Bug ID 1207086
Summary ykman fails to load FIDO 2 app for Yubico Security Key
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.4
Hardware x86-64
OS openSUSE Leap 15.4
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter john.serock@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 864045 [details]
YubiKey Manager GUI error

Overview:

When using a "Security Key by Yubico" hardware device, the YubiKey Manager
"ykman fido info" command fails with an error message.

Steps to Reproduce:

1) Install the yubikey-manager package if it is not already installed.
2) Insert a "Security Key by Yubico" device into a USB port.
3) From a terminal, run the "ykman fido info" command.

Actual results:
The ykman application exits with an error message:

  Error: Failed to load FIDO 2 Application.

Expected Results:

The ykman application should display a message about the device PIN. For
example, "PIN is set, with 8 tries left."

Additional Information:

1) When running "ykman -l DEBUG fido info", a traceback is displayed with a
ValueError message:

2023-01-11T15:55:57-0500 DEBUG [ykman.cli.fido.fido:77] Failed to load
Fido2Controller
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ykman/cli/fido.py", line 75, in fido
    ctx.obj['controller'] = Fido2Controller(dev.driver)
  File "/usr/lib/python3.6/site-packages/ykman/fido.py", line 44, in __init__
    self._info = self.ctap.get_info()
  File "/usr/lib/python3.6/site-packages/fido2/ctap2.py", line 659, in get_info
    return self.send_cbor(CTAP2.CMD.GET_INFO, parse=Info)
  File "/usr/lib/python3.6/site-packages/fido2/ctap2.py", line 591, in
send_cbor
    return parse(response[1:])
  File "/usr/lib/python3.6/site-packages/fido2/ctap2.py", line 100, in __init__
    data = dict((Info.KEY(k), v) for (k, v) in _parse_cbor(self).items())
  File "/usr/lib/python3.6/site-packages/fido2/ctap2.py", line 100, in
<genexpr>
    data = dict((Info.KEY(k), v) for (k, v) in _parse_cbor(self).items())
  File "/usr/lib64/python3.6/enum.py", line 293, in __call__
    return cls.__new__(cls, value)
  File "/usr/lib64/python3.6/enum.py", line 535, in __new__
    return cls._missing_(value)
  File "/usr/lib64/python3.6/enum.py", line 548, in _missing_
    raise ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 7 is not a valid KEY

2) The ykman-gui application, from the yubikey-manager-qt package, also
displays an error message after clicking on Applications > FIDO2. See attached
error screenshot.

3) A workaround for the issue is to use python-fido2 0.6.0 or 0.7.3 (available
from https://github.com/Yubico/python-fido2/releases) instead of the
python3-fido2 0.5.0-1.23 package. See attached workaround screenshot.

4) The issue does not occur with a "YubiKey 5 Nano" device.

You are receiving this mail because: