-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing support for authenticators using NFC Protocol T=0 in contacted mode #711
Comments
@jcBeaupre that one is much harder since I do not have any authenticators working in T=0 mode. *( Do you have any idea what commercially available devices are T=0 only? |
Hey @herrjemand, sorry for the delaid response here. While we are developing on one, we don't know of other FIDO2 smart card authenticators using T=0 that are commercially available 😞. However, since the problem occurs on the applet SELECT specifically you can probably reproduce the error with a dummy FIDO2 applet on any T=0 smart card or even with a smart card emulator such as https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html. We would be happy to provide a dummy test applet if you decide to go that route! |
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email [email protected]
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email [email protected]
What is the version of the tool are you using?
v1.7.11
What is the OS and the version are you running?
For desktop tools
For UAF mobile tools
Issue description
We can use the conformance tool in NFC contactless mode with our smart card authenticator with no issues since it is using
Protocol T=2
, but we fail to run any test when we use contacted mode.As you can see in the screenshot below, the conformance tool selects the
Protocol T=1
when we insert our smart card, but alas, our current cards do not support T=1, they can only use T=0 in contacted.Also, you can see in the transactions that when the conformance tool sends it's
SELECT
cmd, our smart card authenticator responds with a SW1-SW2 of:0x61-0x08
. According to Protocol T=0 (ISO7816-3), the authenticator expects aGET RESPONSE
, but the conformance tool miss interpret it and resends theSELECT
cmd. The communication then goes in an infinite loop.I hope this is enough information for the maintainers. If not, do not hesitate to let me know what information you would need, or if you want me to test a fix on my side, it will be my pleasure to help!
Expected behavior
The tool can communicate with authenticators in contacted that only implement
Protocol T=0
Reproduction steps
The text was updated successfully, but these errors were encountered: