fido_hid_read: read: Resource temporarily unavailable when trying to generate FIDO key

[TV4Fun]

What version of libfido2 are you using?
Latest checkout from git/main, built on my machine.
What operating system are you running?
macOS 14.4.1 (23E224)

What application are you using in conjunction with libfido2?
OpenSSH_9.7p1, OpenSSL 3.2.1 30 Jan 2024, specifically with ssh-keygen
How does the problem manifest itself?
I am trying to generate a FIDO2 key on my YubiKey Nano 5C:

$ ykman info
Device type: YubiKey 5C Nano
Serial number: 15969169
Firmware version: 5.4.3
Form factor: Nano (USB-C)
Enabled USB interfaces: OTP, FIDO, CCID

Applications
FIDO2       	Enabled
OTP         	Enabled
FIDO U2F    	Enabled
OATH        	Enabled
YubiHSM Auth	Enabled
OpenPGP     	Enabled
PIV         	Enabled

I tried using the standard command ssh-keygen -t ed25519-sk -O resident -O application=ssh:Nomad -O verify-required and after verifying my PIN and my tap, I got Key enrollment failed: invalid format. Running with -vvvv showed both a FIDO_ERR_RX and a FIDO_ERR_NO_CREDENTIALS. Following the advice here I installed a custom libsk-libfido2, which then gave different errors but still ended with invalid format. Following the advice here I built my own version of libsk-libfido2.dylib with -DSK_DEBUG. That gave a lot of detail which doesn't mean much to me, but hopefully will to you. I also installed my own debug build of libfido2 and ran with FIDO_DEBUG=1. It looks like the error that is now stopping it is fido_hid_read: read: Resource temporarily unavailable and I am not sure why that is appearing. It appears consistently every time I try to run it. Have tried rebooting, updating OpenSSH and LibFido2 from Homebrew. Let me know what else I should try.

ETA: Trying to run examples/cred gives:

$ ./cred ioreg://4294982390
fido_hid_open: get_ioreg_entry: ioreg://4294982390
fido_dev_open_tx: dev->io.open
cred: fido_dev_open: FIDO_ERR_INTERNAL (0xfffffff7)

Is the problem reproducible?
Happens every time, haven't figured out a way to generate a key successfully.
What are the steps that lead to the problem?
Try to generate a key per instructions here with ssh-keygen -t ed25519-sk -O resident -O application=ssh:Nomad -O verify-required

Does the problem happen with different authenticators?
Tried a few different versions of OpenSSH and libfido2

Please include the output of fido2-token -L.

fido2-token -L

$ fido2-token -L
run_manifest: found 1 hid device
ioreg://4294982390: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)

Please include the output of fido2-token -I.

