From nobody Thu May 19 12:20:14 2022 X-Original-To: freebsd-usb@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id EE8001B42DF6 for ; Thu, 19 May 2022 13:20:06 +0000 (UTC) (envelope-from naddy@mips.inka.de) Received: from mail.inka.de (mail.inka.de [IPv6:2a04:c9c7:0:1073:217:a4ff:fe3b:e77c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4L3r7V3SsTz3pLC for ; Thu, 19 May 2022 13:20:06 +0000 (UTC) (envelope-from naddy@mips.inka.de) Received: from mips.inka.de (naddy@[127.0.0.1]) by mail.inka.de with uucp (rmailwrap 0.5) id 1nrg4T-00D2Lp-EO; Thu, 19 May 2022 15:20:05 +0200 Received: from lorvorc.mips.inka.de (localhost [127.0.0.1]) by lorvorc.mips.inka.de (8.16.1/8.16.1) with ESMTP id 24JDFMWi025934 for ; Thu, 19 May 2022 15:15:22 +0200 (CEST) (envelope-from naddy@lorvorc.mips.inka.de) Received: (from naddy@localhost) by lorvorc.mips.inka.de (8.16.1/8.16.1/Submit) id 24JDFMH2025933 for freebsd-usb@freebsd.org; Thu, 19 May 2022 15:15:22 +0200 (CEST) (envelope-from naddy) Resent-From: Christian Weisgerber Resent-Date: Thu, 19 May 2022 15:15:22 +0200 Resent-Message-ID: Resent-To: freebsd-usb@freebsd.org Date: Thu, 19 May 2022 14:20:14 +0200 From: Christian Weisgerber To: freebsd-usb@freebsd.org Subject: Yubikey uhid(4) problem? (PR 263995) Message-ID: List-Id: FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-usb List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-usb@freebsd.org X-BeenThere: freebsd-usb@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 4L3r7V3SsTz3pLC X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of naddy@mips.inka.de has no SPF policy when checking 2a04:c9c7:0:1073:217:a4ff:fe3b:e77c) smtp.mailfrom=naddy@mips.inka.de X-Spamd-Result: default: False [-1.71 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FREEFALL_USER(0.00)[naddy]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-usb@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; NEURAL_HAM_SHORT(-0.61)[-0.605]; DMARC_NA(0.00)[inka.de]; MLMMJ_DEST(0.00)[freebsd-usb]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:202113, ipnet:2a04:c9c7::/32, country:DE]; RCVD_TLS_LAST(0.00)[]; SUBJECT_HAS_QUESTION(0.00)[] X-ThisMailContainsUnwantedMimeParts: N From the 13.1 release announcement: | * The use of FIDO/U2F hardware authenticators has been enabled in ssh, | using the new public key types ecdsa-sk and ed25519-sk, along with | corresponding certificate types. I'm trying to use this on 13.1-STABLE/amd64 with a USB-attached FIDO authenticator (Yubico Security Key). It works in principle but not reliably. After excluding other possibilities, I wonder if that's due to a USB problem. I have collected more information at... https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263995 ... but I'll summarize: uhid1: on usbus0 For about one out of three authentication attempts, ssh-sk-helper(8) hangs while talking to the authenticator over a uhid(4) device. There are full ktrace dumps attached to the PR, but the relevant part is this: 71467 ssh-sk-helper CALL openat(AT_FDCWD,0x801e22060,0x2) 71467 ssh-sk-helper NAMI "/dev/uhid1" 71467 ssh-sk-helper RET openat 3 71467 ssh-sk-helper CALL fstat(0x3,0x7fffffffe0b0) 71467 ssh-sk-helper STRU struct stat {dev=1895890688, ino=538, mode=020664, nlink=1, uid=0, gid=116, rdev=538, atime=1652708407, mtime=1652708973, ctime=1652708973, birthtime=-1, size=0, blksize=4096, blocks=0, flags=0x0 } 71467 ssh-sk-helper RET fstat 0 71467 ssh-sk-helper CALL ioctl(0x3,HIDRAW_GET_REPORT_DESC,0x7fffffffe1c0) 71467 ssh-sk-helper RET ioctl 0 71467 ssh-sk-helper CALL write(0x3,0x7fffffffe1c1,0x40) 71467 ssh-sk-helper GIO fd 3 wrote 64 bytes 0x0000 ffff ffff 8600 08be d2ad 6cec a1e4 b200 |..........l.....| 0x0010 0000 0000 0000 0000 0000 0000 0000 0000 |................| 0x0020 0000 0000 0000 0000 0000 0000 0000 0000 |................| 0x0030 0000 0000 0000 0000 0000 0000 0000 0000 |................| 71467 ssh-sk-helper RET write 64/0x40 71467 ssh-sk-helper CALL ppoll(0x7fffffffe130,0x1,0,0) ssh-sk-helper opens a uhid device and writes a CTAPHID_INIT message to it. When authentication works, ssh-sk-helper receives a reply from the uhid device and some further messages are exchanged. When it hangs, ssh-sk-helper simply sits in the ppoll(2) waiting for a response that never comes. I have fixed truss(1) to decode ppoll(2)'s arguments and the correct file descriptor is passed. I don't see how this can be a bug in ssh-sk-helper. Using my backup authenticator or different USB ports doesn't make any difference. Also, I cannot reproduce the problem on OpenBSD. Is this a problem at the USB level? I have now enabled hw.usb.uhid.debug=1. When there is a successful authentication exchange, there are a number of "uhid_intr_read_callback: transferred!" messages. When ssh-sk-helper hangs, there are none. I don't know how to debug this any further. -- Christian "naddy" Weisgerber naddy@mips.inka.de