YoHidden
unread,Jul 12, 2024, 9:27:04 AM (4 days ago) Jul 12Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to FIDO Dev (fido-dev)
Hi,
I'm implementing a FIDO2 authenticator in an smartcard. It works ok against various authentication webs and now I am running the Conformance Test tools supplied by the FIDO Alliance.
To make a more efficient use of the internal resources, the device is set up to use non-discoverable credentials and to not maintain any state. Also, a random element has been added to the making of the credential id so even with the same input parameters the generated credential id will be different.
However, when running the Conformance Test tool, this generates the following attempt:
F-7 [TODO] Send CTAP2 authenticatorMakeCredential(0x01) message, with "excludeList" that contains "PublicKeyCredentialDescriptor" with "id" set to the ID of the previously registered authenticator, wait for the response, and check that Authenticator returns an error
If the device is not using discoverable credentials, does it make any sense this test? SInce the device is not keeping any state about the non-discoverable generated credentials, there's no way for it to detect a previously generated credential, for a certain site. What am I missing here ?
And, if I'm correct in the doing... how can I bypass this test in order to run conformance successfully?
Thanks in advance for any light you may bring to me for this.