Hi I'm writing my own FIDO2 authenticator implementation. The firmware runs on a SAM E51 Curiosity Nano. I use tinyusb for the communication with the client (raw usb) and can successfully create new credentials and get/verify assertions using the libfido2 suite.
When I try to test my authenticator with one of the WebAuthn test websites (webauthn.io, webauthn.me, ...) using Firefox, the browser seems to ignore the device/ doesn't recognize it.
Do I need to whitelist the device in some way or is there a specific usb configuration required?
I don't really know what to look for.
new full-speed USB device number 29 using xhci_hcd
[15568.051250] usb 1-1: New USB device found, idVendor=cafe, idProduct=4004, bcdDevice= 1.00
[15568.051265] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[15568.051272] usb 1-1: Product: CandyStick FIDO
[15568.051278] usb 1-1: Manufacturer: SugarYourCoffee
[15568.051282] usb 1-1: SerialNumber: cafebabe
[15568.054804] hid-generic 0003:CAFE:4004.0027: hiddev1,hidraw3: USB HID v1.11 Device [SugarYourCoffee CandyStick FIDO] on usb-0000:00:14.0-1/input0
new full-speed USB device number 30 using xhci_hcd
[16832.270596] usb 1-1: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.12
[16832.270611] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[16832.270618] usb 1-1: Product: YubiKey OTP+FIDO+CCID
[16832.270624] usb 1-1: Manufacturer: Yubico
[16832.275477] input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:1050:0407.0028/input/input38
[16832.333245] hid-generic 0003:1050:0407.0028: input,hidraw3: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1/input0
[16832.334542] hid-generic 0003:1050:0407.0029: hiddev1,hidraw4: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1/input1
The only difference I see is that the YubiKey can also act as a input device.
I couldn't find anything related to my problem online.
So like I mentioned in a comment below, systems detect possible HID authenticators through the F1D0
usage page.
One interesting thing is that I'm able to create new credentials for webauthn.io and webauthn.me with Chrome, but not with Firefox. Assertions don't work with either browser (but this seems like a different issue).
CBOR errors, like the wrong order of keys, seem to trigger a warning when using Chrome (something like: old or unsupported authenticator).
I'm really curious why Chrome is able to detect my authenticator and Firefox is not. Unfortunately there is no clear documentation on how both browsers enumerate authenticators. I've started reading through a fork of the Firefox source code, but wasn't able to pinpoint the code that checks for F1D0
or something similar.
I'm not sure that Firefox supports CTAP2 authenticators on non-Windows platforms. You may need to implement U2F (i.e. CTAP1) for Firefox support.