Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fido2.ctap.CtapError: CTAP error: 0x35 - PIN_NOT_SET #130

Open
AWHubGit opened this issue May 2, 2021 · 2 comments
Open

fido2.ctap.CtapError: CTAP error: 0x35 - PIN_NOT_SET #130

AWHubGit opened this issue May 2, 2021 · 2 comments

Comments

@AWHubGit
Copy link

AWHubGit commented May 2, 2021

Valid Solo - FIDO2 (USB only) USB-A with firmware 4.1.2 locked from SoloKeys on ArchLinux solo-pythob version 0.0.30.
"solo key reset" was done. No PIN.
"solo key credential info" and "solo key credential ls" asking for PIN and failing with "fido2.ctap.CtapError: CTAP error: 0x35 - PIN_NOT_SET"
@nickray
Copy link
Member

nickray commented May 2, 2021
edited
Loading

Yeah credential management is only allowed when PIN is set by the CTAP spec.

@coelner
Copy link

coelner commented Dec 27, 2021

partly FYI: solokeys/solo1#570

If I'm understanding this correctly ( https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetInfo) the ClientPin option shows us whether a pin is set or not.

Client PIN:
If present and set to true, it indicates that the device is capable of accepting a PIN from the client and PIN has been set.
If present and set to false, it indicates that the device is capable of accepting a PIN from the client and PIN has not been set yet.
If absent, it indicates that the device is not capable of accepting a PIN from the client.
Client PIN is one of the ways to do user verification.

Here we check regardless of an available pin [solo key credential, solo key challenge-response]:
https://github.com/solokeys/solo-python/blob/f087629a8f17cf9de79832bda242057aae4a2475/solo/cli/key.py#L147
https://github.com/solokeys/solo-python/blob/f087629a8f17cf9de79832bda242057aae4a2475/solo/cli/key.py#L197
https://github.com/solokeys/solo-python/blob/f087629a8f17cf9de79832bda242057aae4a2475/solo/cli/key.py#L530
https://github.com/solokeys/solo-python/blob/f087629a8f17cf9de79832bda242057aae4a2475/solo/cli/key.py#L550
https://github.com/solokeys/solo-python/blob/f087629a8f17cf9de79832bda242057aae4a2475/solo/cli/key.py#L586

Here we do not check at all [solo key change-pin]:
https://github.com/solokeys/solo-python/blob/f087629a8f17cf9de79832bda242057aae4a2475/solo/cli/key.py#L310

But here it is checked [solo key verify]:
https://github.com/solokeys/solo-python/blob/f087629a8f17cf9de79832bda242057aae4a2475/solo/cli/key.py#L352-L359

Maybe it is useful to hide those entries which are not usable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nickray @AWHubGit @coelner