fido2-token -I

$ fido2-token -I ioreg://4294982390
fido_tx: dev=0x600003aac6c0, cmd=0x06
fido_tx: buf=0x600003aac6c0, len=8
0000: 64 60 94 df 7b 26 2b 6f
fido_rx: dev=0x600003aac6c0, cmd=0x06, ms=-1
rx_preamble: buf=0x16ba26ea8, len=64
0000: ff ff ff ff 86 00 11 64 60 94 df 7b 26 2b 6f 16
0016: b6 75 87 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x600003aac6c8, len=17
0000: 64 60 94 df 7b 26 2b 6f 16 b6 75 87 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x600003aac6c0
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x16ba26f07, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600003aac6c0, ci=0x6000037a8000, ms=-1
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26e38, len=64
0000: 16 b6 75 87 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16ba26e38, len=64
0000: 16 b6 75 87 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16ba26e38, len=64
0000: 16 b6 75 87 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16ba26e38, len=64
0000: 16 b6 75 87 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x122809e00, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
proto: 0x02
major: 0x05
minor: 0x04
build: 0x03
caps: 0x05 (wink, cbor, msg)
fido_dev_get_cbor_info_tx: dev=0x600003aac6c0
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x16ba26fd7, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600003aac6c0, ci=0x6000037a8000, ms=-1
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x12300dc00, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
version strings: U2F_V2, FIDO_2_0, FIDO_2_1_PRE
extension strings: credProtect, hmac-secret
transport strings: usb
algorithms: es256 (public-key), eddsa (public-key)
aaguid: ee882879721c491397753dfcce97072a
options: rk, up, noplat, clientPin, credentialMgmtPreview
fwversion: 0x50403
maxmsgsiz: 1200
maxcredcntlst: 8
maxcredlen: 128
maxlargeblob: 0
minpinlen: 4
pin protocols: 2, 1
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x600000aa4210, len=6
0000: 06 a2 01 01 02 01
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26f48, len=64
0000: 16 b6 75 87 90 00 04 00 a1 03 08 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=4
fido_rx: buf=0x12300dc00, len=4
0000: 00 a1 03 08
pin retries: 8
pin change required: false
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x600000aa4260, len=6
0000: 06 a2 01 01 02 07
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26f48, len=64
0000: 16 b6 75 87 90 00 01 33 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x12300dc00, len=1
0000: 33
cbor_parse_reply: blob[0]=0x33
fido_dev_get_uv_retry_count_rx: parse_uv_retry_count
uv retries: undefined
fido_tx: dev=0x600003aac6c0, cmd=0x10
fido_tx: buf=0x600000aa4220, len=6
0000: 40 a2 01 01 02 07
fido_rx: dev=0x600003aac6c0, cmd=0x10, ms=-1
rx_preamble: buf=0x16ba26f08, len=64
0000: 16 b6 75 87 90 00 01 01 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x12300dc00, len=1
0000: 01
cbor_parse_reply: blob[0]=0x01
bio_rx_info: bio_parse_info
bio_get_info_wait: tx/rx

Please include the output of FIDO_DEBUG=1.

