Can't create Google passkey in pico_fido_pico-5.12.uf2 & pico_fido_pico-6.0.uf2 #72

New Issue

Closed

opened 2024-11-22 04:55:59 +08:00 by GremlinStyle · 38 comments

GremlinStyle commented 2024-11-22 04:55:59 +08:00 (Migrated from github.com)

Copy Link

Hello,
And first i would like to thank you for this awesome project

I noticed an error/bug (or my fault?) which doesn't allow me to create a google passkey in version 5.12 and 6.0 (not nightly) but in 5.8 it is working
I tested it on waterfox and chrome on my windows 10 pc
OS Name: Microsoft Windows 10 Home
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free

After clicking "create passkey" and entering my security pin
I was stuck for some minutes at this step

Before i finally get the message "Couldn't complete singup" or something similar
(I couldn't catch a screenshot because it's so fast gone)

I hope this information is in someway helpful and wish you a nice evening/morning/day (where ever you are)
(this is my first time writing an issue so i hope it's at least somewhat usable)

Hello, And first i would like to thank you for this awesome project I noticed an error/bug (or my fault?) which doesn't allow me to create a google passkey in version 5.12 and 6.0 (not nightly) but in 5.8 it is working I tested it on waterfox and chrome on my windows 10 pc <code>OS Name: Microsoft Windows 10 Home OS Version: 10.0.19045 N/A Build 19045 OS Manufacturer: Microsoft Corporation OS Configuration: Standalone Workstation OS Build Type: Multiprocessor Free</code> After clicking "create passkey" and entering my security pin I was stuck for some minutes at this step  Before i finally get the message "Couldn't complete singup" or something similar (I couldn't catch a screenshot because it's so fast gone) I hope this information is in someway helpful and wish you a nice evening/morning/day (where ever you are) (this is my first time writing an issue so i hope it's at least somewhat usable)

polhenarejos commented 2024-11-22 16:06:07 +08:00 (Migrated from github.com)

Copy Link

Does it work with webauthn.io ?

Does it work with webauthn.io ?

GremlinStyle commented 2024-11-22 22:33:51 +08:00 (Migrated from github.com)

Copy Link

Yes i did test it on the 6.0, 5.12 & 5.8 with webauthn.io or https://www.token2.com/tools/fido2-demo and it always worked flawless

Yes i did test it on the 6.0, 5.12 & 5.8 with webauthn.io or https://www.token2.com/tools/fido2-demo and it always worked flawless

polhenarejos commented 2024-11-22 23:05:18 +08:00 (Migrated from github.com)

Copy Link

I've tried right now with Chrome in macOS and worked. Perhaps is the middle layer that Windows use.

Can you try with macOS or Linux?

I've tried right now with Chrome in macOS and worked. Perhaps is the middle layer that Windows use. Can you try with macOS or Linux?

GremlinStyle commented 2024-11-23 05:00:26 +08:00 (Migrated from github.com)

Copy Link

This is a little embarrassing but it seems i can't use on a freshly new installed ubuntu desktop (on my laptop).

First i tried without installing anything but then after some research installed these
pscscd pscsc-tools sssd libpam-sss opensc-pkcs11

And i still can't use it (even after repeatedly reflashing with 6.0 and 5.8 version)
I tried it on firefox and chromium before digging deeper and i found out that

in most cases the pico doesn't even get detected
at least not with pcsc_scan and the browsers

Only from pamu2fcg did i get some success which is another error message
$ pamu2fcfg
No U2F device available, please insert one now, you have 6 seconds
Device found!
Enter PIN for /dev/hidraw0:
error: fido_dev_make_cred (39) FIDO_ERR_OPERATION_DENIED

Or in case i press the button after entering the key without waiting for any message
$ pamu2fcfg
Enter PIN for /dev/hidraw0:
error: fido_cred_verify (-7) FIDO_ERR_INVALID_ARGUMENT

In case i forgot to install a driver or maybe to configure a service let me know?

And on a site note is it normal for the pico to be detected as smartcard/keyboard by windows?
(version 6.0)

I thought it is more like a fido key( yubikey and so ) i noticed it while trying to detect it with libfido2 for 2 hours before seeing that windows calls it a smartcard

This is a little embarrassing but it seems i can't use on a freshly new installed ubuntu desktop (on my laptop). First i tried without installing anything but then after some research installed these pscscd pscsc-tools sssd libpam-sss opensc-pkcs11 And i still can't use it (even after repeatedly reflashing with 6.0 and 5.8 version) I tried it on firefox and chromium before digging deeper and i found out that in most cases the pico doesn't even get detected at least not with pcsc_scan and the browsers Only from pamu2fcg did i get some success which is another error message <code>$ pamu2fcfg No U2F device available, please insert one now, you have 6 seconds Device found! Enter PIN for /dev/hidraw0: error: fido_dev_make_cred (39) FIDO_ERR_OPERATION_DENIED</code> Or in case i press the button after entering the key without waiting for any message <code>$ pamu2fcfg Enter PIN for /dev/hidraw0: error: fido_cred_verify (-7) FIDO_ERR_INVALID_ARGUMENT</code> In case i forgot to install a driver or maybe to configure a service let me know? And on a site note is it normal for the pico to be detected as smartcard/keyboard by windows? (version 6.0)   I thought it is more like a fido key( yubikey and so ) i noticed it while trying to detect it with libfido2 for 2 hours before seeing that windows calls it a smartcard

polhenarejos commented 2024-11-23 07:04:02 +08:00 (Migrated from github.com)

Copy Link

For being recognized by OpenSC, you must commission it with known VID & PID. More info at https://www.picokeys.com/pico-commissioner/
Note that using known VID & PID is only necessary for CCID interface and 3rd party tools like Yubikey Manager or similar. FIDO should work with any VID & PID. It has not been tested with PAM.

Pico Fido has FIDO, Keyboard, CCID and WebCCID interfaces, so yes, it is normal.

When I said "try with macOS or Linux" I referred to create Google passkey using Chrome in macOS or Linux.

For being recognized by OpenSC, you must commission it with known VID & PID. More info at https://www.picokeys.com/pico-commissioner/ Note that using known VID & PID is only necessary for CCID interface and 3rd party tools like Yubikey Manager or similar. FIDO should work with any VID & PID. It has not been tested with PAM. Pico Fido has FIDO, Keyboard, CCID and WebCCID interfaces, so yes, it is normal. When I said "try with macOS or Linux" I referred to create Google passkey using Chrome in macOS or Linux.

GremlinStyle commented 2024-11-23 17:41:32 +08:00 (Migrated from github.com)

Copy Link

Thanks for the explanation
And maybe i said it poorly but i meant i can't use the pico-fido at all in firefox/chrome on ubuntu it just doesn't get detected.
I tried first with webauthn.io but and get the message in firefox to press the button, nothing happens if i do and in chromium to insert the key.

