Review use of GetVersion with CTAP1 devices

mozilla / authenticator-rs

Rust library to interact with Security Keys, used by Firefox

https://crates.io/crates/authenticator

Mozilla Public License 2.0

273 stars 70 forks source link

Review use of GetVersion with CTAP1 devices #336

Open jschanck opened 3 months ago

jschanck commented 3 months ago

Mozilla Bug 1898594 looks like it might be due to us sending GetVersion to CTAP1 devices here. I don't think we need to do this.

msirringhaus commented 3 months ago

So the affected devices are not working according to the U2F-spec, then? Either way, the handle_response_ctap1()-function of GetVersion needs to handle status properly, which gets currently ignored. So it will return "Input too small" for all errors the device may return.

Vednier commented 3 months ago

Hello, i have such device, its Hypersecu HyperFIDO. I not sure about device being up to spec, but other users like pamu2fcfg or Chromium have no problem here. Also, it was "fine" before 0.4.0-alpha.3 was landed in Firefox.