I'm currently writing my own FIDO2 authenticator firmware. Up to this point I've been testing my application with the libfido2 suit. I'm able to create new credentials and assertions using libfido2-cred and libfido2-assert. I'm also able to create new credentials for test websites like webauthn.io or webauthn.me using Chrome. The problem is that calls to the assertions.get API seem to fail quietly.
When I click on login the host first asks for a CID, then he fetches information about the authenticator and finally calls authenticatorGetAssertion. The authenticator answers with a authenticatorGetAssertion response like
a301a26269645840eac3393722c5a48cd0dd61d5d0a24e85930ca125fc6330de7ba790808787c16eefa61932a68d13421e3bb37f2d79fea463becc44d9641eb329db471d649e979b64747970656a7075626c69632d6b657902582574a6ea9213c99c2f74b22492b320cf40262a94c1a950a0397f29250b60841ef04100000009035846304402206c0259d9264817316548f7428fcd4b6d2b6cbbdeabdc3f4b859370fee9a862c5022066c8456ec36d7b64bd06b4157f0238f8f73623b252d67301fb7fbb722c3e7bf0
---
{1: {"id": h'EAC3393722C5A48CD0DD61D5D0A24E85930CA125FC6330DE7BA790808787C16EEFA61932A68D13421E3BB37F2D79FEA463BECC44D9641EB329DB471D649E979B', "type": "public-key"}, 2: h'74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF04100000009', 3: h'304402206C0259D9264817316548F7428FCD4B6D2B6CBBDEABDC3F4B859370FEE9A862C5022066C8456EC36D7B64BD06B4157F0238F8F73623B252D67301FB7FBB722C3E7BF0'}
but the browser doesn't send the data back to the server for verification and I don't know why. Does somebody know what could possibly prevent assertions.get from sending the response data back to the server?
I compared "my" response data with data generated by a YubiKey and can't see any difference, despite from the signature being different (and the extension (0x04)).
a401a262696450c2d80657076c96c11a474700327f902864747970656a7075626c69632d6b657902582574a6ea9213c99c2f74b22492b320cf40262a94c1a950a0397f29250b60841ef0010000000f0358473045022100feabe7198e0a75fb6981f89b2a989b3f422fda862be38ec22e169c798c8d0c98022000bfd5570d63d8a3ce2795cc0b570f6769620bdc779dcb4671245b2bba95905604a16269644e593268796232316c655856696151
---
{1: {"id": h'C2D80657076C96C11A474700327F9028', "type": "public-key"}, 2: h'74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF0010000000F', 3: h'3045022100FEABE7198E0A75FB6981F89B2A989B3F422FDA862BE38EC22E169C798C8D0C98022000BFD5570D63D8A3CE2795CC0B570F6769620BDC779DCB4671245B2BBA959056', 4: {"id": h'593268796232316C655856696151'}}
I've analyzed the behavior using Wireshark and Chrome debugging tools.
Chrome device-log (chrome://device-log)
FIDOError[23:33:04] Ignoring status 18 from usb-cafe:4004
FIDOError[23:33:04] -> (rejected CBOR structure) {1: {"id": h'37A12AEF2288D30ADFF41FF13FDCEFEB72364EC1A5DC7B06814CCF6F1646B6AD1C6455D725582935F3321B32AF111FB20D6129E06F1AA320B1675588B8CE3890', "type": "public-key"}, 2: h'74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF04100000007', 3: h'3045022015A60423185E4E7BCC50425502CE86B30A3DEFD4337007BC1ED802CA3456FED6022100CEB329FFDFD878DACBD2311748624B0F44577E66F7D00D08052B13EC1626830E'}
FIDODebug[23:33:04] AdapterDiscoveringChanged() is_scanning=1
FIDODebug[23:33:04] Discovery session started.
FIDODebug[23:33:04] <- 2 {1: "webauthn.io", 2: h'7212A2F6DD50577AB7E2E962537C6BF373DAC511359047128CF4FB803F189511', 3: [{"id": h'37A12AEF2288D30ADFF41FF13FDCEFEB72364EC1A5DC7B06814CCF6F1646B6AD1C6455D725582935F3321B32AF111FB20D6129E06F1AA320B1675588B8CE3890', "type": "public-key"}]}
FIDODebug[23:33:04] The device supports the CTAP2 protocol.
