Clarity on U2F vs CTAP 2.1 for conformance tool

39 views
Skip to first unread message

Fujimi Bentley

unread,
Sep 27, 2024, 7:44:05 PMSep 27
to FIDO Dev (fido-dev)
Hello FIDO community!

I am trying to understand the condition for whether a token should operate with U2F or CTAP 2.1 behaviour during the makecredential operation, for HID USB

My understanding is if the token operates like this:
1. Token is connected
2. broadcast for CID
3. AuthenticatorMakeCredential
This is U2F mode

If token operates like this:
1. Token is connected
2. broadcast for CID
3. GetInfo
4. AuthenticatorMakeCredential
This is CTAP 2.1 mode

The reason why this is important is for step: Authr-MakeCred-Req-1 Test authenticatorMakeCredential(0x01) request MAP, just before this step is checking the output from getinfo.
As this step expects U2F behavoiur, yet there is no Reset command given to token, my FIDO implementation expects a reset to rever back to U2F (not unplug plug back in, it is quite troublesome to do as the user must verify themselves on the token before it is even usable) so can I please confirm:

Q1: Can U2F reoccur on new CID's?
Q2: Can the conformance tool have a reset step each time U2F behaviour is expected?
Q3: Am I totally wrong and missing something?

I am thinking of implementing 1, but then how many CID's should the token keep track of? I am tempted to do an unsigned 4 byte integer with a bit field to track the last 32 CID's this will pass the conformance test but I feel is not the point, I don't see anywhere in the CTAP 2.1 spec to cover this behaviour as client PIN is not set.

Regards!

Fujimi

Fujimi Bentley

unread,
Sep 29, 2024, 11:12:17 PMSep 29
to FIDO Dev (fido-dev), Fujimi Bentley
Moderator please delete this thread, I can't seem to be able to

It's a duplicate of: 
https://groups.google.com/a/fidoalliance.org/g/fido-dev/c/67AntfstcNg

CTAP v2.1 and U2F behaviour

I did not realize that posts are not visible till approved, sorry!!!
Reply all
Reply to author
Forward
0 new messages