FIDO_DEBUG=1

$ export FIDO_DEBUG=1
$ ssh-keygen -vvvv -t ed25519-sk -O resident -O application=ssh:Nomad -O verify-required
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug3: start_helper: started pid=26412
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /opt/homebrew/Cellar/openssh/9.7p1/libexec/ssh-sk-helper
debug1: sshsk_enroll: provider "/usr/local/lib/libsk-libfido2.dylib", device "(null)", application "ssh:Nomad", userid "(null)", flags 0x25, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: sshsk_open: provider /usr/local/lib/libsk-libfido2.dylib implements version 0x000a0000
run_manifest: found 1 hid device
sk_probe: 1 device(s) detected
sk_probe: selecting sk by touch
fido_tx: dev=0x600002768000, cmd=0x06
fido_tx: buf=0x600002768000, len=8
0000: 1d 8d fe 40 37 5b 0e 74
fido_rx: dev=0x600002768000, cmd=0x06, ms=-1
rx_preamble: buf=0x16d38eae8, len=64
0000: ff ff ff ff 86 00 11 1d 8d fe 40 37 5b 0e 74 69
0016: da 0e 15 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x600002768008, len=17
0000: 1d 8d fe 40 37 5b 0e 74 69 da 0e 15 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x600002768000
fido_tx: dev=0x600002768000, cmd=0x10
fido_tx: buf=0x16d38eb47, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600002768000, ci=0x600002a60000, ms=-1
fido_rx: dev=0x600002768000, cmd=0x10, ms=-1
rx_preamble: buf=0x16d38ea78, len=64
0000: 69 da 0e 15 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16d38ea78, len=64
0000: 69 da 0e 15 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16d38ea78, len=64
0000: 69 da 0e 15 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16d38ea78, len=64
0000: 69 da 0e 15 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x11d80e000, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
sk_enroll: using device ioreg://4294982390
fido_dev_get_cbor_info_tx: dev=0x600002768000
fido_tx: dev=0x600002768000, cmd=0x10
fido_tx: buf=0x16d38ecf7, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600002768000, ci=0x600002a61950, ms=-1
fido_rx: dev=0x600002768000, cmd=0x10, ms=-1
rx_preamble: buf=0x16d38ec28, len=64
0000: 69 da 0e 15 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16d38ec28, len=64
0000: 69 da 0e 15 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16d38ec28, len=64
0000: 69 da 0e 15 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16d38ec28, len=64
0000: 69 da 0e 15 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x11d811000, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
check_sk_options: option uv is unknown
fido_tx: dev=0x600002768000, cmd=0x10
fido_tx: buf=0x600000065200, len=54
0000: 02 a3 01 69 73 73 68 3a 4e 6f 6d 61 64 02 58 20
0016: 66 68 7a ad f8 62 bd 77 6c 8f c1 8b 8e 9f 8e 20
0032: 08 97 14 85 6e e2 33 b3 90 2a 59 1d 0d 5f 29 25
0048: 05 a1 62 75 70 f4
fido_rx: dev=0x600002768000, cmd=0x10, ms=-1
rx_preamble: buf=0x16d38ec48, len=64
0000: 69 da 0e 15 90 00 01 2e 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x11d811000, len=1
0000: 2e
cbor_parse_reply: blob[0]=0x2e
fido_dev_get_assert_rx: adjust_assert_count
key_lookup: fido_dev_get_assert: FIDO_ERR_NO_CREDENTIALS
fido_tx: dev=0x600002768000, cmd=0x10
fido_tx: buf=0x6000022680b0, len=169
0000: 01 a6 01 58 20 a9 39 39 cf 86 51 a6 b7 8f 7e f6
0016: 54 35 ba fe 3d 10 9b ee b9 dd 45 7b 57 a7 f5 ba
0032: c4 bd 60 d0 b5 02 a1 62 69 64 69 73 73 68 3a 4e
0048: 6f 6d 61 64 03 a3 62 69 64 58 20 00 00 00 00 00
