Closed bmillemathias closed 8 years ago
prefiks
commented
8 years ago Hello Baptiste,
This is result of returning error with code 1 by module responsible for communicate with your device. Usually that means that it was not able to find u2f device, or was not able to send anything or didn't receive response (i will need to improve this part to get better diagnostics).
Could you tell me what OS are you using, and what device are you using with it?
bmillemathias
commented
8 years ago Hi,
I use Fedora 23 with the defaut firefox package provided by the disto, as of today it is firefox-41.0.2-2.fc23.x86_64. Selinux is disabled.
I admit I just plugged my yubikey and install the udev rules files I found on the interweb
ACTION!="add|change", GOTO="yubico_end"
# Udev rules for letting the console user access the Yubikey USB
# device node, needed for challenge/response to work correctly.
# Yubico Yubikey II
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", \
ENV{ID_SECURITY_TOKEN}="1"
LABEL="yubico_end"the yubikey is a u2f key, the one sold with github account recently.
update: I installed the ykclient library so it fixed the crash and now the message prompt asking to touch the device appears. However nothing happens after touching the device.
prefiks
commented
8 years ago I uploaded test program to: http://prefiks.org/u2f4moz/linux64/u2f-test, if you chmod +x it, and then execute it will scan your usb bus and if detects device it can talk to, will try to communicate with it.
It would be great if you could run this and then copy/paste results here (you can skip not related entries)
bmillemathias
commented
8 years ago Thanks for the follow-up.
As the normal user the binary was unable to find the device but it succeeded as root.
Checking device Security Key by Yubico.
Usage: 1 UsagePage: f1d0.
USB send: 00ffffffff8600080807060504030201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
USB write returned 65
now trying with timeout 2
now trying with timeout 4
now trying with timeout 8
USB read rc read 64
USB recv: ffffffff860011080706050403020100010001020401080100000000000000000000000000000000000000000000000000000000000000000000000000000000
device /dev/hidraw3 discovered as 'Security Key by Yubico'
version (Interface, Major, Minor, Build): 2, 4, 1, 0 capFlags: 1I then changed the permission to 666 for the device and now I'm able to find the device with the program. However the permission correction doesn't fix the u2f mechanism in firefox.
prefiks
commented
8 years ago You may be interested in this: https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules if you have permissions problem
bmillemathias
commented
8 years ago indeed, I just drop it in udev folder 5 minutes ago :) I'll open a fedora bug to improve the u2f integration for that part.
prefiks
commented
8 years ago You can test browser implementation by executing something like this in browser console (ctrl+shift+i)
u2f.register([{challenge:"sLA9a6ifD28iWXgM9ka1MIf55OGHPP-PD8jdvCPKQVw",
version: "U2F_V2", appId: "https://demo.yubico.com"}], [],
c=>console.info("RES", c), 10)Ok so it works fine now, for an unknown reason the add-on was disabled. Thanks for support.
I close the bug
When I enable the u2f extension, it makes the remote u2f server crashes with a python exception instead of having the message to touch my u2f key.
The exception I got is:
I don't see any error client-wise, but I can provide you log if you give me guidance.
The video of the error: https://youtu.be/URPUHn8Wyak