Windows 10 FIDO2 NFC APDUs

[Fabian Henneke]

Hi,

while testing with my CTAP2 NFC authenticator, the Windows 10 Hello API sends the following APDU after successful GetAssertion and MakeCredential operations:

0x80 0x12 0x01 0x00 0x00

Since 0x12 directly follows 0x11, which is the value of NFCCTAP_GETRESPONSE, I suspect that this is something related to CTAP. Does anybody know what this command is supposed to do and how authenticators should handle it?

[Thomas Duboucher]

Giving the game away. :)

This is a technical preview for the next iteration of the CTAP
specification.

You can safely disregard this command, e.g. return SW_UNSUPPORTED_INS
(0x6D00).

Best regards,

--
Thomas Duboucher

[Yakov Revyakin]

Hi,

I caught the same command during trying to setup registration flow for the new FIDO2 SmartCard authenticator.

However, I got it even before getInfo, right after selecting the applet. By Thomas advice, I processed the command (0x80 0x12 0x01 0x00 0x00) with SW_UNSUPPORTED_INS (0x6D00). After that, the flow stopped, no other commands from web-client.

What could happen?

Any ideas?

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/bf6ef89a-295d-0f47-d910-092e6553fb6d%40duboucher.eu.

[Thomas Duboucher]

Oops,

Completely forgot we published the first draft for 2.1.

https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html


Enjoy. :)

Le 09/04/2020 à 23:02, Yakov Revyakin a écrit :
> Hi,
> I caught the same command during trying to setup registration flow for
> the new FIDO2 SmartCard authenticator.
> However, I got it even before getInfo, right after selecting the applet.
> By Thomas advice, I processed the command (0x80 0x12 0x01 0x00 0x00)
> with SW_UNSUPPORTED_INS (0x6D00). After that, the flow stopped, no other
> commands from web-client.
> What could happen?
>
> Any ideas?
>

--
Thomas Duboucher

[Yakov Revyakin]

Very nice. Even it doesn’t mention  that 80 12 01 00. 

When does it become a proposed standard?

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/340c1581-e9c5-8f8d-7e10-c4f3824338ef%40duboucher.eu.

[Fabian Henneke]

It does mention it (https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html#nfc-applet-deselect), but I also missed it on my first read since it's such a short section.

You received this message because you are subscribed to a topic in the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this topic, visit https://groups.google.com/a/fidoalliance.org/d/topic/fido-dev/SIzXyHJlwUs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CALXvSntzw_ytpxj5zEO_Au0r8Fi778eEQzsQvKiZF07RUvouiA%40mail.gmail.com.

[Yakov Revyakin]

It's magic that I didn't find it. Thank you!