Ky sajt do të funksionojë me kufizime, teksa bëjmë mirëmbajtjen e tij për të përmirësuar punën tuaj. Nëse një artikull nuk e zgjidh problemin tuaj dhe dëshironi të bëni një pyetje, kemi bashkësinë tonë të asistencës, e gatshme për t’ju ndihmuar, te @FirefoxSupport në Twitter dhe/r/firefox në Reddit.

Avatar for Username

Kërkoni te Asistenca

Shmangni karremëzime gjoja asistence. S’do t’ju kërkojmë kurrë të bëni një thirrje apo të dërgoni tekst te një numër telefoni, apo të na jepni të dhëna personale. Ju lutemi, raportoni veprimtari të dyshimtë duke përdorur mundësinë “Raportoni Abuzim”.

Mësoni Më Tepër

Kjo rrjedhë është arkivuar. Ju lutemi, bëni një pyetje të re, nëse keni nevojë për ndihmë.

What are valid responses for the u2f version MSG? (FIDO2, CTAP2)

  • 2 përgjigje
  • 1 e ka hasur këtë problem
  • 25 parje
  • Përgjigjja më e re nga david735

david735
david735
more options

Hi everyone,

[when using CTAPHID] newer versions of Firefox seem to issue a u2f version request after INIT if you choose the non-passkey login method (e.g. on Github). I wanted to ask what Firefox expects as response if I want to tell it that I don't support u2f.

The CTAP2 spec states that "The U2F_REGISTER and U2F_AUTHENTICATE commands MUST immediately fail and return SW_COMMAND_NOT_ALLOWED" if I've disabled u2f but I can't find anything about the VERSION command.

If I return "U2F_V2\x90\x00" (without quotation marks) atleast I get a response. Just returning SW_COMMAND_NOT_ALLOWED (which should be "\x69\x86") doesn't seem to work (Firefox doesn't issue any further requests). I've also tried something like "FIDO_2_0\x90\x00" without success.

Can somebody tell me what Firefox expects in that case or can give me link to the related source code?

Best regards david

Hi everyone, [when using CTAPHID] newer versions of Firefox seem to issue a u2f version request after INIT if you choose the non-passkey login method (e.g. on Github). I wanted to ask what Firefox expects as response if I want to tell it that I don't support u2f. The CTAP2 spec states that "The U2F_REGISTER and U2F_AUTHENTICATE commands MUST immediately fail and return SW_COMMAND_NOT_ALLOWED" if I've disabled u2f but I can't find anything about the VERSION command. If I return "U2F_V2\x90\x00" (without quotation marks) atleast I get a response. Just returning SW_COMMAND_NOT_ALLOWED (which should be "\x69\x86") doesn't seem to work (Firefox doesn't issue any further requests). I've also tried something like "FIDO_2_0\x90\x00" without success. Can somebody tell me what Firefox expects in that case or can give me link to the related source code? Best regards david

Krejt Përgjigjet (2)

jimmy.wick90
jimmy.wick90
more options

In the context of FIDO2 and CTAP2 (Client-to-Authenticator Protocol 2), the U2F version message (U2F_VERSION) is part of the communication protocol used between a FIDO2 client (like a browser) and a FIDO2 authenticator (like a security key). It's used to negotiate and identify the version of the protocol that both the client and authenticator support.

The U2F version message typically includes a list of valid versions that the authenticator supports. As of my last knowledge update in September 2021, some of the valid U2F versions that may appear in the U2F version message are:

U2F_V2: This is the original U2F (Universal 2nd Factor) version, and it corresponds to the initial specification for hardware-based two-factor authentication. This version uses a challenge-response mechanism to authenticate the user.

CTAP2/U2F_V2: CTAP2 (Client-to-Authenticator Protocol 2) is the successor to U2F and is used in FIDO2 authentication. CTAP2 is a more advanced protocol that supports various types of authenticators, including biometric and passwordless methods. U2F_V2 in the U2F version message typically indicates compatibility with CTAP2 and FIDO2.

david735
david735 I zoti i pyetjes
more options

Thanks for the reply,

I'll try that out later.

Edit: "CTAP2\x90\x00", "CTAP/U2F_V2\x90\x00", "FIDO2\x90\x00" all do not seem to work. The only response that seems to "satisfy" Firefox is "U2F_v2\x90\x00".

Edit 2: So it seems I misdiagnosed the problem a little bit. I turned my "test credential" into a "PassKey" prior. Discoverable credentials always have to return at least the user id in a getAssertion response (even if you use it as second factor), but that didn't happen.

I guess that somehow the browser went into something like a "fallback mode" because of the malformed response and issued a u2f command.

Doesn't really answer the initial question, so I'll keep it open. I'm still interested if I can just always return SW_COMMAND_NOT_ALLOWED (or something similar).

Ndryshuar nga david735