[codex] Retry expired Windows Hello biometric tickets#158
Draft
SirAndrosBot wants to merge 1 commit into
Draft
Conversation
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



What changed
NCryptDecryptstatus0x80098044asWINBIO_E_INVALID_TICKET, meaning the biometric ticket is incorrect or expired.AuthProviderInvalidTicketExceptionafter retry exhaustion.Why
The repeated
0x80098044reports are authentication-ticket failures, not evidence that the Windows Hello-protected key is corrupt. Several reporters can still decrypt the same cached key by selecting PIN after face recognition fails. Automatically revoking the key would therefore destroy valid credentials and, through the existing invalid-key path, could clear unrelated database entries and disable persistent storage.Retrying is appropriate because the failing object is the short-lived biometric ticket. The retry obtains a fresh ticket and also gives the user another opportunity to choose PIN. If all retries fail, the plugin now degrades to the normal KeePass password flow without changing stored key material.
Security and state impact
WINBIO_E_DATA_PROTECTION_FAILURE(0x80098046) remains unchanged.This prompt-timing and credential-preservation behavior was explicitly approved before implementation.
Review
An independent review traced the exception through
KeyCipher,ProtectedKey, andKeyManager; verified that the dedicated exception bypasses the generic cache-removal path; checked normal and secure-desktop prompt behavior; and confirmed the exact retry count and unchanged handling of other statuses.The only review finding was unrelated final-newline churn in the legacy project file. That churn was removed, and follow-up review approved the final patch with no remaining findings.
Validation
src/KeePassWinHello.csprojFrameworkPathOverride=C:\Windows\Microsoft.NET\Framework\v4.0.30319ReferencePath=C:\proj\KeePassWinHello\libgit diff --checkManual Windows Hello testing was not performed, because it would require manipulating live biometric/Credential Manager state. Recommended manual coverage is transient and repeated face failures, face failure followed by PIN, local and persistent storage, secure desktop on/off, and elevated/non-elevated KeePass.
Closes #113
Closes #118
Closes #120
Closes #128
Closes #130
Closes #132
Closes #137
Closes #138
Closes #139