Close

(Bi)Weekly Update

A project log for URU Key

URU Key - a biometric FIDO2 Authenticator built with ESP32 / ATECC508A / FPC1020

Andrey OvcharovAndrey Ovcharov 08/05/2019 at 09:490 Comments

Last (and previous) weekends I've spend on real implementation of FIDO2 WebAuthN protocol. In reality the problem is more deep and difficult than I was thinking before, so I have re-implemented the GATT server on Android to have higher level language and libraries and better debugging capabilities.

At the moment I have fully working "Make Credential" workflow with proper certificate generation and response signing. 

Meanwhile I have found two interesting glitches in google's implementation of FIDO2.

First one is more likely not accurate protocol definition. In the authenticatorMakeCredential section in response definition we have parameters authData  and fmt with respective map indexes (0x01) and (0x02). In reality Chrome requires response with these parameters swapped - fmt parameter should have index 0x01 and authData paramter should have index 0x02. Hopefully the documentation and implementation will be more consistent in the future.

Second glitch is related to the user's interface and you clearly can see it in the video. When communication with Authenticator is about to start Chrome displays dialog window asking which authenticator device should be used. But in the background the communication with paired device is already performed. So, the user interface is totally misleading. The user has no clue they already have to open the Authenticator device and perform all necessary steps with it.  But this is question to the Chrome dev team how to improve the interface.

Discussions