ctap2.1 AuthenticatorConfig.js P-2 toggleAlwaysUv

[nuno0529]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

• [ ] I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

• [ ] FIDO2 Server
• [ ] CTAP2.0
• [x] CTAP2.1
• [ ] UAF 1.1
• [ ] U2F 1.1
• [ ] U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

• [x] Security Key / FIDO2 / U2F authenticators
• [ ] Server
• [ ] UAF Client-ASM-Authenticator combo
• [ ] UAF Client
• [ ] UAF ASM-Authenticator

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

1.6.36

What is the OS and the version are you running?

For desktop tools

• [ ] OSX
• [x] Windows
• [ ] Linux

For UAF mobile tools

• [ ] iOS
• [ ] Android

Issue description

ctap2.1 spec allows the authenticator to not support disabling alwaysUv. https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#:~:text=else%20return%20ctap2_err_operation_denied

[nuno0529]

So https://github.com/fido-alliance/ctap2.1-conformance-module/blob/main/tests/CTAP2/Protocol/Extensions/hmacSecret.js#L56 need also handle this denied case.

[nuno0529]

Btw, actually authenticators can use the behavior Not allow toggleAlwaysUv to workaround the hmac-secret P-6 issue to make the test item to be ignored, https://github.com/fido-alliance/conformance-test-tools-resources/issues/620#issuecomment-984417757

[yackermann]

Addressed in 1.6.38+

[yackermann]

Resolved in 1.6.38 https://builds.fidoalliance.org/Desktop%20UAF%20FIDO2%20U2F/EXPERIMENTAL/v1.6.38/

[nuno0529]

Thanks, I have verified it with v1.6.38

[nuno0529]

Filed one relative issue #650