Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeePassXC can't communicate with YubiKey (wrong serial) #10656

Closed
kentala opened this issue May 2, 2024 · 4 comments · Fixed by #10663
Closed

KeePassXC can't communicate with YubiKey (wrong serial) #10656

kentala opened this issue May 2, 2024 · 4 comments · Fixed by #10663
Assignees
@droidmonkey
Labels
bug feature: Hardware Keys
Milestone
v2.7.8

Comments

@kentala
Copy link

kentala commented May 2, 2024
edited
Loading

Overview

I have a new YubiKey 5C Nano (firmware 5.4.3). I have copied my keepass-database HMAC challenge to the new YubiKey. When I plug the YubiKey and try to login to my database, KeePassXC reports the wrong serial number for the hardware key and cannot interface with the hardware key.

Steps to Reproduce

  1. With YubiKey connected enter database password and attempt to unlock.
  2. The YubiKey is detected on the password unlock screen, but displays a wrong serial number.
  3. Receive error: "Error while reading the database: Unable to calculate database key: Could not find interface for hardware key with serial number [WRONG SERIAL NUMBER]"
  4. Additionally: clicking the Refresh Hardware Keys changes the reported hardware key serial number.

Expected Behavior

Login without difficulty.

Actual Behavior

Wrong YubiKey serial number, database remains locked.

Context

The new YubiKey is attached directly to the Macbook Air. KeePassXC does not run under a virtual machine. Installed from Homebrew. Several other YubiKeys work correctly on the same computer. The affected YubiKey works correctly on the same computer with other applications (PGP) and also with KeePass-databases on an Android phone with Keepass2Android v. 1.10-pre. The affected YubiKey is the only one connected to the Mac at the time of testing.

KeePassXC - Version 2.7.7
Revision: 68e2dd8

Qt 5.15.11
Debugging mode is disabled.

Operating system: macOS 13.6
CPU architecture: x86_64
Kernel: darwin 22.6.0

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • Passkeys
  • SSH Agent
  • KeeShare
  • YubiKey
  • Quick Unlock

Cryptographic libraries:

  • Botan 3.1.1

NOTE:
Operating System: macOS
@kentala kentala added the bug label May 2, 2024
@droidmonkey
Copy link
Member

I've had this happen before in testing, but it was easily cleared by refreshing the key list. There is definitely a bug, need to hunt it down.

@droidmonkey droidmonkey added this to the v2.7.8 milestone May 2, 2024
@droidmonkey droidmonkey self-assigned this May 2, 2024
@kentala
Copy link
Author

kentala commented May 3, 2024

I've had this happen before in testing, but it was easily cleared by refreshing the key list. There is definitely a bug, need to hunt it down.

If it's any help: most of the time the length of the wrong serial is correct, but sometimes the serial is reported as just the single number "4".

@mpas97
Copy link
Contributor

mpas97 commented May 3, 2024

I just went a bit through #10092. I found a mistake (we should pass productId not vendorId), not sure if related but worth to mention.

keepassxc/src/gui/osutils/macutils/DeviceListenerMac.cpp

Lines 56 to 57 in 1896883

if (productId > 0) {
auto pid = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &vendorId);

@droidmonkey
Copy link
Member

Good catch! @phoerious

droidmonkey added a commit that referenced this issue May 4, 2024
@droidmonkey
Fix issues with Hardware Key auto detection
388aeb0 
* Fix #10656 - Add a small delay when before auto-polling hardware keys to all them to settle immediately after plugging in. This resolves an issue where the key's serial number could not be resolved due to hardware timeout.
* Also fix use of uninitialized variable if polling serial number fails for whatever reason.

* Fix typo in macOS key registration code

* Prevent registering duplicate listeners on window focus. These were not de-registered because we didn't trigger on unfocus. Show/Hide are sufficient triggers to add and remove listeners.
@droidmonkey droidmonkey mentioned this issue May 4, 2024
Merged
droidmonkey added a commit that referenced this issue May 5, 2024
@droidmonkey
Fix issues with Hardware Key auto detection
d145d5b 
* Fix #10656 - Add a small delay when before auto-polling hardware keys to all them to settle immediately after plugging in. This resolves an issue where the key's serial number could not be resolved due to hardware timeout.
* Also fix use of uninitialized variable if polling serial number fails for whatever reason.

* Fix typo in macOS key registration code

* Prevent registering duplicate listeners on window focus. These were not de-registered because we didn't trigger on unfocus. Show/Hide are sufficient triggers to add and remove listeners.
droidmonkey added a commit that referenced this issue May 5, 2024
@droidmonkey
Fix issues with Hardware Key auto detection
89fb8d0 
* Fix #10656 - Add a small delay when before auto-polling hardware keys to all them to settle immediately after plugging in. This resolves an issue where the key's serial number could not be resolved due to hardware timeout.
* Also fix use of uninitialized variable if polling serial number fails for whatever reason.

* Fix typo in macOS key registration code

* Prevent registering duplicate listeners on window focus. These were not de-registered because we didn't trigger on unfocus. Show/Hide are sufficient triggers to add and remove listeners.
droidmonkey added a commit that referenced this issue May 5, 2024
@droidmonkey
Fix issues with Hardware Key auto detection
3ace4c6 
* Fix #10656 - Add a small delay when before auto-polling hardware keys to all them to settle immediately after plugging in. This resolves an issue where the key's serial number could not be resolved due to hardware timeout.
* Also fix use of uninitialized variable if polling serial number fails for whatever reason.

* Fix typo in macOS key registration code

* Prevent registering duplicate listeners on window focus. These were not de-registered because we didn't trigger on unfocus. Show/Hide are sufficient triggers to add and remove listeners.
droidmonkey added a commit that referenced this issue May 5, 2024
@droidmonkey
Fix issues with Hardware Key auto detection
75de623 
* Fix #10656 - Add a small delay when before auto-polling hardware keys to all them to settle immediately after plugging in. This resolves an issue where the key's serial number could not be resolved due to hardware timeout.
* Also fix use of uninitialized variable if polling serial number fails for whatever reason.

* Fix typo in macOS key registration code

* Prevent registering duplicate listeners on window focus. These were not de-registered because we didn't trigger on unfocus. Show/Hide are sufficient triggers to add and remove listeners.
pull bot pushed a commit to shashinma/keepassxc that referenced this issue May 5, 2024
@droidmonkey @pull
Fix issues with Hardware Key auto detection
455ac5b 
* Fix keepassxreboot#10656 - Add a small delay when before auto-polling hardware keys to all them to settle immediately after plugging in. This resolves an issue where the key's serial number could not be resolved due to hardware timeout.
* Also fix use of uninitialized variable if polling serial number fails for whatever reason.

* Fix typo in macOS key registration code

* Prevent registering duplicate listeners on window focus. These were not de-registered because we didn't trigger on unfocus. Show/Hide are sufficient triggers to add and remove listeners.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@droidmonkey droidmonkey

Labels
bug feature: Hardware Keys
Projects
None yet
Milestone
v2.7.8
Development

Successfully merging a pull request may close this issue.

Fix issues with Hardware Key auto detection keepassxreboot/keepassxc
3 participants
@droidmonkey @kentala @mpas97