0064: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080: 00 00 00 00 00 00 00 00 00 00 00 64 6e 61 6d 65
0096: 67 6f 70 65 6e 73 73 68 6b 64 69 73 70 6c 61 79
0112: 4e 61 6d 65 67 6f 70 65 6e 73 73 68 04 81 a2 63
0128: 61 6c 67 27 64 74 79 70 65 6a 70 75 62 6c 69 63
0144: 2d 6b 65 79 06 a1 6b 63 72 65 64 50 72 6f 74 65
0160: 63 74 03 07 a1 62 72 6b f5
fido_rx: dev=0x600002768000, cmd=0x10, ms=-1
rx_preamble: buf=0x16d38ec38, len=64
0000: 69 da 0e 15 90 00 01 36 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x11d810000, len=1
0000: 36
cbor_parse_reply: blob[0]=0x36
fido_dev_make_cred_rx: parse_makecred_reply
sk_enroll: fido_dev_make_cred: FIDO_ERR_PIN_REQUIRED
fido_tx: dev=0x600002768000, cmd=0x11
fido_tx: buf=0x0, len=0
debug1: sshsk_enroll: provider "/usr/local/lib/libsk-libfido2.dylib" failure -3
debug1: ssh-sk-helper: Enrollment failed: incorrect passphrase supplied to decrypt private key
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -43
debug3: reap_helper: pid=26412
Enter PIN for authenticator:
You may need to touch your authenticator again to authorize key generation.
debug3: start_helper: started pid=26415
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /opt/homebrew/Cellar/openssh/9.7p1/libexec/ssh-sk-helper
debug1: sshsk_enroll: provider "/usr/local/lib/libsk-libfido2.dylib", device "(null)", application "ssh:Nomad", userid "(null)", flags 0x25, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
debug1: sshsk_open: provider /usr/local/lib/libsk-libfido2.dylib implements version 0x000a0000
run_manifest: found 1 hid device
sk_probe: 1 device(s) detected
sk_probe: selecting sk by touch
fido_tx: dev=0x600003364750, cmd=0x06
fido_tx: buf=0x600003364750, len=8
0000: 29 82 81 0e 91 44 e1 94
fido_rx: dev=0x600003364750, cmd=0x06, ms=-1
rx_preamble: buf=0x16d326ae8, len=64
0000: ff ff ff ff 86 00 11 29 82 81 0e 91 44 e1 94 c7
0016: 87 df d0 02 05 04 03 05 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=17
fido_rx: buf=0x600003364758, len=17
0000: 29 82 81 0e 91 44 e1 94 c7 87 df d0 02 05 04 03
0016: 05
fido_dev_get_cbor_info_tx: dev=0x600003364750
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x16d326b47, len=1
0000: 04
fido_dev_get_cbor_info_rx: dev=0x600003364750, ci=0x600003e60000, ms=-1
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326a78, len=64
0000: c7 87 df d0 90 00 c8 00 ac 01 83 66 55 32 46 5f
0016: 56 32 68 46 49 44 4f 5f 32 5f 30 6c 46 49 44 4f
0032: 5f 32 5f 31 5f 50 52 45 02 82 6b 63 72 65 64 50
0048: 72 6f 74 65 63 74 6b 68 6d 61 63 2d 73 65 63 72
rx: payload_len=200
rx: buf=0x16d326a78, len=64
0000: c7 87 df d0 00 65 74 03 50 ee 88 28 79 72 1c 49
0016: 13 97 75 3d fc ce 97 07 2a 04 a5 62 72 6b f5 62
0032: 75 70 f5 64 70 6c 61 74 f4 69 63 6c 69 65 6e 74
0048: 50 69 6e f5 75 63 72 65 64 65 6e 74 69 61 6c 4d
rx: buf=0x16d326a78, len=64
0000: c7 87 df d0 01 67 6d 74 50 72 65 76 69 65 77 f5
0016: 05 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63
0032: 75 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65
0048: 6a 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67
rx: buf=0x16d326a78, len=64
0000: c7 87 df d0 02 27 64 74 79 70 65 6a 70 75 62 6c
0016: 69 63 2d 6b 65 79 0d 04 0e 1a 00 05 04 03 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x14680e400, len=200
0000: 00 ac 01 83 66 55 32 46 5f 56 32 68 46 49 44 4f
0016: 5f 32 5f 30 6c 46 49 44 4f 5f 32 5f 31 5f 50 52
0032: 45 02 82 6b 63 72 65 64 50 72 6f 74 65 63 74 6b
0048: 68 6d 61 63 2d 73 65 63 72 65 74 03 50 ee 88 28