FIDODebug[23:33:04] -> {1: ["FIDO_2_0"], 3: h'FA2B99DC9E3942578F924A30D23C4118', 4: {"rk": false, "up": true, "plat": false}}
FIDODebug[23:33:04] Sending CTAP2 AuthenticatorGetInfo request to authenticator.
FIDODebug[23:33:04] BLE adapter address 00:24:D6:F8:95:57
FIDODebug[23:33:04] Android accessory discovery started
FIDOEvent[23:33:04] Starting GetAssertion flow
FIDODebug[23:33:04] Found 0 caBLEv2 devices
FIDODebug[23:30:00] -> {1: "packed", 2: h'74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF04100000006FA2B99DC9E3942578F924A30D23C4118004037A12AEF2288D30ADFF41FF13FDCEFEB72364EC1A5DC7B06814CCF6F1646B6AD1C6455D725582935F3321B32AF111FB20D6129E06F1AA320B1675588B8CE3890A5010203262001215820CC105C15A0179913C46FFE0974C5D6DAB41AA33CDB247B5C35ED5DB36DC5B039225820889DC50608AA17AC8A792A578E82512872F16DB8979A22A5AE3207A0F76DB4F5', 3: {"alg": -7, "sig": h'30440220452E6EE9ADCD02A56B6C712988D17988C34BA33EF32E5894FCAAD14DBBEBBF90022076F66C66CE1247EAB31067897B488C0B887BF470370AF320403D948FDE125A67'}}
FIDODebug[23:29:59] AdapterDiscoveringChanged() is_scanning=1
FIDODebug[23:29:59] Discovery session started.
FIDODebug[23:29:59] <- 1 {1: h'278AFCA4A91A40C4D081D61D60E9B9C95EE1E81A444AC17EC97AD0D2784F5AAE', 2: {"id": "webauthn.io", "name": "webauthn.io"}, 3: {"id": h'6447687063326C7A5958526C63335178', "name": "thisisatest1", "displayName": "thisisatest1"}, 4: [{"alg": -7, "type": "public-key"}]}
FIDODebug[23:29:59] The device supports the CTAP2 protocol.
FIDODebug[23:29:59] -> {1: ["FIDO_2_0"], 3: h'FA2B99DC9E3942578F924A30D23C4118', 4: {"rk": false, "up": true, "plat": false}}
FIDODebug[23:29:59] Sending CTAP2 AuthenticatorGetInfo request to authenticator.
FIDODebug[23:29:59] BLE adapter address 00:24:D6:F8:95:57
FIDODebug[23:29:59] Android accessory discovery started
FIDODebug[23:29:59] Found 0 caBLEv2 devices
HIDUser[22:58:42] HID device added: vendorId=51966, productId=16388, name='SugarYourCoffee CandyStick FIDO', serial='cafebabe', deviceIds=['/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:CAFE:4004.0018/hidraw/hidraw5'], reportDescriptor='BtDxCQGhAQkCFQAm/wB1CJVAgQIJAxUAJv8AdQiVQJECwA=='
USBUser[22:58:42] USB device added: path=/dev/bus/usb/001/025 vendor=51966 "SugarYourCoffee", product=16388 "CandyStick FIDO", serial="cafebabe", guid=f83734fa-a1ef-45ef-846b-9c9d64f1a9f4
USBUser[22:58:32] USB device removed: path=/dev/bus/usb/001/024 guid=68215484-5c3f-4c3a-b99e-bf75049ee5af
HIDUser[22:58:32] HID device removed: deviceId='/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:CAFE:4004.0017/hidraw/hidraw5'
In Chrome, open chrome://device-log to see Chrome's debug logging about CTAP2 messages. The errors are not always super-detailed. If it's something generic (like "structural error") then please include the full trace from device-log (i.e. including the getInfo exchange.)