0xFFFD service handle is "reserved" by Android. - Allowing 0xFFF9 service handle in the conformance tools ?

[ghislaindemael]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

• [X] I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

• [ ] FIDO2 Server
• [ ] CTAP2.0
• [X] CTAP2.1
• [ ] UAF 1.1
• [ ] U2F 1.1
• [ ] U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

• [X] Security Key / FIDO2 / U2F authenticators
• [ ] Server
• [ ] UAF Client-ASM-Authenticator combo
• [ ] UAF Client
• [ ] UAF ASM-Authenticator

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

v1.7.15

What is the OS and the version are you running?

For desktop tools

• [ ] OSX
• [X] Windows
• [ ] Linux

For UAF mobile tools

• [ ] iOS
• [ ] Android

Issue description

Hello !

Switching from an Android application to an Arduino implementation of a FIDO2 BLE Authenticator, I discovered that Android decided to "reserve" commands to and from a custom service with handle 0xFFFD, which is the one indicated in CTAP 2.1 specifications. This means my service works perfectly (notification subscribing / reading / writing) with any handle, but as soon as I switch to 0xFFFD, the service stops working as before.

Digging in the Assigned numbers document, I found out the handle 0xFFF9 exists for FIDO2 Authenticators. This is currently what I am using to be able to perform some personal tests with a BLE Scanner on an Android device and another Arduino microcontroller.

However implementing this change, means that my Authenticator is not recognized anymore in the CTAP2.0 Authenticator - MDS3 Tests nor CTAP2.1 - MDS3 Tests categories of the Conformance Tools, thus preventing me from launching some tests.

Is there a method, I am currently unaware of, that would allow the tools to detect my authenticator, and run the conformance tests ? If not, is such an implementation scheduled in the foreseeable future ?

Sincirely, Ghislain Demaël

[iirachek]

The current tooling version (v1.7.15) only searches for the 0xFFFD service UUID, that is listed in the specification. That value cannot be modified through UI and currently I'm not aware of any planned changes regarding this.

With that said, I'm not exactly sure if I can help with the android reserving commands without additional information. This looks like something to do with the android-specific implementation requirements, unless the problem appears only when interacting with the conformance tools.