0064: 79 72 1c 49 13 97 75 3d fc ce 97 07 2a 04 a5 62
0080: 72 6b f5 62 75 70 f5 64 70 6c 61 74 f4 69 63 6c
0096: 69 65 6e 74 50 69 6e f5 75 63 72 65 64 65 6e 74
0112: 69 61 6c 4d 67 6d 74 50 72 65 76 69 65 77 f5 05
0128: 19 04 b0 06 82 02 01 07 08 08 18 80 09 81 63 75
0144: 73 62 0a 82 a2 63 61 6c 67 26 64 74 79 70 65 6a
0160: 70 75 62 6c 69 63 2d 6b 65 79 a2 63 61 6c 67 27
0176: 64 74 79 70 65 6a 70 75 62 6c 69 63 2d 6b 65 79
0192: 0d 04 0e 1a 00 05 04 03
fido_dev_open_rx: FIDO_MAXMSG=2048, maxmsgsiz=1200
sk_enroll: using device ioreg://4294982390
fido_dev_authkey_tx: dev=0x600003364750
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x60000036c0d0, len=6
0000: 06 a2 01 02 02 02
fido_dev_authkey_rx: dev=0x600003364750, authkey=0x600001460600, ms=-1
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326b38, len=64
0000: c7 87 df d0 90 00 51 00 a1 01 a5 01 02 03 38 18
0016: 20 01 21 58 20 06 c1 6d d3 bc 13 60 ec d5 94 78
0032: 15 5f 1b 01 75 97 15 77 cc c5 39 ee da 72 47 b6
0048: 80 d9 33 a4 45 22 58 20 a3 c6 8e 6f 28 37 5d e2
rx: payload_len=81
rx: buf=0x16d326b38, len=64
0000: c7 87 df d0 00 7e d4 47 22 61 a6 00 ab 79 6f 22
0016: 5d 03 ab 5f 9c b3 ee a9 4b 62 09 b8 b6 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x14680e400, len=81
0000: 00 a1 01 a5 01 02 03 38 18 20 01 21 58 20 06 c1
0016: 6d d3 bc 13 60 ec d5 94 78 15 5f 1b 01 75 97 15
0032: 77 cc c5 39 ee da 72 47 b6 80 d9 33 a4 45 22 58
0048: 20 a3 c6 8e 6f 28 37 5d e2 7e d4 47 22 61 a6 00
0064: ab 79 6f 22 5d 03 ab 5f 9c b3 ee a9 4b 62 09 b8
0080: b6
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x600002f63100, len=120
0000: 06 a4 01 02 02 05 03 a5 01 02 03 38 18 20 01 21
0016: 58 20 4a 7f 90 98 98 40 2c 9c 68 54 75 75 3e 16
0032: 85 ea ef 21 fa e1 0e 23 82 3c 55 c4 1b 8f dc 20
0048: 76 9c 22 58 20 82 dc a8 ad de 2f f9 c9 ee 34 99
0064: 73 e1 4b 38 c8 3f 15 d6 4b 4e 44 4b 9d 0d a5 92
0080: a4 30 39 bd ed 06 58 20 e0 21 2f 44 b2 4f 16 75
0096: 17 69 fe b4 79 ee 68 5e b4 06 8f 05 78 72 cc a3
0112: c6 0b 4c 20 81 44 6a 5c
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326ad8, len=64
0000: c7 87 df d0 90 00 35 00 a1 02 58 30 96 2e ce d0
0016: f1 d4 bf 31 98 04 c1 0e 35 da 6d 13 a7 34 1f 1c
0032: d6 0c d1 66 3a ed 4e 7f e7 61 72 47 6a 27 a0 6b
0048: b3 18 54 2f 3c e3 7a 5f 4b 14 1a fe 00 00 00 00
rx: payload_len=53
fido_rx: buf=0x14700aa00, len=53
0000: 00 a1 02 58 30 96 2e ce d0 f1 d4 bf 31 98 04 c1
0016: 0e 35 da 6d 13 a7 34 1f 1c d6 0c d1 66 3a ed 4e
0032: 7f e7 61 72 47 6a 27 a0 6b b3 18 54 2f 3c e3 7a
0048: 5f 4b 14 1a fe
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x60000256c060, len=91
0000: 02 a5 01 69 73 73 68 3a 4e 6f 6d 61 64 02 58 20
0016: 66 68 7a ad f8 62 bd 77 6c 8f c1 8b 8e 9f 8e 20
0032: 08 97 14 85 6e e2 33 b3 90 2a 59 1d 0d 5f 29 25
0048: 05 a1 62 75 70 f4 06 58 20 8c 91 de da 87 0d a1
0064: d7 6e 71 60 74 20 b0 a3 ed e8 f5 43 36 d0 21 01
0080: 2b 4c 7b 81 28 8f 3d cd c1 07 02
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326c48, len=64
0000: c7 87 df d0 90 00 01 2e 00 00 00 00 00 00 00 00
0016: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rx: payload_len=1
fido_rx: buf=0x148808200, len=1
0000: 2e
cbor_parse_reply: blob[0]=0x2e
fido_dev_get_assert_rx: adjust_assert_count
key_lookup: fido_dev_get_assert: FIDO_ERR_NO_CREDENTIALS
fido_dev_authkey_tx: dev=0x600003364750
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x600000374110, len=6
0000: 06 a2 01 02 02 02