So i tried to troubleshoot it with pamu2fcfg.
I don't know if for linux i forgot to install some packages or similar.

Thanks for the explanation And maybe i said it poorly but i meant i can't use the pico-fido at all in firefox/chrome on ubuntu it just doesn't get detected. I tried first with webauthn.io but and get the message in firefox to press the button, nothing happens if i do and in chromium to insert the key. So i tried to troubleshoot it with pamu2fcfg. I don't know if for linux i forgot to install some packages or similar.

GremlinStyle commented 2024-11-24 06:30:16 +08:00 (Migrated from github.com)

Copy Link

Ok now also tested on linux mint with chromium.
with libu2f-udev pcscd installed and that 70-u2f.roles file

Again tested with version 6.0 and 5.8

6.0:
Webauthn.io works fine but in chrome but for the google passkey i don't get past the "Press the button on your key" part
It just doesn't react to the button press
similar to the windows case.

5.8:
It works with google just fine

Ok now also tested on linux mint with chromium. with libu2f-udev pcscd installed and that 70-u2f.roles file Again tested with version 6.0 and 5.8 **6.0:** Webauthn.io works fine but in chrome but for the google passkey i don't get past the "Press the button on your key" part It just doesn't react to the button press similar to the windows case. **5.8:** It works with google just fine

polhenarejos commented 2024-11-24 07:54:37 +08:00 (Migrated from github.com)

Copy Link

But do you press the BOOT button to confirm? Not the reset one.

But do you press the BOOT button to confirm? Not the reset one.

GremlinStyle commented 2024-11-24 18:15:17 +08:00 (Migrated from github.com)

Copy Link

Yes the button with the text "BOOTSEL" above it also the only button onboard

Yes the button with the text "BOOTSEL" above it also the only button onboard 

polhenarejos commented 2024-11-24 18:49:46 +08:00 (Migrated from github.com)

Copy Link

Are you using Pico board? The same as the pic.

Are you using Pico board? The same as the pic.

GremlinStyle commented 2024-11-25 00:03:56 +08:00 (Migrated from github.com)

Copy Link

Exactly, it is the same.

Exactly, it is the same.

polhenarejos commented 2024-11-25 16:00:25 +08:00 (Migrated from github.com)

Copy Link

Seems a problem of timeout.
In webauthn.io (and probably others) the process is this:

• You click on Register. Board will enter in "waiting for button" state.
• Press BOOTSEL button in less than 10 seconds; otherwise will fail with timeout.
• A PIN windows will appear
• Introduce your PIN and continue. Board will enter in "waiting for button" state.
• Press BOOTSEL button again in less than 10 seconds; otherwise will fail with timeout.
• The process will conclude successfully.

Can you confirm you press BOOTsel button twice in less than 10 seconds after click on Register/Authenticate and PIN input?

Seems a problem of timeout. In webauthn.io (and probably others) the process is this: - You click on Register. Board will enter in "waiting for button" state. - Press BOOTSEL button in less than 10 seconds; otherwise will fail with timeout. - A PIN windows will appear - Introduce your PIN and continue. Board will enter in "waiting for button" state. - Press BOOTSEL button again in less than 10 seconds; otherwise will fail with timeout. - The process will conclude successfully. Can you confirm you press BOOTsel button **twice** in **less than 10 seconds** after click on Register/Authenticate **and** PIN input?

GremlinStyle commented 2024-11-26 03:41:14 +08:00 (Migrated from github.com)

Copy Link

Strange,
I tested it on windows 11 and it worked just fine
But on windows 10 it's getting stuck after entering the pin

So i don't even get to the "waiting for button" state.

This is what i do.

Expected happenings

Here it's stuck for a minute or two

And error messages following

Strange, I tested it on windows 11 and it worked just fine But on windows 10 it's getting stuck after entering the pin So i don't even get to the "waiting for button" state. This is what i do. Expected happenings     Here it's stuck for a minute or two  And error messages following  

windskyxb commented 2024-11-26 16:29:53 +08:00 (Migrated from github.com)

Copy Link

Same issue

Same issue  

polhenarejos commented 2024-11-26 19:05:45 +08:00 (Migrated from github.com)

Copy Link

But do you press twice the button? One after click on "Register" and one after introducing the PIN.

But do you press twice the button? One after click on "Register" and one after introducing the PIN.

windskyxb commented 2024-11-26 23:19:13 +08:00 (Migrated from github.com)

Copy Link

But do you press twice the button? One after click on "Register" and one after introducing the PIN.

After entering the PIN for the security key, the system will get stuck in getting things ready for a while and report an error: Could't complete sign-in. Try again and ensure you do the follow-up action. Prior to this, I had already used Pico Commissioner to set VENDOR to Yubikey 4/5. During this process, the system did not require me to press a button

> But do you press twice the button? One after click on "Register" and one after introducing the PIN. After entering the PIN for the security key, the system will get stuck in `getting things ready` for a while and report an error: `Could't complete sign-in. Try again and ensure you do the follow-up action.` Prior to this, I had already used Pico Commissioner to set VENDOR to Yubikey 4/5. During this process, the system did not require me to press a button

GremlinStyle commented 2024-11-27 04:03:45 +08:00 (Migrated from github.com)

Copy Link

I tested if i can login in google after creating the key on windows 11.
And it worked.

But if i try to create the key it fails.

Also it (creating the key) doesn't work in linux mint with firefox or chromium

I tested if i can login in google after creating the key on windows 11. And it worked. But if i try to create the key it fails. Also it (creating the key) doesn't work in linux mint with firefox or chromium

GremlinStyle commented 2024-11-28 03:37:18 +08:00 (Migrated from github.com)

Copy Link

Update:

I tested it today it on a PICO 2 with the firmware 6.0

On Windows 10:
Firefox and Chrome (same responses):
For webauthn.io i get stuck at the same "getting things ready" error
but for fido2-demo it's working
google doesn't even find it, error message "Are you there? Use your security key to sign in.

