search

fido-alliance / conformance-test-tools-resources

Certification Test Tools Resources. For security and privacy related issues email tools@certification.fidoalliance.org
https://fidoalliance.org/certification/functional-certification/conformance/
43 stars 14 forks source link

U2F NFC mode buggy #545

Closed antonio-fr closed 4 years ago

antonio-fr commented 4 years ago

What protocol and version of the protocol are you testing?

U2F v1.1

What is your implementation class?

U2F token

What is the version of the tool are you using?

fido-conformance-tools-electron-win32-x64 1.3.2

What is the OS and the version are you running?

Windows 10

Issue description

"NFC" mode with a CCID NFC USB reader :

There are various errors, such as (not limited to those) :

P-3 Send a valid Register command, wrapped in Short APDU, wait for the response, and check that Authenticator returns SW_NO_ERROR(0x9000) error code.

TypeError: Cannot read property 'toString' of undefined
    at Proxy.hexifyInt (js/utils.js:1110:22)
    at window.navigator.fido.fido2.nfc.sendNFCAPDUBuffers.then.catch (eval at compileCode (js/sandbox.js:25:26), <anonymous>:367:90)
    at <anonymous>

A possible cause is the test after a previous test failure with extended APDU request. Many NFC readers can't handle long frames. Anyway, the short APDU test shouldn't crash.

yackermann commented 4 years ago

@antonio-fr Try latest build. Run ad administrator. Buy an NFC reader that supports Long encoding.

Additionally please provide some logs of NFC communication between devices

antonio-fr commented 4 years ago

With build v1.3.4 as administrator. Log for this NFC "P-3" short APDU issue, along with the previous "P-2" long frame failure :

Test started: P-2
Send a valid Register command, wrapped in Extended APDU, wait for the response, and check that Authenticator returns SW_NO_ERROR(0x9000) error code.

transports\nfcdep.js:102 Selected protocol "2" for reader "ACS ACR122 0"
transports\nfcdep.js:218 NFC DATA SENT: 00a4040008a0000006472f000100
transports\nfcdep.js:223 NFC DATA RECEIVED: 5532465f56329000
transports\nfcdep.js:191 RECEIVED  SW_NO_ERROR
transports\nfcdep.js:218 NFC DATA SENT: 00010000000040f828214be36609b6597fedb5572813b346c06e4391954f5083cacfd3c95b625eae87d330e6910ef9d7e0ae2e3153423e23c7c1e76bf9e0a2500565a2ebacd9040000
transports\nfcdep.js:223 NFC DATA RECEIVED: 
transports\nfcdep.js:38 Uncaught Error: Only 2byte buffer allowed!
    at readBE16
    transports\nfcdep.js:38:15
    at NFCReader.completeTransaction
    transports\nfcdep.js:188:26
    at reader.transmit
    transports\nfcdep.js:224:22
    controller.js:331

Test started: P-3
Send a valid Register command, wrapped in Short APDU, wait for the response, and check that Authenticator returns SW_NO_ERROR(0x9000) error code.

transports\nfcdep.js:376 TypeError: Cannot read property 'toString' of undefined
    at NFCReader.proccedWithExchange
    transports\nfcdep.js:218:54
    at NFCReader.addJob
    transports\nfcdep.js:259:18
    at Promise nfcdep.js:364:24
    at Promise (<anonymous>)
    at Object.sendNFCAPDUBuffers
    transports\nfcdep.js:357:16
    at sendCTAPNFC_MSGCommand (eval at compileCode (app/js/sandbox.js:25:26), <anonymous>:357:44)
    at sendCTAP_MSG (eval at compileCode (app/js/sandbox.js:25:26), <anonymous>:895:28)
    at sendValidCTAP_MSG (eval at compileCode (app/js/sandbox.js:25:26), <anonymous>:925:12)
    at r.it (eval at compileCode (app/js/sandbox.js:25:26), <anonymous>:2156:16)
    at e (app/app/js/vendor/mocha.min.js:1:39758)
yackermann commented 4 years ago

@antonio-fr You need a reader that supports extended APDU https://ccid.apdu.fr/ccid_extended_apdu.html