CTAP2-test-tool icon indicating copy to clipboard operation
CTAP2-test-tool copied to clipboard
verified publisher icon google

Gracefully report a key that doesn't support CTAP2 protocol (was: Titan K40T)

Open roycewilliams opened this issue 4 years ago • 4 comments

My testing of Titan Security Key (K40T, USB-C) dies here:

Tested device path: /dev/hidraw6
Tested device name: ePass FIDO
This tool will irreversibly delete all credentials on your device. If one of your plugged security keys stores anything important, unplug it now before continuing.
You have 10 seconds for the next touch after pressing enter.
Please replug the device, then hit enter.

The failing error code is `CTAP1_ERR_INVALID_COMMAND`.
F1212 12:23:22.154443 3425572 device_tracker.cc:185] Check failed: condition Failed critical condition: Reset
*** Check failure stack trace: ***
    @     0x55b13e76b91e  google::LogMessage::Fail()
    @     0x55b13e76b859  google::LogMessage::SendToLog()
    @     0x55b13e76b17f  google::LogMessage::Flush()
    @     0x55b13e76e2a0  google::LogMessageFatal::~LogMessageFatal()
    @     0x55b13e675059  fido2_tests::DeviceTracker::AssertCondition()
    @     0x55b13e675253  fido2_tests::DeviceTracker::AssertResponse()
    @     0x55b13e64c8e0  fido2_tests::CommandState::Reset()
    @     0x55b13e64c292  fido2_tests::CommandState::CommandState()
    @     0x55b13e5eb8c5  main
    @     0x7fdb56be30b3  __libc_start_main
    @     0x55b13e5eb52e  _start
    @              (nil)  (unknown)
./run.sh: line 19: 3425572 Aborted                 (core dumped) bazel run //:fido2_conformance -- --token_path="$path"

Could it be a local issue?

roycewilliams avatar Dec 12 '21 21:12 roycewilliams

Thanks for your report.

If I'm correct the Titan K40T is U2F (aka CTAP1) only and therefore it's expected that this security key won't understand CTAP2 protocol. Which is what the critical error you're reporting says: the Reset command, a CTAP2 command, isn't supported.

jmichelp avatar Dec 12 '21 21:12 jmichelp

Ah, understood. That wasn't clear from the output (and I'm not sure if there's a way to make it more clear - if there is, would you be open to a feature request, under a separate issue?)

roycewilliams avatar Dec 12 '21 21:12 roycewilliams

I was also thinking that the tool should be able to distinguish between a the device under test that isn't supporting CTAP2.x protocols and a device that is supposed to understand the protocol but doesn't properly support the Reset command.

Let's keep this issue open so that we don't lose the story behind it. I'll just rename it and let @kaczmarczyck decide how to implement this.

jmichelp avatar Dec 12 '21 22:12 jmichelp

This should be possible, thanks for the feature request!

kaczmarczyck avatar Dec 21 '21 16:12 kaczmarczyck