Failed to parse attestation object

[jftanner]

Hello. Hopefully you can help me get this working. I'm trying to use Windows Hello (fingerprint, specifically) to an SSH to use with Github.

I built from source, following the instructions and installed with sudo make install.

To generate a key pair, I ran:
SSH_SK_PROVIDER=/usr/local/lib/libwindowsfidobridge.so ssh-keygen -t ecdsa-sk

After a fairly long wait (#21?), I was prompted by the Windows Hello screen and touched the fingerprint reader.
Unfortunately, the result was unsuccessful:

Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
[2023-09-01 21:39:59.472] [win32-bridge] [critical] Failed to parse attestation object: Invalid or unknown attestation object format
Key enrollment failed: invalid format

Please let me know if there's any debuggint information I can provide. I'm quite stuck. :(

Versions:

• OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
• Ubuntu 22.04.3 LTS
• WSL version: 1.2.5.0
• Windows version: 10.0.22621.2134

[mxpph]

Same issue here.

• OpenSSH_8.9p1 Ubuntu-3ubuntu0.4, OpenSSL 3.0.2 15 Mar 2022
• Ubuntu 22.04.3 LTS
• WSL version: 1.2.5.0
• Windows version: 10.0.22621.2283

Compiled with the correct release flag (-DSK_API_VERSION=9)

Debug info:

[2023-10-07 15:12:27.494] [win32-bridge] [debug] Parsing CBOR attestation object
[2023-10-07 15:12:27.494] [win32-bridge] [debug] Map keys in CBOR attestation object: ["attStmt", "authData", "fmt"]
[2023-10-07 15:12:27.494] [win32-bridge] [debug] Attestation object format: "none"
[2023-10-07 15:12:27.495] [win32-bridge] [critical] Failed to parse attestation object: Invalid or unknown attestation object format

[bbqrob]

Same thing here, first suffered #21, now stumbling into this. Fix this as described (copied the so file to /mnt/c/temp temporarily and ln it back to /usr/local/lib).

• OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
• Ubuntu 22.04.4 LTS
• WSL version: 2.0.9.0
• Windows version: 10.0.22631.3235

Debug ssh-keygen

$ SSH_SK_PROVIDER=/usr/local/lib/libwindowsfidobridge.so sshkeygen -t ecdsa-sk -C sk -vvv
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug3: start_helper: started pid=122630
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_enroll: provider "/usr/local/lib/libwindowsfidobridge.so", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: sshsk_open: provider /usr/local/lib/libwindowsfidobridge.so implements version 0x00090000
[2024-03-10 18:36:31.673] [win32-bridge] [critical] Failed to parse attestation object: Invalid or unknown attestation object format
debug1: sshsk_enroll: provider "/usr/local/lib/libwindowsfidobridge.so" failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=122630
Key enrollment failed: invalid format

EDIT:
Running with WINDOWS_FIDO_BRIDGE_DEBUG=1 adds the following information:

