Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows 11 HELLO pin code fails on registration #217

Closed
superbly opened this issue Nov 1, 2022 · 5 comments
Closed

Windows 11 HELLO pin code fails on registration #217

superbly opened this issue Nov 1, 2022 · 5 comments

Comments

@superbly
Copy link

superbly commented Nov 1, 2022

TPM logic fails when registering using pin in windows 11 HELLO.
TPMCertifyInfofailed to unmarshal" in the log and the class is TPMCertifyInfo.class. As a result of debugging, it is an issue that occurs because the size of pos and the size of bytes are different, so what is the meaning of the variable pos?
@pleung-strongkey
Copy link

Hi @superbly,

Could you provide the Payara server logs for the error you are encountering?
Additionally, are you using one of the sample applications to test registration against the SKFS, or are you using a custom application in your setup?

@superbly
Copy link
Author

superbly commented Nov 2, 2022

Hi @pleung-strongkey

Well, we're not using Payara server, we're using Spring Boot. Spring boot is used, but the logic is the same.
Incorrect delivery of the class where the error occurs. The error occurrence part occurs when performing ECC algorithm logic in the unmarshal method of TPMPublicData.class.
And it's the same issue that happens even if you test it in your demo.

your demo
https://demo.strongkey.com/fidopolicy/#/registerAndLogin

image

@pleung-strongkey
Copy link

Hi @superbly,

I have set up a fresh Windows 11 machine with Windows Hello (PIN) enabled. I am to register successfully using our demo at https://demo.strongkey.com/fidopolicy with Windows Hello and the "Restricted-TPM" policy selected.

If possible, could you provide some info for the following:
The TPM version of the machine you are using to register on our demo
The policy you selected to test registration in the fidopolicy demo

Here are some other things I would recommend trying:
If you have another machine running Windows 11 with Windows Hello enabled, try using that on the fidopolicy demo.
Try testing with a different demo: https://demo.strongkey.com/basicdemo/

@pleung-strongkey
Copy link

Hi @superbly,

Windows 11 version 22H2 introduced EC support for TPM attestation, which revealed the bug that you have encountered in this issue.
A patch will be made to the fido2 project soon. You can check out the new branch here.

@push2085
Copy link
Contributor

Closing this as the bug has been fixed with release 4.8 and is listed as Bug-8 in the release notes (https://docs.strongkey.com/index.php/skfs-home/skfs-release-notes/skfs-4-8-0)

PS: We have stopped using GitHub for our source repository and our supporters are encouraged to get SKFS, its updates and support at SourceForge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@push2085 @superbly @pleung-strongkey