search

fido-alliance / conformance-test-tools-resources

Certification Test Tools Resources. For security and privacy related issues email tools@certification.fidoalliance.org
https://fidoalliance.org/certification/functional-certification/conformance/
40 stars 14 forks source link

AuthenticBioEnrollment: remaining Power Off/ Power On on each command enrollCaptureNextSample in Conformance test tool #705

Closed carov0610 closed 1 year ago

carov0610 commented 1 year ago

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

What protocol are you implementing?

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

FIDO Conformance Tools v1.7.11

What is the OS and the version are you running?

For desktop tools

For UAF mobile tools

Issue description

In test P-2 If authenticator supports BioEnrollment API: Send authenticatorBioEnrollment(0x09) with enrollBegin(0x01) with supported modality. Check that command succeeds. Keep sending enrollCaptureNextSample(0x02) for the specified templateId, and check that: (b) remainingSamples(0x06) - number, and is the same or less than previous request (c) lastEnrollSampleStatus(0x05) - number, a valid BE status code When remainingSamples is 0, and lastEnrollSampleStatus is CTAP2_ENROLL_FEEDBACK_FP_GOOD(0x00) power off / power on occurs between each command enrollCaptureNextSample. It prevents the enrollment to progress (linked to issue #693 closed)

carov0610 commented 1 year ago

It seems the problem rely in it(`P-2

    If authenticator supports BioEnrollment API: Send authenticatorBioEnrollment(0x09) with enrollBegin(0x01) with supported modality. Check that command succeeds.

    Keep sending enrollCaptureNextSample(0x02) for the specified templateId, and check that:
        (b) remainingSamples(0x06) - number, and is the same or less than previous request
        (c) lastEnrollSampleStatus(0x05) - number, a valid BE status code

    When remainingSamples is 0, and lastEnrollSampleStatus is CTAP2_ENROLL_FEEDBACK_FP_GOOD(0x00), stop

`, function() {
    if(!bioEnrollSupported) {
        this.skip();
    }

    const subCommandParams = {
        0x03: 10000 // TODO investigate
    }

    const subCommandParams_bytes = navigator.fido.fido2.cbor.JSONToCBORArrayBuffer(subCommandParams);

    let templateId = undefined
    return sendValidCTAP_CBOR(BioEnrollment21_GenerateCMD({
        'modality'          : BioEnrollment21_Modalities.fingerprint,
        'subCommand'        : BioEnrollment21_ReqSubCommand.enrollBegin,
        'subCommandParams'  : subCommandParams,
        'pinUvAuthProtocol' : pinUvAuthProtocol,
        'pinUvAuthParam'    : ClientPinLatest_core_authenticate_raw(pinUvAuthToken, pinUvAuthProtocol, mergeArrayBuffers(
            new Uint8Array([BioEnrollment21_Modalities.fingerprint, BioEnrollment21_ReqSubCommand.enrollBegin]),
            subCommandParams_bytes
        ))

    }))
    .then((response) => {
        templateId = response.cborResponseStruct[BioEnrollment21_RespParams.templateId];
        return captureNext(templateId)
    })
})

, {'dontResetCard': true}) is missing

yackermann commented 1 year ago

@carov0610, yes you correct. New build out Wednesday

yackermann commented 1 year ago

https://builds.fidoalliance.org/Desktop%20UAF%20FIDO2%20U2F/v1.7.12/