[2024-03-10 18:56:02.945] [linux-middleware] [debug] Parameters from OpenSSH:
[2024-03-10 18:56:02.945] [linux-middleware] [debug]     Algorithm: 0
[2024-03-10 18:56:02.945] [linux-middleware] [debug]     Challenge:
[2024-03-10 18:56:02.945] [linux-middleware] [debug]       |        0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
[2024-03-10 18:56:02.945] [linux-middleware] [debug]       | 0000: a9 a7 c5 ab 44 3d 52 c7 c1 0e 57 c8 15 ad 4c 6a  ....D=R...W...Lj
[2024-03-10 18:56:02.945] [linux-middleware] [debug]       | 0010: 14 a3 a7 53 1f 9b a3 c4 17 e7 d2 ee 76 b6 7a 15  ...S........v.z.
[2024-03-10 18:56:02.946] [linux-middleware] [debug]     Application: "ssh:"
[2024-03-10 18:56:02.946] [linux-middleware] [debug]     Flags: 0b00000001
[2024-03-10 18:56:02.946] [linux-middleware] [debug]     PIN: (not present)
[2024-03-10 18:56:02.946] [linux-middleware] [debug]     Options:
[2024-03-10 18:56:02.946] [linux-middleware] [debug]         (No options provided)
[2024-03-10 18:56:02.946] [linux-middleware] [debug] Sending CBOR to bridge: {"request_parameters": {"alg": 0, "application": "ssh:", "challenge": b"a9a7c5ab443d52c7c10e57c815ad4c6a14a3a7531f9ba3c417e7d2ee76b67a15", "flags": 1, "sk_options": []}, "request_type": "sk_enroll"}
[2024-03-10 18:56:02.946] [linux-middleware] [debug] Invoking Windows bridge with the following parameters:
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   |        0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0000: a2 72 72 65 71 75 65 73 74 5f 70 61 72 61 6d 65  .rrequest_parame
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0010: 74 65 72 73 a5 63 61 6c 67 00 6b 61 70 70 6c 69  ters.calg.kappli
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0020: 63 61 74 69 6f 6e 64 73 73 68 3a 69 63 68 61 6c  cationdssh:ichal
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0030: 6c 65 6e 67 65 58 20 a9 a7 c5 ab 44 3d 52 c7 c1  lengeX ....D=R..
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0040: 0e 57 c8 15 ad 4c 6a 14 a3 a7 53 1f 9b a3 c4 17  .W...Lj...S.....
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0050: e7 d2 ee 76 b6 7a 15 65 66 6c 61 67 73 01 6a 73  ...v.z.eflags.js
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0060: 6b 5f 6f 70 74 69 6f 6e 73 80 6c 72 65 71 75 65  k_options.lreque
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0070: 73 74 5f 74 79 70 65 69 73 6b 5f 65 6e 72 6f 6c  st_typeisk_enrol
[2024-03-10 18:56:02.946] [linux-middleware] [debug]   | 0080: 6c                                               l
[2024-03-10 18:56:02.946] [linux-middleware] [debug] Forking.
[2024-03-10 18:56:02.946] [linux-middleware] [debug] Child process PID = 128418
[2024-03-10 18:56:02.946] [linux-middleware] [debug] Sending parameters to child process.
[2024-03-10 18:56:02.946] [linux-middleware] [debug] Parameters sent to child process, waiting for reply.
[2024-03-10 18:56:02.946] [linux-middleware] [debug] [Windows bridge child] Detected own library file path is "/usr/local/lib/libwindowsfidobridge.so".
[2024-03-10 18:56:02.946] [linux-middleware] [debug] [Windows bridge child] Using Windows bridge at "/usr/local/lib/windowsfidobridge.exe".
[2024-03-10 18:56:02.946] [linux-middleware] [debug] [Windows bridge child] Setting WSLENV environment variable to "WT_SESSION:WT_PROFILE_ID::WINDOWS_FIDO_BRIDGE_DEBUG:WINDOWS_FIDO_BRIDGE_FORCE_USER_VERIFICATION".
[2024-03-10 18:56:02.946] [linux-middleware] [debug] [Windows bridge child] Execing.
[2024-03-10 18:56:02.972] [win32-bridge] [debug] Received CBOR from caller: {"request_parameters": {"alg": 0, "application": "ssh:", "challenge": b"a9a7c5ab443d52c7c10e57c815ad4c6a14a3a7531f9ba3c417e7d2ee76b67a15", "flags": 1, "sk_options": []}, "request_type": "sk_enroll"}
[2024-03-10 18:56:02.986] [win32-bridge] [debug] Spawning background thread
[2024-03-10 18:56:30.937] [win32-bridge] [debug] Parsing CBOR attestation object
[2024-03-10 18:56:30.937] [win32-bridge] [debug] Map keys in CBOR attestation object: ["attStmt", "authData", "fmt"]
[2024-03-10 18:56:30.937] [win32-bridge] [debug] Attestation object format: "none"
[2024-03-10 18:56:30.937] [win32-bridge] [critical] Failed to parse attestation object: Invalid or unknown attestation object format
[2024-03-10 18:56:30.937] [win32-bridge] [debug] Sending CBOR to caller: {"return_code": -1}
[2024-03-10 18:56:30.938] [linux-middleware] [debug] Reply received from child process:
[2024-03-10 18:56:30.938] [linux-middleware] [debug]   |        0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
[2024-03-10 18:56:30.938] [linux-middleware] [debug]   | 0000: a1 6b 72 65 74 75 72 6e 5f 63 6f 64 65 20        .kreturn_code
[2024-03-10 18:56:30.938] [linux-middleware] [debug] Waiting for child process to exit.
[2024-03-10 18:56:30.945] [linux-middleware] [debug] Received CBOR from bridge: {"return_code": -1}
[2024-03-10 18:56:30.945] [linux-middleware] [debug] Bridge return code: -1

[mxpph]

I think it's a hardware issue. For example, going to this website (webauthn.io) and selecting the "security key" advanced option leads to this pop-up:

So the issue could be due to the device not supporting security keys.