I'm trying to test the FIDO (https://fidoalliance.org) capabilities of my Galaxy S6 device using an Android PoC application. So far, I have managed to retrieve the available FIDO authenticators using the DISCOVER Intent and it successfully returned the Fingerprint authenticator.
However, when I try registering the authenticator, via the REGISTER FIDO operation, I'm always getting error code UNKNOWN (0xFF), and I have no idea what's the reason. The FIDO documentation states, that this code will be returned when it is not described by the other 1-7 error codes. I have received error code 5 (No suitable authenticator), 6 (Protocol Error) and 7 (Untrusted Facet ID), while doing trial and error, but in the end, after fixing the cause for these, I'm only left with the UNKNOWN error.
I have checked multiple times, but the syntax is ok with the FIDO docs; leaving it here as well:
Intent intent = new Intent();
intent.setAction("org.fidoalliance.intent.FIDO_OPERATION");
intent.setType("application/fido.uaf_client+json");
intent.putExtra("UAFIntentType", "UAF_OPERATION");
intent.putExtra("message", "{"additionalData":"Registration","uafProtocolMessage":"[{\"header\":{\"upv\":{\"major\":1,\"minor\":0},\"op\":\"Reg\",\"appID\":\"android:apk-key-hash:AcX+251ZfGFOzVVk1uQzgP16e2I\",\"serverData\":\"063de11c-153c-4cbe-ac74-fbe282feffac\"},\"challenge\":\"H9iW9yA9aAXF_lelQoi_DhUk514Ad8Tqv0zCnCqKDpo\",\"username\":\"joe\",\"policy\":{\"accepted\": [[{\"userVerification\": 2,\"keyProtection\": 6,\"tcDisplay\": 2,\"authenticationAlgorithms\":[1],\"assertionSchemes\":[\"UAFV1TLV\"]}]]}}]"}");
intent.putExtra("channelBindings", "{\"serverEndPoint\":null,\"tlsServerCertificate\":null,\"tlsUnique\":null,\"cid_pubkey\":null}");
The component tried to resolve the intent was: ComponentInfo{com.sec.android.fido.uaf.client/com.sec.android.fido.uaf.client.OxygenActivity}, which appears to be exported in its Manifest:
<activity android:exported="true" android:label="@string/title_activity_oxygen" android:name="com.sec.android.fido.uaf.client.OxygenActivity" android:permission="org.fidoalliance.uaf.permissions.FIDO_CLIENT" android:screenOrientation="portrait" android:theme="@style/AppTheme">
<intent-filter>
<action android:name="org.fidoalliance.intent.FIDO_OPERATION"/>
<data android:mimeType="application/fido.uaf_client+json"/>
<category android:name="android.intent.category.DEFAULT"/>
</intent-filter>
</activity>
Has anyone else encountered and found a solution for this?
Note: Tested the same on a Xperia Z5 and the component tried to resolve the Intent was "com.noknok.android.mfac.service". However, on the Z5 I'm always getting Error Code 6 (Protocol Error), instead of Unknown.
I suppose your application is a Fido Client according to the specifications.
Indeed, there already exists an ASM + Authenticator in the galaxy S6 but it can't be called from your application. When creating an ASM + Authenticator you can decide to answer only to a specific Fido client. That is how samsung implemented theirs Galaxy s6 authenticator. (it's probably the same for Xperia).