Edit:
After using the comission tool with "Nitrokey Fido2" it suddenly worked for webauthn.io
So i tried to replicate it and after flashing nuke.uf2 and doing it again it didn't work.
Also i want to note the pico2 often crashes ( i think it crashes because the led stops)

Linux Mint:
Chrome can create a key but only on webauthn.io but nothing else
Registered key can be used to login on any OS or browser.
Firefox doesn't work at all, like windows firefox

Update: I tested it today it on a <a href=https://www.raspberrypi.com/products/raspberry-pi-pico-2/>PICO 2</a> with the firmware <a href=https://github.com/polhenarejos/pico-fido/releases/download/v6.0/pico_fido_pico2-6.0.uf2>6.0</a> On Windows 10: Firefox and Chrome (same responses): For <a href=https://webauthn.io/>webauthn.io</a> i get stuck at the same <code>"getting things ready"</code> error but for <a href=https://www.token2.com/tools/fido2-demo>fido2-demo</a> it's working google doesn't even find it, error message <code>"Are you there? Use your security key to sign in.</code> Edit: After using the comission tool with "Nitrokey Fido2" it suddenly worked for webauthn.io So i tried to replicate it and after flashing nuke.uf2 and doing it again it didn't work. Also i want to note the pico2 often crashes ( i think it crashes because the led stops) Linux Mint: Chrome can create a key but only on <a href=https://webauthn.io/>webauthn.io</a> but nothing else Registered key can be used to login on any OS or browser. Firefox doesn't work at all, like windows firefox

GremlinStyle commented 2024-11-29 04:11:12 +08:00 (Migrated from github.com)

Copy Link

Hello,
It's been a while today i gathered some useful troubleshooting infos from the windows even viewer
Here are the logs as txt, xml and windows event viewer format pico_fido.zip

Also i used chrome to gather additional data

I hope these are use full

Hello, It's been a while today i gathered some useful troubleshooting infos from the windows even viewer Here are the logs as txt, xml and windows event viewer format [pico_fido.zip](https://github.com/user-attachments/files/17952031/pico_fido.zip) Also i used chrome to gather additional data  I hope these are use full

polhenarejos commented 2024-11-29 06:13:26 +08:00 (Migrated from github.com)

Copy Link

1. Install the development nightly build, as it includes a new capability to tune the button timeout.
2. Go to the Commissioner and set the Presence Button Timeout to 0 to disable it.
3. Test again to see whether it is a problem with the button or it is another timeout.

1. Install the development nightly build, as it includes a new capability to tune the button timeout. 2. Go to the Commissioner and set the Presence Button Timeout to 0 to disable it. 3. Test again to see whether it is a problem with the button or it is another timeout.

GremlinStyle commented 2024-11-30 04:06:41 +08:00 (Migrated from github.com)

Copy Link

Anyway even after flashing the file onto the pico and afterwards using the commission tool to set the timeout to 0

In linux it works with webauthn.io but google still has the problem where it loads without any end in sight.
Led is still blinking.

In windows 10 it sometimes works on webauthn.io? but only once then i could not replicate it.
It still is the same problem where the pico seems to crash (led not blinking, either stuck at glowing or being not on).
And that "getting things ready" error is ever present.

i added here the chrome logs from windows 10 chrome
chrome://device-log/?refresh=5

FIDOEvent[20:58:14] UI step: kClosed
 
FIDODebug[20:58:14] Advertisements stopped
 
FIDODebug[20:58:14] Stopping 0 caBLE advertisements
 
FIDODebug[20:58:14] WebAuthNAuthenticatorMakeCredential()=0x800704C7 (NotAllowedError)
 
FIDODebug[20:55:21] WebAuthNAuthenticatorMakeCredential(rp={1, "webauthn.io", "webauthn.io"}, user={1, 3654314B79305266534F793179737339346E7832686A5361306E64346437515F376C664F416E5161467273, "test", "test"}, cose_credential_parameters={2, &[{1, "public-key", -7}, {1, "public-key", -257}]}, client_data={1, "{\"type\":\"webauthn.create\",\"challenge\":\"Ok4fC7GKEQirJN14yAGI0EDaCYaWD6ZcIOT-pvTfHMT-6rh3VCSqDFl9AV7N-7BroCUfxrDDbI_y2aFRApTF7w\",\"origin\":\"https://webauthn.io\",\"crossOrigin\":false}", "SHA-256"}, options={7, 300000, {0, &[]}, {0, &[]}, 2, 0, 2, 1, 0, 0000008E095FF2E0, &{20, &[&{1, 1889BAAF3A93708863CC4487EE3C1B46, "public-key", 48}, &{1, 2412669E3D28C8B120202E13F963F34417801B0A, "public-key", 16}, &{1, 255E698DA8795859CCC4D8F83869B95F0E526BE4, "public-key", 48}, &{1, 27C824054F36BBF0F5B5C7F6C5D91D81, "public-key", 48}, &{1, 51C91DFB590B770B10F1838D3B3B5EDE, "public-key", 48}, &{1, 7BD9DFF7A5BFDC681131A7ED86945C171263D2823CFDB5850EC368B55EAD45751D3E74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01D000000, "public-key", 55}, &{1, 83BB2B166E6A1F37B218E1A4BA5E7900D39F02D0AE7EC397C47ED306CFDF649C, "public-key", 16}, &{1, 8E86DA1548CF4A5EB34747B60FF30D80, "public-key", 16}, &{1, 9400E086967BFC3BFE99768219054917, "public-key", 48}, &{1, 970A68F4A3CDD76457696B15F170876459E2504321342C0C5A0FFBA0E3CAD15A0B2F74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01A000000, "public-key", 55}, &{1, 9BD04F94DB162834D75A9FBE370BFFDC3BA53FE6A9FC9BE9034AFD178011F8F6, "public-key", 16}, &{1, AA3368683832CEDEB560D7B1403400F98F54C608605ACC27424099A02142AFEF2153B5B67457C3A6ED3D40D40B98E1BE, "public-key", 3}, &{1, CC44AC17DEC945BED438CE656DE0EE96, "public-key", 3}, &{1, DD5B79D62A70487C89DDEEFADFB9D72D, "public-key", 16}, &{1, E523D1C3DD2B661064CB1967E66D60777EDB80D70A823A24E49992CF09F8258DBE1474A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01A000000, "public-key", 55}, &{1, F1D0020124A3935A14ED944ADF38D66629C4C6E941FFD02B476F79A7A38D3447F2F06AC831DEEFB1733D3AD08374F9538D5092B68112E98FC6D5408E648A41674BFFC760DAB08C1F9A4732F52C9266ED821581ED8F0EF1613AB3BF50F5A851DCA8FFD343D25FDF3927886751C0221771485D767CECE65B8826DE2D9684A0BFE47BA8D5481AD5B9CA6051AEAE9CDFC58BCBEE6EFC70E6AE9FD73259623C2A2849259E, "public-key", 1}, &{1, F1D002013206C2FAD750EA4E5F59B8DF708DC230C09896654ED5791880FC03C8D10CA3E130D543C3BCCE87D8BB98B9BD50ACEC85392C77819371107D40F7A901BD1CD6A0477D2A64573D91C699C0252521949B404F2AC85360BC037836F74A98FBA17072A661900302E0D2D488C08A3DD0FB60CC041B0E423F8DE2BF613C7AF54E3A2DAA14BE645CCE73D88E654B97D7FE0B74CF5D3410D41321B237434C08B9391A, "public-key", 1}, &{1, F1D002015B3563667E9B9B1D645B98E3480701AE55AC9E9B2E1F37CEDA36E058A54B28205B6168FA01CE2F4A4074D1E64BC55B725162E4200DBB753414CA7ACDF594F776ABCE9D79E3877E3416F819185355A964F56813CEFB3AD440260B82F81523E19D626B35B6456CEE4F0A92F098952FA360FC9D85DB3D95BE4D64BC642D79793FA8FE996329DA622FD05CECA35DA6839F5BB6CF8451BB910790B32C777F158D3C13A16BF8487CDCBFC176D605ABEE4B8231ACEA5278D9, "public-key", 55}, &{1, F4364E04D82E4D7CA5A15933EFA1442A, "public-key", 16}, &{1, FA8B20609C0A014A5D9E258A2EF583A7A3CF88C4, "public-key", 16}]}, 0})
 
