Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Papercuts #158

Open
nickray opened this issue Mar 28, 2019 · 5 comments
Open

Papercuts #158

nickray opened this issue Mar 28, 2019 · 5 comments

Comments

@nickray
Copy link
Member

nickray commented Mar 28, 2019
edited
Loading

This is the list of currently known issues that are

  • not thought to be critical
  • not (easily) fixable in a backwards-compatible way

The plan is to fix these if either

  • a security critical bug forces us to rollout firmware upgrades for everybody, or
  • we move to a new chip (e.g. Cortex-M23 or M33 series), with separate firmware builds
  1. U2F counter starts at 2130706432 instead of zero (FIDO2 counter not affected): https://github.com/solokeys/solo/blob/4e21c0bd8ff18c9066b88b549a54289901ae482f/fido2/u2f.c#L250 (fixed in firmware v2.1)
  2. Resident Key display name limited to 32 instead of 64 characters: https://github.com/solokeys/solo/blob/4e21c0bd8ff18c9066b88b549a54289901ae482f/fido2/ctap.h#L104
@mutantmonkey
Copy link

U2F counter starts at 2130706432 instead of zero (FIDO2 counter not affected):

This seems like it's more than a minor problem. If I register in a browser that only uses U2F/CTAP1 and then try to authenticate in a browser using CTAP2, won't that cause authentication to fail? It seems like at the very least this same treatment would need to be applied to the CTAP2 counter.

@conorpp
Copy link
Member

conorpp commented Apr 1, 2019

Great point! Will just rip the band aid off now and update U2F counter for good.

@onlykey
Copy link

onlykey commented May 3, 2019

@conorpp @nickray I am working on porting Solo firmware over to OnlyKey. Its different hardware so unfortunately there are lots of changes that were required (i.e. We use hardware wear leveled EEPROM). A couple of question related to 2. above:

@aseigler
Copy link
Contributor

aseigler commented May 3, 2019

With regard to RKs and https://fido2.azurewebsites.net, best I recall is that it does work, but possibly only with certain browsers.

@0x0ece
Copy link
Member

0x0ece commented May 3, 2019

demo.yubico.com also has a demo for RK

This was referenced May 16, 2019
Closed
Open
szszszsz added a commit to Nitrokey/fido2-tests that referenced this issue Aug 31, 2019
@szszszsz
Check minimum required lengths of the FIDO2 RK fields
7d54283 
Related:
solokeys/solo1#158 (comment)
Nitrokey/nitrokey-fido2-firmware#15
@szszszsz szszszsz mentioned this issue Aug 31, 2019
Merged
1 task
conorpp pushed a commit to trussed-dev/fido2-tests that referenced this issue Sep 1, 2019
@szszszsz @conorpp
Check minimum required lengths of the FIDO2 RK fields
72d987c 
Related:
solokeys/solo1#158 (comment)
Nitrokey/nitrokey-fido2-firmware#15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mutantmonkey @nickray @0x0ece @conorpp @aseigler @onlykey