FIDO2 Server test invalid: TPM attestation P-3 Send a valid ServerAuthenticatorAttestationResponse with "tpm" attestation pubArea.nameAlg is not matching algorithm used for generate attested.name, and check that server succeeds #773
Assignees
Labels
Awaiting Release
Is ready and is awaiting merge for the next release
Comments
iirachek
added
the
Awaiting Release
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org
What is the version of the tool are you using?
What is the OS and the version are you running?
For desktop tools
For UAF mobile tools
Issue description
I used to have access to the server tests github repo (fido2-server-conformance-module) but that seems to have been revoked. In any case I have an old copy of the repo, and the test for
"P-3 Send a valid ServerAuthenticatorAttestationResponse with "tpm" attestation pubArea.nameAlg is not matching algorithm used for generate attested.name, and check that server succeeds" defined around line 82 of the file ./tests/Server/MakeCredential/Server-ServerAuthenticatorAttestationResponse-Resp-9.js is invalid.
After many discussions involving the original author Yuri Ackermann, @dturnerx , and TPM SME Monty Wiseman it has been determined that the algorithm identifier in certInfo is authoritative, and that in public area should always be the same.
For discussion of the matter see:
w3c/webauthn#1925
w3c/webauthn#2193
Please remove this test case.
The text was updated successfully, but these errors were encountered: