U2F token registration fails in Chromium / Ubuntu

[alduder]

Hi, I am testing the WebAuthn registration at https://webauthn.org/ from various OS / browser combinations. On Ubuntu 18.04, I was successful using Firefox 60.0.2, but not using the latest Chromium Stable 67.0.3396.62, which is also supposed to support WebAuthn. The website doesn't return any error on loading, and also when pressing the "Register" button. The "Perform User Verification" dialog pops up, but the key never flashes to indicate a request, and the verification eventually times out (at ux-events.js:42). The browser does not indicate any special action to take. I tried switching the Web Authentication API flags in Chromium, but no effect.

[apowers313]

Thanks for the bug report. Two things to help debug this:

1. Click "advanced" at the bottom of webauthn.org. Repeat the registration process and copy the results from the debug terminal into a txt file and upload it here.
2. Open up the debug console (Control+Shift+J). Repeat the registration process and copy the results from the debug terminal into a txt file and upload it here.

@christiaanbrand @kpaulh - know of any issues with Chromium 67 + Ubuntu 18.04 + USB Security Keys off the top of your heads?

[kpaulh]

Not as far as I know. I just successfully tested with Chrome 67 + Debian + U2F token, for what that's worth.

What type of token was this?

[alduder]

I found out there must be a bug with the Chromium version I am using. I installed the snap version (sudo snap install chromium) in Ubuntu 18.04, which pulls a Canonical build 67.0.3396.62 (https://snapcraft.io/chromium), as opposed to the current Universe build 66.0.3359.181. The snap version even has a problem with standard U2F requests, and fails both Yubico demos at https://demo.yubico.com/u2f and https://demo.yubico.com/webauthn/, so there must be something wrong with the build. I am testing with a Yubikey 4, but it's probably not relevant here since I never reach the point of interacting with the token. I posted a comment on https://forum.snapcraft.io/t/fido-u2f-authentication-fails-in-chromium-snap-build/6130, but not sure it's the best place to file such bugs.

[kpaulh]

Can you try https://webauthndemo.appspot.com/? Out of curiosity, can you also try with Chrome stable - 67.0.3396.99?

[alduder]

No success with Chromium snap build 67.0.3396.62. Demo site says "Waiting for user touch", but token doesn't blink, and process eventually times out. No error message in the console apart from the timing out message (NotAllowedError: The operation either timed out or was not allowed. See: https://w3c.github.io/webauthn/#sec-assertion-privacy.)

Chrome stable 67.0.3396.99 works without problem; works perfectly also on https://demo.yubico.com/webauthn/ and https://demo.yubico.com/u2f/.

[kpaulh]

I'm afraid I'm at a loss. There were no changes to the webauthn implementation between .62 and .99 (https://chromium.googlesource.com/chromium/src/+log/67.0.3396.62..67.0.3396.99?pretty=fuller&n=10000).

I would recommend using the latest Chrome stable build going forward.

[alduder]

It looks like the problem is in the Chromium snap build, not in the version itself: https://forum.snapcraft.io/t/fido-u2f-authentication-fails-in-chromium-snap-build/6130

[kpaulh]

Okay, I'm somewhat more informed now. I agree - like the comment on the other thread suggests, it does seem like a USB access issue specific to snap.

[apowers313]

Seems like the right place to address this would be in the Chromium builds. I'm closing this, but re-open if you disagree.