fido_dev_authkey_rx: dev=0x600003364750, authkey=0x600001468180, ms=-1
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326b28, len=64
0000: c7 87 df d0 90 00 51 00 a1 01 a5 01 02 03 38 18
0016: 20 01 21 58 20 06 c1 6d d3 bc 13 60 ec d5 94 78
0032: 15 5f 1b 01 75 97 15 77 cc c5 39 ee da 72 47 b6
0048: 80 d9 33 a4 45 22 58 20 a3 c6 8e 6f 28 37 5d e2
rx: payload_len=81
rx: buf=0x16d326b28, len=64
0000: c7 87 df d0 00 7e d4 47 22 61 a6 00 ab 79 6f 22
0016: 5d 03 ab 5f 9c b3 ee a9 4b 62 09 b8 b6 00 00 00
0032: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
fido_rx: buf=0x148808200, len=81
0000: 00 a1 01 a5 01 02 03 38 18 20 01 21 58 20 06 c1
0016: 6d d3 bc 13 60 ec d5 94 78 15 5f 1b 01 75 97 15
0032: 77 cc c5 39 ee da 72 47 b6 80 d9 33 a4 45 22 58
0048: 20 a3 c6 8e 6f 28 37 5d e2 7e d4 47 22 61 a6 00
0064: ab 79 6f 22 5d 03 ab 5f 9c b3 ee a9 4b 62 09 b8
0080: b6
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x600002f40080, len=120
0000: 06 a4 01 02 02 05 03 a5 01 02 03 38 18 20 01 21
0016: 58 20 f0 5a 86 1c 64 46 a1 e1 35 54 b6 f6 90 79
0032: 37 13 58 06 67 12 48 13 58 40 c2 8b a0 f6 49 08
0048: 65 cb 22 58 20 90 ef 87 b6 f9 2d 55 07 e8 67 ea
0064: e5 35 f3 8b 4a 49 33 90 36 87 0e 6f e1 a0 72 4e
0080: fc e9 6e dc 97 06 58 20 b3 d8 10 38 86 b4 8b 1e
0096: f4 6a 14 9e d2 c0 2a 38 64 e9 51 96 6d d3 dd 70
0112: d6 9e 7c f8 6a e6 61 12
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
rx_preamble: buf=0x16d326ac8, len=64
0000: c7 87 df d0 90 00 35 00 a1 02 58 30 a3 ac 33 e8
0016: 5d e6 51 0a b1 0a 0d 67 1f 1b 88 de 74 47 17 7d
0032: 81 70 bd f5 ab 9f c2 e3 47 01 ca 3b 3e 1a 54 79
0048: 3f 54 31 81 b4 66 8c 7f 90 3a 5e 6f 00 00 00 00
rx: payload_len=53
fido_rx: buf=0x149808200, len=53
0000: 00 a1 02 58 30 a3 ac 33 e8 5d e6 51 0a b1 0a 0d
0016: 67 1f 1b 88 de 74 47 17 7d 81 70 bd f5 ab 9f c2
0032: e3 47 01 ca 3b 3e 1a 54 79 3f 54 31 81 b4 66 8c
0048: 7f 90 3a 5e 6f
fido_tx: dev=0x600003364750, cmd=0x10
fido_tx: buf=0x600003a740d0, len=206
0000: 01 a8 01 58 20 1f bb 1c 8a b9 46 cc 77 8c aa fa
0016: 39 45 5b 99 76 92 a0 db 3c 2c 0c e5 2a 09 c2 44
0032: f1 30 89 68 69 02 a1 62 69 64 69 73 73 68 3a 4e
0048: 6f 6d 61 64 03 a3 62 69 64 58 20 00 00 00 00 00
0064: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080: 00 00 00 00 00 00 00 00 00 00 00 64 6e 61 6d 65
0096: 67 6f 70 65 6e 73 73 68 6b 64 69 73 70 6c 61 79
0112: 4e 61 6d 65 67 6f 70 65 6e 73 73 68 04 81 a2 63
0128: 61 6c 67 27 64 74 79 70 65 6a 70 75 62 6c 69 63
0144: 2d 6b 65 79 06 a1 6b 63 72 65 64 50 72 6f 74 65
0160: 63 74 03 07 a1 62 72 6b f5 08 58 20 ad 13 eb ba
0176: 0b e9 43 e0 15 8d ab 8d f3 48 c9 98 b3 6e 90 e2
0192: 1d 5c d1 22 6a be 5b 0d e0 ee 0a ad 09 02
fido_rx: dev=0x600003364750, cmd=0x10, ms=-1
fido_hid_read: read: Resource temporarily unavailable
rx: rx_preamble
fido_dev_make_cred_rx: fido_rx
sk_enroll: fido_dev_make_cred: FIDO_ERR_RX
fido_tx: dev=0x600003364750, cmd=0x11
fido_tx: buf=0x0, len=0
fido_hid_write: IOHIDDeviceSetReport
fido_hid_close: IOHIDDeviceClose
debug1: sshsk_enroll: provider "/usr/local/lib/libsk-libfido2.dylib" failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=26415
Key enrollment failed: invalid format

[TV4Fun]

Okay, it turns out Homebrew's OpenSSH install was not using my build of libfido2. I had to uninstall Homebrew's OpenSSH and libfido2 and install my own version of both built from sources from the latest git/main checkout. After doing that, it generated correctly.