FIDOEvent[20:55:21] UI step: kNotStarted
 
FIDODebug[20:55:21] No BLE adapter present
 
FIDODebug[20:55:21] Bluetooth status: Off
 
FIDOEvent[20:55:21] Starting MakeCredential flow: { "attestation": "none", "authenticatorSelection": { "authenticatorAttachment": "cross-platform", "residentKey": "preferred", "userVerification": "preferred" }, "challenge": "Ok4fC7GKEQirJN14yAGI0EDaCYaWD6ZcIOT-pvTfHMT-6rh3VCSqDFl9AV7N-7BroCUfxrDDbI_y2aFRApTF7w", "excludeCredentials": [ { "id": "GIm6rzqTcIhjzESH7jwbRg", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "JBJmnj0oyLEgIC4T-WPzRBeAGwo", "transports": [ "internal" ], "type": "public-key" }, { "id": "JV5pjah5WFnMxNj4OGm5Xw5Sa-Q", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "J8gkBU82u_D1tcf2xdkdgQ", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "Uckd-1kLdwsQ8YONOzte3g", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "e9nf96W_3GgRMafthpRcFxJj0oI8_bWFDsNotV6tRXUdPnSm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wHQAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "g7srFm5qHzeyGOGkul55ANOfAtCufsOXxH7TBs_fZJw", "transports": [ "internal" ], "type": "public-key" }, { "id": "jobaFUjPSl6zR0e2D_MNgA", "transports": [ "internal" ], "type": "public-key" }, { "id": "lADghpZ7_Dv-mXaCGQVJFw", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "lwpo9KPN12RXaWsV8XCHZFniUEMhNCwMWg_7oOPK0VoLL3Sm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wGgAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "m9BPlNsWKDTXWp--Nwv_3DulP-ap_JvpA0r9F4AR-PY", "transports": [ "internal" ], "type": "public-key" }, { "id": "qjNoaDgyzt61YNexQDQA-Y9UxghgWswnQkCZoCFCr-8hU7W2dFfDpu09QNQLmOG-", "transports": [ "usb", "nfc" ], "type": "public-key" }, { "id": "zESsF97JRb7UOM5lbeDulg", "transports": [ "usb", "nfc" ], "type": "public-key" }, { "id": "3Vt51ipwSHyJ3e7637nXLQ", "transports": [ "internal" ], "type": "public-key" }, { "id": "5SPRw90rZhBkyxln5m1gd37bgNcKgjok5JmSzwn4JY2-FHSm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wGgAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "8dACASSjk1oU7ZRK3zjWZinExulB_9ArR295p6ONNEfy8GrIMd7vsXM9OtCDdPlTjVCStoES6Y_G1UCOZIpBZ0v_x2DasIwfmkcy9SySZu2CFYHtjw7xYTqzv1D1qFHcqP_TQ9Jf3zkniGdRwCIXcUhddnzs5luIJt4tloSgv-R7qNVIGtW5ymBRrq6c38WLy-5u_HDmrp_XMlliPCooSSWe", "transports": [ "usb" ], "type": "public-key" }, { "id": "8dACATIGwvrXUOpOX1m433CNwjDAmJZlTtV5GID8A8jRDKPhMNVDw7zOh9i7mLm9UKzshTksd4GTcRB9QPepAb0c1qBHfSpkVz2RxpnAJSUhlJtATyrIU2C8A3g290qY-6FwcqZhkAMC4NLUiMCKPdD7YMwEGw5CP43iv2E8evVOOi2qFL5kXM5z2I5lS5fX_gt0z100ENQTIbI3Q0wIuTka", "transports": [ "usb" ], "type": "public-key" }, { "id": "8dACAVs1Y2Z-m5sdZFuY40gHAa5VrJ6bLh83zto24FilSyggW2Fo-gHOL0pAdNHmS8VbclFi5CANu3U0FMp6zfWU93arzp1544d-NBb4GRhTValk9WgTzvs61EAmC4L4FSPhnWJrNbZFbO5PCpLwmJUvo2D8nYXbPZW-TWS8ZC15eT-o_pljKdpiL9Bc7KNdpoOfW7bPhFG7kQeQsyx3fxWNPBOha_hIfNy_wXbWBavuS4IxrOpSeNk", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "9DZOBNguTXyloVkz76FEKg", "transports": [ "internal" ], "type": "public-key" }, { "id": "-osgYJwKAUpdniWKLvWDp6PPiMQ", "transports": [ "internal" ], "type": "public-key" } ], "extensions": { "credProps": true }, "hints": [ "security-key" ], "pubKeyCredParams": [ { "alg": -7, "type": "public-key" }, { "alg": -257, "type": "public-key" } ], "rp": { "id": "webauthn.io", "name": "webauthn.io" }, "user": { "displayName": "test", "id": "NlQxS3kwUmZTT3kxeXNzOTRueDJoalNhMG5kNGQ3UV83bGZPQW5RYUZycw", "name": "test" } }
 
FIDODebug[20:55:21] Found 0 caBLEv2 devices
 
FIDOEvent[20:55:21] Enclave authenticator disabled because no suitable account
 
FIDOEvent[20:55:21] UI step: kClosed
 
FIDOEvent[20:55:07] UI step: kConditionalMediation
 
FIDODebug[20:55:07] No BLE adapter present
 
FIDODebug[20:55:07] Bluetooth status: Off
 
FIDODebug[20:55:07] Silent discovery unavailable
 
FIDODebug[20:55:07] Silently discovering credentials for webauthn.io
 
FIDOEvent[20:55:07] Starting GetAssertion flow: { "allowCredentials": [ ], "challenge": "GggWY5nBOTTf6mEKSQr7VV2nzxH-nBcAbI_em4lwmNhFdrOmr6MiAyEE2GueCU2DU7Z2uW3KRnMupp5otZNTow", "rpId": "webauthn.io", "userVerification": "preferred" }
 
FIDODebug[20:55:07] Found 0 caBLEv2 devices
 
FIDOEvent[20:55:07] Enclave authenticator disabled because no suitable account
 
USBError[20:55:01] SetupDiGetDeviceProperty({{A45C254E-DF1C-4EFD-8020-67D146A850E0}, 6}) failed: Element nicht gefunden. (0x490)
 
USBError[20:55:01] SetupDiEnumDeviceInterfaces: Es sind keine Daten mehr verfügbar. (0x103)
 
USBError[20:55:01] SetupDiGetDeviceProperty({{A45C254E-DF1C-4EFD-8020-67D146A850E0}, 6}) failed: Element nicht gefunden. (0x490)
 
USBEvent[20:55:01] USB device function updated: guid=43c1a89f-7166-45d2-a329-d07daed49109, interface_number=2, path="\\?\usb#vid_20a0&pid_42b1&mi_02#6&62bb226&0&0002#{50dd5230-ba8a-11d1-bf5d-0000f805f530}", driver="WUDFRd"
 
USBUser[20:55:01] USB device added: path=\\?\usb#vid_20a0&pid_42b1#e660382823638f35#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=8352 "Pol Henarejos", product=17073 "Pico Key", serial="E660382823638F35", driver="usbccgp", guid=43c1a89f-7166-45d2-a329-d07daed49109

Also checked if it's not the pico which may be damaged but with the 5.8 version it's working just fine.

