[FIDO-DEV] AuthenticatorCredentialManagement(0x0A) with enumerateRPsGetNextRP(0x03) / FIDO Conformance Tools v1.6.38 (CTAP2.1 Authenticator)
251 views
Skip to first unread message
fido thales
Jan 17, 2022, 1:33:36 PM1/17/22
to fido...@fidoalliance.org
Hello All,
I'm actually using FIDO Conformance Tools v1.6.38 (CTAP2.1 Authenticator) and i encounter an issue with P-3 test (Authr-CredentialManagement-EnumerateRPs Test authenticatorCredentialManagement(0x0A) command support for discoverable credential metadata and enumeration functionality for RPs) of Credential Management API.
It seems that there is a reset card (power cycle) + select FIDO between P-2 authenticatorCredentialManagement(0x0A) with enumerateRPsBegin(0x02) & P3 (authenticatorCredentialManagement(0x0D) with enumerateRPsGetNextRP(0x03).
According to the CTAP 2.1 specification: §6. Authenticator API, enumerateRPsGetNextRP (0x03) is a stateful command and the specified implementation accommodations apply to it.
"Some commands or subcommands require the authenticator to maintain state. For example, the authenticatorCredentialManagement subcommand
enumerateRPsGetNextRP
implicitly assumes that the authenticator remembers which RP is next to
return. The following (sub)commands require such state and are called stateful commands". If there is a power cycle between enumerateRPsBegin(0x02) & enumerateRPsGetNextRP (0x03) , this state can't be maintained.
=>
The state SHOULD NOT be maintained across power cycles.
did i miss something ?
BTW, this is the same for enumerateCredentialsBegin(0x04) & enumerateCredentialsGetNextCredential(0x05)
Thank you for you clarification.
Regards,
F. Faven
Ackermann Yuriy
Jan 18, 2022, 1:23:05 PM1/18/22
to fido thales, FIDO Dev (fido-dev)
Thanks!
BTW: FIDO Alliance has a public issue tracker! https://github.com/fido-alliance/conformance-test-tools-resources/issues Feel free to submit issues there *)
Yuriy Ackermann
FIDO, Identity, Standardsskype: ackermann.yuriy
github: @herrjemand
twitter: @herrjemand
medium: @herrjemand
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAOnkXD-FD_iVe2N%3D0fPTmSSGeGJ6RFOVsxcZT_16-A6JDcQimQ%40mail.gmail.com.
Ackermann Yuriy
Jan 18, 2022, 1:54:30 PM1/18/22
to fido thales, FIDO Dev (fido-dev)
Resolved in 1.6.39 https://builds.fidoalliance.org/Desktop%20UAF%20FIDO2%20U2F/EXPERIMENTAL/v1.6.39/
Yuriy Ackermann
FIDO, Identity, Standardsskype: ackermann.yuriy
github: @herrjemand
twitter: @herrjemand
medium: @herrjemand
Maja Sucic
Apr 28, 2023, 7:13:16 AM4/28/23
to FIDO Dev (fido-dev), Ackermann Yuriy, FIDO Dev (fido-dev), fido thales
Hello All,
I'm using FIDO2 Conformance Tools v1.7.9 (CTAP2.1 Authenticator) and I encounter the same issue as described above with P-3 test (Authr-CredentialManagement-EnumerateRPs
Test authenticatorCredentialManagement(0x0A) command support for
discoverable credential metadata and enumeration functionality for RPs) of Credential Management API.
Could it be that there is also a card reset between enumerateRPsBegin(0x02) and enumerateRPsGetNextRP(0x03) commands calls in 1.7.9 version?
Could you please describe test scenario checked here in more details?
Best regards,
Maja Sučić
Reply all
Reply to author
Forward
0 new messages