Differences to CTAP2 Specs

schonacin / android-auth

Android FIDO2 authenticator using CTAP2 via BLE, powered by RxJava3

Apache License 2.0

5 stars 0 forks source link

Differences to CTAP2 Specs #18

Open Nivador opened 4 years ago

Nivador commented 4 years ago

The purpose of this issue is to collect points where our implementation differs from the CTAP2 specs for documentation.

Nivador commented 4 years ago

As the FIDO2 authenticator is a smartphone and thus does not have resources as limited as on other hardware, we don't need to power down after successfully processing a command from the client. Therefore, we don't implement the kMaxCommandTransmitDelayMillis and kErrorWaitMillis timeouts, as their purpose is to reduce the authenticators energy usage

https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#ble-command-completion

Nivador commented 4 years ago

Currently not supported Authenticator API methods are:

authenticatorClientPIN
authenticatorGetNextAssertion
authenticatorReset
authenticatorBioEnrollment
authenticatorCredentialManagement
authenticatorSelection
authenticatorConfig

Nivador commented 4 years ago

CTAP1/U2F support is also not implemented at the moment https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html#u2f-interoperability

Nivador commented 4 years ago

The USB and NFC transports are currently not implemented