Tested on two windows 10 pc
And a linux mint

PS:
Thanks for taking your time to work this issue

Anyway even after flashing the <a href=https://github.com/polhenarejos/pico-fido/releases/download/nightly-development/pico_fido_pico-6.0.uf2>file</a> onto the pico and afterwards using the commission tool to set the timeout to 0 In linux it works with webauthn.io but google still has the problem where it loads without any end in sight. Led is still blinking. In windows 10 it sometimes works on webauthn.io? but only once then i could not replicate it. It still is the same problem where the pico seems to crash (led not blinking, either stuck at glowing or being not on). And that "getting things ready" error is ever present. i added here the chrome logs from windows 10 chrome chrome://device-log/?refresh=5 ``` FIDOEvent[20:58:14] UI step: kClosed FIDODebug[20:58:14] Advertisements stopped FIDODebug[20:58:14] Stopping 0 caBLE advertisements FIDODebug[20:58:14] WebAuthNAuthenticatorMakeCredential()=0x800704C7 (NotAllowedError) FIDODebug[20:55:21] WebAuthNAuthenticatorMakeCredential(rp={1, "webauthn.io", "webauthn.io"}, user={1, 3654314B79305266534F793179737339346E7832686A5361306E64346437515F376C664F416E5161467273, "test", "test"}, cose_credential_parameters={2, &[{1, "public-key", -7}, {1, "public-key", -257}]}, client_data={1, "{\"type\":\"webauthn.create\",\"challenge\":\"Ok4fC7GKEQirJN14yAGI0EDaCYaWD6ZcIOT-pvTfHMT-6rh3VCSqDFl9AV7N-7BroCUfxrDDbI_y2aFRApTF7w\",\"origin\":\"https://webauthn.io\",\"crossOrigin\":false}", "SHA-256"}, options={7, 300000, {0, &[]}, {0, &[]}, 2, 0, 2, 1, 0, 0000008E095FF2E0, &{20, &[&{1, 1889BAAF3A93708863CC4487EE3C1B46, "public-key", 48}, &{1, 2412669E3D28C8B120202E13F963F34417801B0A, "public-key", 16}, &{1, 255E698DA8795859CCC4D8F83869B95F0E526BE4, "public-key", 48}, &{1, 27C824054F36BBF0F5B5C7F6C5D91D81, "public-key", 48}, &{1, 51C91DFB590B770B10F1838D3B3B5EDE, "public-key", 48}, &{1, 7BD9DFF7A5BFDC681131A7ED86945C171263D2823CFDB5850EC368B55EAD45751D3E74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01D000000, "public-key", 55}, &{1, 83BB2B166E6A1F37B218E1A4BA5E7900D39F02D0AE7EC397C47ED306CFDF649C, "public-key", 16}, &{1, 8E86DA1548CF4A5EB34747B60FF30D80, "public-key", 16}, &{1, 9400E086967BFC3BFE99768219054917, "public-key", 48}, &{1, 970A68F4A3CDD76457696B15F170876459E2504321342C0C5A0FFBA0E3CAD15A0B2F74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01A000000, "public-key", 55}, &{1, 9BD04F94DB162834D75A9FBE370BFFDC3BA53FE6A9FC9BE9034AFD178011F8F6, "public-key", 16}, &{1, AA3368683832CEDEB560D7B1403400F98F54C608605ACC27424099A02142AFEF2153B5B67457C3A6ED3D40D40B98E1BE, "public-key", 3}, &{1, CC44AC17DEC945BED438CE656DE0EE96, "public-key", 3}, &{1, DD5B79D62A70487C89DDEEFADFB9D72D, "public-key", 16}, &{1, E523D1C3DD2B661064CB1967E66D60777EDB80D70A823A24E49992CF09F8258DBE1474A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF01A000000, "public-key", 55}, &{1, F1D0020124A3935A14ED944ADF38D66629C4C6E941FFD02B476F79A7A38D3447F2F06AC831DEEFB1733D3AD08374F9538D5092B68112E98FC6D5408E648A41674BFFC760DAB08C1F9A4732F52C9266ED821581ED8F0EF1613AB3BF50F5A851DCA8FFD343D25FDF3927886751C0221771485D767CECE65B8826DE2D9684A0BFE47BA8D5481AD5B9CA6051AEAE9CDFC58BCBEE6EFC70E6AE9FD73259623C2A2849259E, "public-key", 1}, &{1, F1D002013206C2FAD750EA4E5F59B8DF708DC230C09896654ED5791880FC03C8D10CA3E130D543C3BCCE87D8BB98B9BD50ACEC85392C77819371107D40F7A901BD1CD6A0477D2A64573D91C699C0252521949B404F2AC85360BC037836F74A98FBA17072A661900302E0D2D488C08A3DD0FB60CC041B0E423F8DE2BF613C7AF54E3A2DAA14BE645CCE73D88E654B97D7FE0B74CF5D3410D41321B237434C08B9391A, "public-key", 1}, &{1, F1D002015B3563667E9B9B1D645B98E3480701AE55AC9E9B2E1F37CEDA36E058A54B28205B6168FA01CE2F4A4074D1E64BC55B725162E4200DBB753414CA7ACDF594F776ABCE9D79E3877E3416F819185355A964F56813CEFB3AD440260B82F81523E19D626B35B6456CEE4F0A92F098952FA360FC9D85DB3D95BE4D64BC642D79793FA8FE996329DA622FD05CECA35DA6839F5BB6CF8451BB910790B32C777F158D3C13A16BF8487CDCBFC176D605ABEE4B8231ACEA5278D9, "public-key", 55}, &{1, F4364E04D82E4D7CA5A15933EFA1442A, "public-key", 16}, &{1, FA8B20609C0A014A5D9E258A2EF583A7A3CF88C4, "public-key", 16}]}, 0}) FIDOEvent[20:55:21] UI step: kNotStarted FIDODebug[20:55:21] No BLE adapter present FIDODebug[20:55:21] Bluetooth status: Off FIDOEvent[20:55:21] Starting MakeCredential flow: { "attestation": "none", "authenticatorSelection": { "authenticatorAttachment": "cross-platform", "residentKey": "preferred", "userVerification": "preferred" }, "challenge": "Ok4fC7GKEQirJN14yAGI0EDaCYaWD6ZcIOT-pvTfHMT-6rh3VCSqDFl9AV7N-7BroCUfxrDDbI_y2aFRApTF7w", "excludeCredentials": [ { "id": "GIm6rzqTcIhjzESH7jwbRg", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "JBJmnj0oyLEgIC4T-WPzRBeAGwo", "transports": [ "internal" ], "type": "public-key" }, { "id": "JV5pjah5WFnMxNj4OGm5Xw5Sa-Q", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "J8gkBU82u_D1tcf2xdkdgQ", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "Uckd-1kLdwsQ8YONOzte3g", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "e9nf96W_3GgRMafthpRcFxJj0oI8_bWFDsNotV6tRXUdPnSm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wHQAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "g7srFm5qHzeyGOGkul55ANOfAtCufsOXxH7TBs_fZJw", "transports": [ "internal" ], "type": "public-key" }, { "id": "jobaFUjPSl6zR0e2D_MNgA", "transports": [ "internal" ], "type": "public-key" }, { "id": "lADghpZ7_Dv-mXaCGQVJFw", "transports": [ "hybrid", "internal" ], "type": "public-key" }, { "id": "lwpo9KPN12RXaWsV8XCHZFniUEMhNCwMWg_7oOPK0VoLL3Sm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wGgAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "m9BPlNsWKDTXWp--Nwv_3DulP-ap_JvpA0r9F4AR-PY", "transports": [ "internal" ], "type": "public-key" }, { "id": "qjNoaDgyzt61YNexQDQA-Y9UxghgWswnQkCZoCFCr-8hU7W2dFfDpu09QNQLmOG-", "transports": [ "usb", "nfc" ], "type": "public-key" }, { "id": "zESsF97JRb7UOM5lbeDulg", "transports": [ "usb", "nfc" ], "type": "public-key" }, { "id": "3Vt51ipwSHyJ3e7637nXLQ", "transports": [ "internal" ], "type": "public-key" }, { "id": "5SPRw90rZhBkyxln5m1gd37bgNcKgjok5JmSzwn4JY2-FHSm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wGgAAAA", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "8dACASSjk1oU7ZRK3zjWZinExulB_9ArR295p6ONNEfy8GrIMd7vsXM9OtCDdPlTjVCStoES6Y_G1UCOZIpBZ0v_x2DasIwfmkcy9SySZu2CFYHtjw7xYTqzv1D1qFHcqP_TQ9Jf3zkniGdRwCIXcUhddnzs5luIJt4tloSgv-R7qNVIGtW5ymBRrq6c38WLy-5u_HDmrp_XMlliPCooSSWe", "transports": [ "usb" ], "type": "public-key" }, { "id": "8dACATIGwvrXUOpOX1m433CNwjDAmJZlTtV5GID8A8jRDKPhMNVDw7zOh9i7mLm9UKzshTksd4GTcRB9QPepAb0c1qBHfSpkVz2RxpnAJSUhlJtATyrIU2C8A3g290qY-6FwcqZhkAMC4NLUiMCKPdD7YMwEGw5CP43iv2E8evVOOi2qFL5kXM5z2I5lS5fX_gt0z100ENQTIbI3Q0wIuTka", "transports": [ "usb" ], "type": "public-key" }, { "id": "8dACAVs1Y2Z-m5sdZFuY40gHAa5VrJ6bLh83zto24FilSyggW2Fo-gHOL0pAdNHmS8VbclFi5CANu3U0FMp6zfWU93arzp1544d-NBb4GRhTValk9WgTzvs61EAmC4L4FSPhnWJrNbZFbO5PCpLwmJUvo2D8nYXbPZW-TWS8ZC15eT-o_pljKdpiL9Bc7KNdpoOfW7bPhFG7kQeQsyx3fxWNPBOha_hIfNy_wXbWBavuS4IxrOpSeNk", "transports": [ "usb", "nfc", "ble", "hybrid", "internal" ], "type": "public-key" }, { "id": "9DZOBNguTXyloVkz76FEKg", "transports": [ "internal" ], "type": "public-key" }, { "id": "-osgYJwKAUpdniWKLvWDp6PPiMQ", "transports": [ "internal" ], "type": "public-key" } ], "extensions": { "credProps": true }, "hints": [ "security-key" ], "pubKeyCredParams": [ { "alg": -7, "type": "public-key" }, { "alg": -257, "type": "public-key" } ], "rp": { "id": "webauthn.io", "name": "webauthn.io" }, "user": { "displayName": "test", "id": "NlQxS3kwUmZTT3kxeXNzOTRueDJoalNhMG5kNGQ3UV83bGZPQW5RYUZycw", "name": "test" } } FIDODebug[20:55:21] Found 0 caBLEv2 devices FIDOEvent[20:55:21] Enclave authenticator disabled because no suitable account FIDOEvent[20:55:21] UI step: kClosed FIDOEvent[20:55:07] UI step: kConditionalMediation FIDODebug[20:55:07] No BLE adapter present FIDODebug[20:55:07] Bluetooth status: Off FIDODebug[20:55:07] Silent discovery unavailable FIDODebug[20:55:07] Silently discovering credentials for webauthn.io FIDOEvent[20:55:07] Starting GetAssertion flow: { "allowCredentials": [ ], "challenge": "GggWY5nBOTTf6mEKSQr7VV2nzxH-nBcAbI_em4lwmNhFdrOmr6MiAyEE2GueCU2DU7Z2uW3KRnMupp5otZNTow", "rpId": "webauthn.io", "userVerification": "preferred" } FIDODebug[20:55:07] Found 0 caBLEv2 devices FIDOEvent[20:55:07] Enclave authenticator disabled because no suitable account USBError[20:55:01] SetupDiGetDeviceProperty({{A45C254E-DF1C-4EFD-8020-67D146A850E0}, 6}) failed: Element nicht gefunden. (0x490) USBError[20:55:01] SetupDiEnumDeviceInterfaces: Es sind keine Daten mehr verfügbar. (0x103) USBError[20:55:01] SetupDiGetDeviceProperty({{A45C254E-DF1C-4EFD-8020-67D146A850E0}, 6}) failed: Element nicht gefunden. (0x490) USBEvent[20:55:01] USB device function updated: guid=43c1a89f-7166-45d2-a329-d07daed49109, interface_number=2, path="\\?\usb#vid_20a0&pid_42b1&mi_02#6&62bb226&0&0002#{50dd5230-ba8a-11d1-bf5d-0000f805f530}", driver="WUDFRd" USBUser[20:55:01] USB device added: path=\\?\usb#vid_20a0&pid_42b1#e660382823638f35#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=8352 "Pol Henarejos", product=17073 "Pico Key", serial="E660382823638F35", driver="usbccgp", guid=43c1a89f-7166-45d2-a329-d07daed49109 ``` Also checked if it's not the pico which may be damaged but with the 5.8 version it's working just fine. Tested on two windows 10 pc And a linux mint PS: Thanks for taking your time to work this issue

polhenarejos commented 2024-11-30 07:36:00 +08:00 (Migrated from github.com)

Copy Link

What happens if you run the tests?

pytest tests

What happens if you run the tests? `pytest tests`

GremlinStyle commented 2024-11-30 21:38:37 +08:00 (Migrated from github.com)

Copy Link

Done
I should have started with this right?
Anyway here are the logs for 6.0 with and without the comission where the timout is set to 0.
picofido_6.0_night_dev_with_comission.log
picofido_6.0_night_dev_without_comission.log

Enviroment is windows and scripts are run with admin privs.
Otherwise pytest gives me an Access denied error.

Done I should have started with this right? Anyway here are the logs for 6.0 with and without the comission where the timout is set to 0. [picofido_6.0_night_dev_with_comission.log](https://github.com/user-attachments/files/17965553/picofido_6.0_night_dev_with_comission.log) [picofido_6.0_night_dev_without_comission.log](https://github.com/user-attachments/files/17965554/picofido_6.0_night_dev_without_comission.log) Enviroment is windows and scripts are run with admin privs. Otherwise pytest gives me an Access denied error.

polhenarejos commented 2024-12-05 00:26:34 +08:00 (Migrated from github.com)

Copy Link

Try using the nightly build and disable the Power cycle after reboot option in the Commissioner.

Try using the nightly build and disable the Power cycle after reboot option in the Commissioner.

GremlinStyle commented 2024-12-07 21:24:38 +08:00 (Migrated from github.com)

Copy Link

Hi
Sorry for the delay,
It is still not working as intended (as in getting stuck at "Getting things ready" even on webauthn.io)

Here the logs and i wasn't sure which nightly so i did both:
PicoFido_nightly-dev_Commision-PowerCycle_7-12-2024_windows10.log
PicoFido_nightly-stable_Commision-PowerCycle_7-12-2024_windows10.log

Thanks

Hi Sorry for the delay, It is still not working as intended (as in getting stuck at "Getting things ready" even on webauthn.io) Here the logs and i wasn't sure which nightly so i did both: [PicoFido_nightly-dev_Commision-PowerCycle_7-12-2024_windows10.log](https://github.com/user-attachments/files/18048527/PicoFido_nightly-dev_Commision-PowerCycle_7-12-2024_windows10.log) [PicoFido_nightly-stable_Commision-PowerCycle_7-12-2024_windows10.log](https://github.com/user-attachments/files/18048528/PicoFido_nightly-stable_Commision-PowerCycle_7-12-2024_windows10.log) Thanks

79812b commented 2024-12-11 00:27:08 +08:00 (Migrated from github.com)

Copy Link

hey i am facing the same problem
Win10

when using on discord or webauth.io it works

but when trying to use it on binance or google it get stuck in "getting things ready phase"
if anyone have any solution let me know

hey i am facing the same problem Win10 when using on discord or webauth.io it works but when trying to use it on binance or google it get stuck in "getting things ready phase" if anyone have any solution let me know

jcodeth commented 2024-12-11 20:58:26 +08:00 (Migrated from github.com)

Copy Link

There seems to be a problem with the handling of the excludelist in the cbor_make_credential function. webauthn.io does not allow multiple keys to be registered. As a result, it works because excludelist is never used. For a quick check, I was able to register a key by deleting the range shown below.

7a59b51849/src/fido/cbor_make_credential.c (L282-L298)

https://w3c.github.io/webauthn/#dom-scopedcredentialoptions-excludelist

There seems to be a problem with the handling of the excludelist in the cbor_make_credential function. webauthn.io does not allow multiple keys to be registered. As a result, it works because excludelist is never used. For a quick check, I was able to register a key by deleting the range shown below. https://github.com/polhenarejos/pico-fido/blob/7a59b518494d46e01dd768e5d9af4a9caaf3bd74/src/fido/cbor_make_credential.c#L282-L298 https://w3c.github.io/webauthn/#dom-scopedcredentialoptions-excludelist

polhenarejos commented 2024-12-11 21:29:05 +08:00 (Migrated from github.com)

Copy Link

But this is the expected behavior. If a credential is already created and relayed by the RP, then it fails creating a new one (because it has been already created). It is described here:
https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#op-makecred-step-if-excludeList

I already created passkeys in google without problems.

But this is the expected behavior. If a credential is already created and relayed by the RP, then it fails creating a new one (because it has been already created). It is described here: https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#op-makecred-step-if-excludeList I already created passkeys in google without problems.

jcodeth commented 2024-12-11 22:48:24 +08:00 (Migrated from github.com)

Copy Link

Sorry for the poor explanation.
I wanted to explain why it works with webauthn.io.
I think the problem may be caused by omission of initialization of the structure.
7a59b51849/src/fido/credential.c (L146-L160)

/src/fido/cbor_make_credential.c

    Credential ecred = {0};    // Add initialization
    if (credential_load(excludeList[e].id.data, excludeList[e].id.len, rp_id_hash,
                             &ecred) == 0 &&
             (ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED ||
              (flags & FIDO2_AUT_FLAG_UV))) {
                 credential_free(&ecred);
             CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED);
    }
    credential_free(&ecred);

Sorry for the poor explanation. I wanted to explain why it works with webauthn.io. I think the problem may be caused by omission of initialization of the structure. https://github.com/polhenarejos/pico-fido/blob/7a59b518494d46e01dd768e5d9af4a9caaf3bd74/src/fido/credential.c#L146-L160 /src/fido/cbor_make_credential.c ```C Credential ecred = {0}; // Add initialization if (credential_load(excludeList[e].id.data, excludeList[e].id.len, rp_id_hash, &ecred) == 0 && (ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED || (flags & FIDO2_AUT_FLAG_UV))) { credential_free(&ecred); CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED); } credential_free(&ecred); ```

polhenarejos commented 2024-12-11 22:50:44 +08:00 (Migrated from github.com)

Copy Link

I tried to create a new passkey in Google without problems. Here's the flow (it's in catalan but easily recognized):

1. Two options: "Create a passkey" or "Use a security key". Click on "Use a security key", the good one.
   

2. Configure this key to be used by Google. OK or NOK?
   

3. Google will get the vendor name and model. Are you sure?
   

4. Introduce the PIN
   

5. Touch the BOOTSEL button.
   

And voilà. After touching the key is registered.

