search

google / CTAP2-test-tool

Test tool for CTAP2 authenticators
Apache License 2.0
56 stars 26 forks source link

Gracefully report a key that doesn't support CTAP2 protocol (was: Titan K40T) #123

Open roycewilliams opened 2 years ago

roycewilliams commented 2 years ago

My testing of Titan Security Key (K40T, USB-C) dies here: 

Tested device path: /dev/hidraw6
Tested device name: ePass FIDO
This tool will irreversibly delete all credentials on your device. If one of your plugged security keys stores anything important, unplug it now before continuing.
You have 10 seconds for the next touch after pressing enter.
Please replug the device, then hit enter.

The failing error code is `CTAP1_ERR_INVALID_COMMAND`.
F1212 12:23:22.154443 3425572 device_tracker.cc:185] Check failed: condition Failed critical condition: Reset
*** Check failure stack trace: ***
    @     0x55b13e76b91e  google::LogMessage::Fail()
    @     0x55b13e76b859  google::LogMessage::SendToLog()
    @     0x55b13e76b17f  google::LogMessage::Flush()
    @     0x55b13e76e2a0  google::LogMessageFatal::~LogMessageFatal()
    @     0x55b13e675059  fido2_tests::DeviceTracker::AssertCondition()
    @     0x55b13e675253  fido2_tests::DeviceTracker::AssertResponse()
    @     0x55b13e64c8e0  fido2_tests::CommandState::Reset()
    @     0x55b13e64c292  fido2_tests::CommandState::CommandState()
    @     0x55b13e5eb8c5  main
    @     0x7fdb56be30b3  __libc_start_main
    @     0x55b13e5eb52e  _start
    @              (nil)  (unknown)
./run.sh: line 19: 3425572 Aborted                 (core dumped) bazel run //:fido2_conformance -- --token_path="$path"

Could it be a local issue?

jmichelp commented 2 years ago

Thanks for your report.

If I'm correct the Titan K40T is U2F (aka CTAP1) only and therefore it's expected that this security key won't understand CTAP2 protocol. Which is what the critical error you're reporting says: the Reset command, a CTAP2 command, isn't supported.

roycewilliams commented 2 years ago

Ah, understood. That wasn't clear from the output (and I'm not sure if there's a way to make it more clear - if there is, would you be open to a feature request, under a separate issue?)

jmichelp commented 2 years ago

I was also thinking that the tool should be able to distinguish between a the device under test that isn't supporting CTAP2.x protocols and a device that is supposed to understand the protocol but doesn't properly support the Reset command.

Let's keep this issue open so that we don't lose the story behind it. I'll just rename it and let @kaczmarczyck decide how to implement this.

kaczmarczyck commented 2 years ago

This should be possible, thanks for the feature request!