Ubuntu
pam-u2f package

libpam-u2f outdated, breaks auth for newer Yubikeys

Bug #1888955 reported by Dan Urson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pam-u2f (Ubuntu)
New
Undecided
Unassigned

Bug Description

Not strictly a bug - an outdated 3P package causes 2-factor authentication to fail for newer Yubikeys. They cannot be registered:

```
❯ pamu2fcfg -d > ~/.config/Yubico/u2f_keys
USB send: 00ffffffff860008c5facc7ccc492f32000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
USB write returned 65
now trying with timeout 2
USB read rc read 64
USB recv: ffffffff860011c5facc7ccc492f3200460002020404050500000000000000000000000000000000000000000000000000000000000000000000000000000000
device /dev/hidraw2 discovered as 'Yubikey 4 OTP+U2F'
  version (Interface, Major, Minor, Build): 2, 4, 4, 5 capFlags: 5
JSON: { "challenge": "<<REDACTED>>", "version": "U2F_V2", "appId": "pam:\/\/millstone" }
JSON challenge URL-B64: <<REDACTED>>
client data: { "challenge": "<<REDACTED>>", "origin": "pam:\/\/millstone", "typ": "navigator.id.finishEnrollment" }
JSON: { "challenge": "<<REDACTED>>", "version": "U2F_V2", "appId": "pam:\/\/millstone" }
JSON app_id pam://millstone
USB send: 000046000283004900010300000040505a976db499e8fa7bf91e327794c9e367d718efd07ee8c08f35ffdf7b6e6d9f8885d0e0544e2c414845ee55c3d7421371
USB write returned 65
USB send: 000046000200a5b8670db57f195e8ec17e307d3b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
USB write returned 65
now trying with timeout 2
now trying with timeout 4
now trying with timeout 8
now trying with timeout 16
now trying with timeout 32
now trying with timeout 64
now trying with timeout 128
now trying with timeout 256
USB read rc read 64
USB recv: 0046000283000263c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
USB data (len 2): 63c0
Unable to generate registration challenge, error in transport layer (-2)
```

I've filed an [issue](https://github.com/Yubico/pam-u2f/issues/150) in its GitHub repo as well, and will try build the most recent release (1.1.9) for Fossa.

## Requested info.

Release: Ubuntu 20.04.1 LTS
Package version: libpam-u2f:
  Installed: 1.0.8-1
  Candidate: 1.0.8-1
  Version table:
 *** 1.0.8-1 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libpam-u2f 1.0.8-1
ProcVersionSignature: Ubuntu 5.4.0-42.46-generic 5.4.44
Uname: Linux 5.4.0-42-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu27.4
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Sat Jul 25 15:31:03 2020
InstallationDate: Installed on 2020-07-20 (5 days ago)
InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
SourcePackage: pam-u2f
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Dan Urson (plygrnd) wrote :
Revision history for this message
Dan Urson (plygrnd) wrote :

Correction. This is an issue in libu2f-host, not pam-u2f. Fixing.

Revision history for this message
Dan Urson (plygrnd) wrote :

I'm an idiot... this can be closed. I was using a FIPS Yubikey, which doesn't seem to like libu2f.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.