.ykdroid.yubikey.NfcYubiKey.challengeResponse(NfcYubiKey.java:68)
02-27 09:06:01.589 E/ykDroid (12600):   at net.pp3345.ykdroid.ChallengeResponseActivity$1.doInBackground(ChallengeResponseActivity.java:102)
02-27 09:06:01.589 E/ykDroid (12600):   at net.pp3345.ykdroid.ChallengeResponseActivity$1.doInBackground(ChallengeResponseActivity.java:96)
02-27 09:06:01.589 E/ykDroid (12600):   at android.os.AsyncTask$3.call(AsyncTask.java:362)
02-27 09:06:01.589 E/ykDroid (12600):   at java.util.concurrent.FutureTask.run(FutureTask.java:266)
02-27 09:06:01.589 E/ykDroid (12600):   at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:274)
02-27 09:06:01.589 E/ykDroid (12600):   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
02-27 09:06:01.589 E/ykDroid (12600):   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
02-27 09:06:01.589 E/ykDroid (12600):   at java.lang.Thread.run(Thread.java:764)
02-27 09:06:01.589 E/ykDroid (12600): Caused by: java.io.IOException: Transceive length exceeds supported maximum
02-27 09:06:01.589 E/ykDroid (12600):   at android.nfc.TransceiveResult.getResponseOrThrow(TransceiveResult.java:50)
02-27 09:06:01.589 E/ykDroid (12600):   at android.nfc.tech.BasicTagTechnology.transceive(BasicTagTechnology.java:151)
02-27 09:06:01.589 E/ykDroid (12600):   at android.nfc.tech.IsoDep.transceive(IsoDep.java:172)
02-27 09:06:01.589 E/ykDroid (12600):   at net.pp3345.ykdroid.yubikey.NfcYubiKey.challengeResponse(NfcYubiKey.java:55)
02-27 09:06:01.589 E/ykDroid (12600):   ... 8 more

Honestly, this looks really weird. Do you also have a YubiKey NEO per chance? If so, does it work when using it instead of the YubiKey 5 NFC? Also, does it work if you try using ykDroid via USB?

mabachel commented 5 years ago

https://github.com/PhilippC/keepass2android/issues/712#issuecomment-473811448

mabachel commented 5 years ago

https://github.com/PhilippC/keepass2android/issues/712#issuecomment-475213082

mabachel commented 5 years ago

Sry for opening this issue as it seems to be ROM related. Starting with AOSPExtended 6.7 for my Nexus 5X the NFC issues got fixed and unlocking a KeePassXC Database with a YubiKey 5 NFC an Keepass2Android works.

https://forum.xda-developers.com/nexus-5x/development/bullhead-aospextended-v6-0-t3866734/post80134338

This issue should be closed.

pp3345 commented 5 years ago

Sorry for not getting back to you earlier. Glad to see it's fixed! Closing this issue now, feel free to open a new issue anytime if you experience any further problems :-)