FIDO2 Server test invalid: TPM attestation P-3 Send a valid ServerAuthenticatorAttestationResponse with "tpm" attestation pubArea.nameAlg is not matching algorithm used for generate attested.name, and check that server succeeds #773
Labels
DONE
Has been implemented as part of one of the published releases
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email [email protected]
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email [email protected]
What is the version of the tool are you using?
What is the OS and the version are you running?
For desktop tools
For UAF mobile tools
Issue description
I used to have access to the server tests github repo (fido2-server-conformance-module) but that seems to have been revoked. In any case I have an old copy of the repo, and the test for
"P-3 Send a valid ServerAuthenticatorAttestationResponse with "tpm" attestation pubArea.nameAlg is not matching algorithm used for generate attested.name, and check that server succeeds" defined around line 82 of the file ./tests/Server/MakeCredential/Server-ServerAuthenticatorAttestationResponse-Resp-9.js is invalid.
After many discussions involving the original author Yuri Ackermann, @dturnerx , and TPM SME Monty Wiseman it has been determined that the algorithm identifier in certInfo is authoritative, and that in public area should always be the same.
For discussion of the matter see:
w3c/webauthn#1925
w3c/webauthn#2193
Please remove this test case.
The text was updated successfully, but these errors were encountered: