Search code examples
bluetooth-lowenergyauthenticatorcbor

Authenticator evaluates the request and responds by sending notifications over fidoStatus characteristic

I am making a mobile authenticator which supports CTAP BLE to communicate with WebAuthn. I follow this document: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#ble-protocol-overview

The Protocol Overview as following:

  1. Authenticator advertises the FIDO Service.

  2. Client scans for authenticator advertising the FIDO Service.

  3. Client performs characteristic discovery on the authenticator.

  4. If not already paired, the client, and authenticator SHALL perform BLE pairing and create an LTK. Authenticator SHALL only allow connections from previously bonded clients without user intervention.

  5. Client checks if the fidoServiceRevisionBitfield characteristic is present. If so, the client selects a supported version by writing a value with a single bit set.

  6. Client reads the fidoControlPointLength characteristic.

  7. Client registers for notifications on the fidoStatus characteristic.

  8. Client writes a request (e.g. an enroll request) into the fidoControlPoint characteristic.

  9. Optionally, the client writes a CANCEL command to the fidoControlPoint characteristic to cancel the pending request.

  10. Authenticator evaluates the request and responds by sending notifications over fidoStatus characteristic.

  11. The protocol completes when either:

    • The client unregisters for notifications on the fidoStatus characteristic, or:
    • The connection times out and is closed by the authenticator.

At step 8, I receive the message like this: 0x83000700030000000000, I understand that

0x83 is MSG command

0x0007 is length of data

00030000000000 is data

When I receive such a message, I don't know what to response to WebAuthn as step 10 says "Authenticator evaluates the request and responds by sending notifications over fidoStatus characteristic."

Solution

  • After a long time of checking, I found the answer. The reason is I am interacting with WebAuthn on Android Chrome which supports CTAP1/U2F. Now it's working fine when I work with Chrome (ver 75) on Desktop which support CTAP2.

    The point to recognize WebAuthn supports CTAP2 is AuthenticatorGetInfo sent to authenticator. It is 0x83000104

    0x83 is MSG command

    0x0001 is length of content

    04 is AuthenticatorGetInfo

    enter image description here