I tried to create a new passkey in Google without problems. Here's the flow (it's in catalan but easily recognized): 1. Two options: "Create a passkey" or "Use a security key". Click on "Use a security key", the good one. <img width="680" alt="Captura1" src="https://github.com/user-attachments/assets/1871a899-b234-4156-91a4-04579dfb9292" /> 2. Configure this key to be used by Google. OK or NOK? <img width="544" alt="Captura2" src="https://github.com/user-attachments/assets/e8a62cf8-0f1f-428c-8384-18980936a67b" /> 3. Google will get the vendor name and model. Are you sure? <img width="541" alt="Captura3" src="https://github.com/user-attachments/assets/9a9dcb89-6ee6-4207-b6e0-e4ef3b6dafc0" /> 4. Introduce the PIN <img width="520" alt="Captura4" src="https://github.com/user-attachments/assets/72852421-18c0-4d50-aa46-cf594a0e6fe8" /> 5. Touch the BOOTSEL button. <img width="555" alt="Captura5" src="https://github.com/user-attachments/assets/9a60366a-fe52-4f76-aa21-c2af449f7d4f" /> And voilà. After touching the key is registered. <img width="659" alt="Captura6" src="https://github.com/user-attachments/assets/5b0d8183-1f72-4a96-9cf7-73b321487c0d" />

polhenarejos commented 2024-12-11 23:06:21 +08:00 (Migrated from github.com)

Copy Link

You're right @jcodeth . If it is not properly initialized, it might crash on credential_free() afterwards. I'll push a fix.

You're right @jcodeth . If it is not properly initialized, it might crash on credential_free() afterwards. I'll push a fix.

elaralia commented 2024-12-12 03:44:58 +08:00 (Migrated from github.com)

Copy Link

I think I have the same issue, arch linux using chrome 131. Firefox doesn't work at all, but that looks expected from some of the other issues. Works perfectly fine with github and webauthn.io, but creating a passkey for a google account fails at the same point:

Pretty sure it is properly initialised, through the web commissioner

I think I have the same issue, arch linux using chrome 131. Firefox doesn't work at all, but that looks expected from some of the other issues. Works perfectly fine with github and webauthn.io, but creating a passkey for a google account fails at the same point:  Pretty sure it is properly initialised, through the web commissioner

polhenarejos commented 2024-12-12 05:42:28 +08:00 (Migrated from github.com)

Copy Link

I found the bug and it is related with the timeout/keepalive procedure. By specified in the FIDO documents, the authenticator must send keepalive commands regularly, to inform the client the command is still being processed. But taking the old U2F specifications, no keepalive was specified. So, it is in the client side the procedure to check the timeout.

Depending on the platform, google may decide to use CTAP2 (FIDO) protocol or CTAP1 (U2F). If it chooses CTAP2 (my above examples), it works normally. But if it chooses CTAP1, then it does not expect any keepalive command, regardless the specification. Once the keepalive is sent, it throws an error about "unknown command" and closes the connection.

I put a fix which mainly sends a keepalive command only if we are in a middle of CTAP2 transaction. Hopefully it will fix all these errors you have. I pushed the fix to development branch. You can wait for the nightly development build tonight or build yourself.

I found the bug and it is related with the timeout/keepalive procedure. By specified in the FIDO documents, the authenticator must send keepalive commands regularly, to inform the client the command is still being processed. But taking the old U2F specifications, no keepalive was specified. So, it is in the client side the procedure to check the timeout. Depending on the platform, google may decide to use CTAP2 (FIDO) protocol or CTAP1 (U2F). If it chooses CTAP2 (my above examples), it works normally. But if it chooses CTAP1, then it does not expect any keepalive command, regardless the specification. Once the keepalive is sent, it throws an error about "unknown command" and closes the connection. I put a fix which mainly sends a keepalive command only if we are in a middle of CTAP2 transaction. Hopefully it will fix all these errors you have. I pushed the fix to `development` branch. You can wait for the nightly development build tonight or build yourself.

79812b commented 2024-12-12 16:19:32 +08:00 (Migrated from github.com)

Copy Link

oh thanks for the update this issue i was facing with
Google
Binance
mostly both having same issue hope this fixes binance one too

oh thanks for the update this issue i was facing with Google Binance mostly both having same issue hope this fixes binance one too

elaralia commented 2024-12-12 23:43:13 +08:00 (Migrated from github.com)

Copy Link

Awesome! Worked perfectly for me

Thanks for this project!!

Awesome! Worked perfectly for me  Thanks for this project!!

79812b commented 2024-12-13 00:53:05 +08:00 (Migrated from github.com)

Copy Link

@samsell how can i update my pico ? where can i get the new file?

@samsell how can i update my pico ? where can i get the new file?

elaralia commented 2024-12-13 02:00:02 +08:00 (Migrated from github.com)

Copy Link

@79812b it's in the releases section, click the nightly development build and look for the pico-fido .uf2 file. Or the link is here if you have the standard pico: https://github.com/polhenarejos/pico-fido/releases/download/nightly-development/pico_fido_pico-6.0.uf2

@79812b it's in the releases section, click the nightly development build and look for the pico-fido .uf2 file. Or the link is here if you have the standard pico: https://github.com/polhenarejos/pico-fido/releases/download/nightly-development/pico_fido_pico-6.0.uf2 

Filz0r commented 2024-12-13 04:30:17 +08:00 (Migrated from github.com)

Copy Link

@79812b it's in the releases section, click the nightly development build and look for the pico-fido .uf2 file. Or the link is here if you have the standard pico: https://github.com/polhenarejos/pico-fido/releases/download/nightly-development/pico_fido_pico-6.0.uf2

Hello I was trying this project out on my pico on Firefox and Chromium on Linux and was having this exact issue, so I started to go trough this thread and found this message, tried it out and now it works, I'm now able to use my pico to authenticate for me, I was only able to register the device on Chromium though but that's already been mentioned elsewhere if I'm not mistaken.

Thanks a lot!

> @79812b it's in the releases section, click the nightly development build and look for the pico-fido .uf2 file. Or the link is here if you have the standard pico: https://github.com/polhenarejos/pico-fido/releases/download/nightly-development/pico_fido_pico-6.0.uf2  Hello I was trying this project out on my pico on Firefox and Chromium on Linux and was having this exact issue, so I started to go trough this thread and found this message, tried it out and now it works, I'm now able to use my pico to authenticate for me, I was only able to register the device on Chromium though but that's already been mentioned elsewhere if I'm not mistaken. Thanks a lot!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

development

nightly-development

nightly-main

v7.4

v7.2

v7.0-eddsa

v7.0

v6.6

v6.4-eddsa1

v6.4

v6.2

v6.0-eddsa1

v6.0

v5.12-eddsa1

v5.12

nightly-stable

v5.10

v5.8-eddsa1

v5.8

v5.6-eddsa1

v5.6

v5.4

v3.0

v2.10

v2.8

v2.6

v2.4

v2.2

v2.0

v1.2

v1.0

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

dearsky

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/pico-fido#72