CTAP BLE Problem

[Bảo Hoa Quốc]

Dear,

I am making a mobile authenticator which supports CTAP BLE to communicate with WebAuthn.
I follow this document: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#ble-protocol-overview
At step 8 of 8.3.6 I receive the message like this: 0x83000700030000000000
I understand that
0x83 is MSG command
0x0007 is length of data
00030000000000 is data
When I receive such a message, I don't know what to response to WebAuthn as step 10 says "Authenticator evaluates the request and responds by sending notifications over fidoStatus characteristic."
I need help!
Thank you!

Bao at V-Key

[Jedri Visser]

Your data starts with 0x00, this means that the command is actually a U2F command and not a CTAP2 command.

followed by 0x03. That is the U2F_VERSION command, the rest of the zeros are params and data length.

[Bao Hoa]

Correct. Thanks Jedri

[Bao Hoa]

I found the reason. Because my browser doesn't support CTAP2. I have tried with Chrome (ver 75) on Mac, it is working.

[Kamil]

https://rocket.run/ref/lords19000

[Chella]

Hi Boa, 

I am trying to implement FIDO2 authenticator on Android. I am using Chrome (Version 75.0.3770.80)  on MAC. webauthn.io is not detecting any BLE devices. When I tried with my Android Chrome (Version 74.0.3729.157), client writes on Fido Control Point as -125070300000. Is this right? Why my Chrome is not detecting BLE devices? I need a help on this.

Thanks in advance.

[Bao Hoa]

Hi Chella,

 

FIDO advises authenticator should add Service Data field to advertising packets. Please check this: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#ble-pairing-authnr-considerations

I have tested with Chrome 75 on Mac and realized that Chrome can only detect pairing devices when its advertising packets contain Service Data field. This may be issue of Chrome which needs to be improved by later chrome version. I have also contacted FIDO Alliance team, they confirmed Service Data field is advised, not required.

Okay, for your situation, you can use this code in android java:

AdvertiseSettings cfg = new AdvertiseSettings.Builder()
        .setAdvertiseMode(AdvertiseSettings.ADVERTISE_MODE_BALANCED)
        .setTxPowerLevel(AdvertiseSettings.ADVERTISE_TX_POWER_ULTRA_LOW)
        .setConnectable(true)
        .build();
AdvertiseData data = new AdvertiseData.Builder()
        .addServiceUuid(new ParcelUuid(DeviceInfoGattService.DEVICE_INFO_UUID))
        .addServiceUuid(new ParcelUuid(FIDO2GattService.FIDO2_UUID))
        .setIncludeDeviceName(true)
        .addServiceData(new ParcelUuid(FIDO2GattService.FIDO2_UUID), new byte[] {(byte)192})
        .build();

this line is important:

.addServiceData(new ParcelUuid(FIDO2GattService.FIDO2_UUID), new byte[] {(byte)192})

Try out and let me know if any issues.

[Chella]

Hi Boa,

Thank you so much. Now my Chrome can able to find my Android BLE authenticator. I couldn't able to add two services sequentially. When add Fido Service and Device Info service sequentially, I am getting ArrayIndexOutOfBoundException at on onCharacteristicReadRequest() in BluetoothGattServer class itself. Then I add Thread.sleep(1000). Now it's fine. But the problem is I am writing fidoServiceRevisionBitfield as 0b100000 (0x20). For U2F its 0b01000000. For FIDO2 its 0b100000 (0x20). Is this right?

mGattServer.addService(fidoGattService);

try {
    Thread.sleep(500);
} catch (InterruptedException e) {
    e.printStackTrace();
}

mGattServer.addService(deviceInfoService);

Is there any other way to add two services sequentially? And Please confirm that fidoServiceRevisionBitfield for FIDO2.