Closed carov0610 closed 1 year ago
carov0610
commented
1 year ago After source code review, difference seems to be in CredentialManagement-21-EnumerateRPs.js and CredentialManagement-21-EnumerateCredentials.js in v1.7.6 " beforeEach(function() { this.timeout(30000);
return refreshPUATWithPermissionCM();
})
this.timeout(60000);" in v1.7.11 Nothing
yackermann
commented
1 year ago @carov0610 Yes, this is correct. The reason that this was removed that in 1.7.6 it was forcing authenticator regenerate session token, thus resetting authenticator state, forcing tools to fail when GetNextCredential was called.
So current implementation is correct.
I just ran tests on few other devices and they passing without any problems.
carov0610
commented
1 year ago Hi Yuriy
Thank you for your answer to all the open issues.
But I still disagree with your conclusion.
The problem occurs on authenticatorCredentialManagement enumerateRpsBegin
The test selects FIDO applet and then sends directly this command.
Trace
Test started: P-2
If authenticator supports Credential Management API: Send authenticatorCredentialManagement(0x0D) with enumerateRPsBegin(0x02), and check that result:
(a) Result.rp is present and of type MAP
(b) Result.rp.id is present and is of type String.
(c) Result.rp.id is in a list of known rpIDs.
(d) Result.rpIDHash is a valid SHA-256 hash of Result.rp.id, and is of type BYTESTRING.
(e) Result.totalRPs is a Number and is set to 2, same as a number of registered RPIDs.VM234:3284 Sending CTAP CMD: CredentialManagement... VM234:3285 Uint8Array(40) [163, 1, 2, 3, 2, 4, 88, 32, 16, 222, 170, 141, 92, 71, 157, 71, 243, 94, 164, 54, 24, 245, 74, 65, 108, 164, 34, 52, 202, 74, 6, 240, 41, 32, 255, 65, 16, 40, 255, 47] C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:122 Selected protocol "2" for reader "Broadcom Corp Contacted SmartCard 0" C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:238 NFC DATA SENT: 00a4040008a0000006472f000100 C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:243 NFC DATA RECEIVED: 5532465f56329000 C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:211 RECEIVED SW_NO_ERROR C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:238 NFC DATA SENT: 80100000290aa30102030204582010deaa8d5c479d47f35ea43618f54a416ca42234ca4a06f02920ff411028ff2f00 C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:243 NFC DATA RECEIVED: 339000 the authenticator logically answers CTAP2_ERR_PIN_AUTH_INVALID error.
In this command, parameters pinUvAuthProtocol and pinUvAuthParam are mandatory. How can you expect to get these parameters verified when you don’t send any command authenticatorClientPin getKeyAgreement and you don’t get pinUvAuthToken before?
The spec says 6.8.3. Enumerating RPs Following operations are performed to enumerate RPs present on the authenticator:
Thank you to reconsider the issue.
Best Regards
Caroline
From: Ackermann Yuriy @.> Sent: lundi 3 juillet 2023 12:26 To: fido-alliance/conformance-test-tools-resources @.> Cc: VOGUE Caroline @.>; Mention @.> Subject: Re: [fido-alliance/conformance-test-tools-resources] Regression on FIDO Conformance Tools v1.7.11 : authenticatorConfiguration API tests (Issue #706)
@carov0610https://github.com/carov0610 Yes, this is correct. The reason that this was removed that in 1.7.6 it was forcing authenticator regenerate session token, thus resetting authenticator state, forcing tools to fail when GetNextCredential was called.
So current implementation is correct.
I just ran tests on few other devices and they passing without any problems.
— Reply to this email directly, view it on GitHubhttps://github.com/fido-alliance/conformance-test-tools-resources/issues/706#issuecomment-1617841431, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A25FFHHEYY2Z2ADKFZA3TH3XOKM4BANCNFSM6AAAAAAWLVEUPM. You are receiving this because you were mentioned.Message ID: @.**@.>>
carov0610
commented
1 year ago I used USBPcap in order to check commands exchanged.
No. Time Source Destination Protocol Length Info 730 21.146105 1.2.2 host USBCCID 49 CCID Packet - Reader to PC: Data Block
Frame 730: 49 bytes on wire (392 bits), 49 bytes captured (392 bits) USB URB USB CCID Data (12 bytes)
0000 00 40 08 00 a2 01 02 02 06 90 00 7d .@.........}
No. Time Source Destination Protocol Length Info 731 21.147135 host 1.2.2 USBCCID 37 CCID Packet - PC to Reader: ICC Power Off
Frame 731: 37 bytes on wire (296 bits), 37 bytes captured (296 bits) USB URB USB CCID
No. Time Source Destination Protocol Length Info 735 21.170012 host 1.2.2 USBCCID 37 CCID Packet - PC to Reader: ICC Power Off
Frame 735: 37 bytes on wire (296 bits), 37 bytes captured (296 bits) USB URB USB CCID
No. Time Source Destination Protocol Length Info 739 21.185465 host 1.2.2 USBCCID 37 CCID Packet - PC to Reader: ICC Power On
Frame 739: 37 bytes on wire (296 bits), 37 bytes captured (296 bits) USB URB USB CCID
No. Time Source Destination Protocol Length Info 742 21.229813 1.2.2 host USBCCID 62 CCID Packet - Reader to PC: Data Block
Frame 742: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) USB URB USB CCID Data (25 bytes)
0000 3b ff 96 00 00 81 31 fe 43 80 31 80 65 b0 84 66 ;.....1.C.1.e..f 0010 69 fb 12 ff fe 82 90 00 f1 i........
No. Time Source Destination Protocol Length Info 743 21.247749 host 1.2.2 USBCCID 44 CCID Packet - PC to Reader: Set Parameters
Frame 743: 44 bytes on wire (352 bits), 44 bytes captured (352 bits) USB URB USB CCID Data (7 bytes)
0000 96 10 00 43 00 fe 00 ...C...
Frame 746: 44 bytes on wire (352 bits), 44 bytes captured (352 bits) USB URB USB CCID
No. Time Source Destination Protocol Length Info 747 21.268315 host 1.2.2 USBCCID 42 CCID Packet - PC to Reader: Transfer Block
Frame 747: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) USB URB USB CCID Data (5 bytes)
0000 00 c1 01 f7 37 ....7
USB URB
No. Time Source Destination Protocol Length Info 750 21.275521 1.2.2 host USBCCID 42 CCID Packet - Reader to PC: Data Block
Frame 750: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) USB URB USB CCID Data (5 bytes)
0000 00 e1 01 f7 17 .....
No. Time Source Destination Protocol Length Info 751 21.275727 host 1.2.2 USBCCID 55 CCID Packet - PC to Reader: Transfer Block
Frame 751: 55 bytes on wire (440 bits), 55 bytes captured (440 bits) USB URB USB CCID Data (18 bytes)
0000 00 00 0e 00 a4 04 00 08 a0 00 00 06 47 2f 00 01 ............G/.. 0010 00 69 .i
No. Time Source Destination Protocol Length Info 774 21.536395 1.2.2 host USBCCID 49 CCID Packet - Reader to PC: Data Block
Frame 774: 49 bytes on wire (392 bits), 49 bytes captured (392 bits) USB URB USB CCID Data (12 bytes)
0000 00 00 08 55 32 46 5f 56 32 90 00 82 ...U2F_V2...
No. Time Source Destination Protocol Length Info 775 21.539490 host 1.2.2 USBCCID 88 CCID Packet - PC to Reader: Transfer Block
Frame 775: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) USB URB USB CCID Data (51 bytes)
0000 00 40 2f 80 10 00 00 29 0a a3 01 02 03 02 04 58 .@/....).......X.......X) 0010 20 0d ae 93 de 91 fd 8b 5b b4 f3 9a dd 5d 85 c3 .......[....].. 0020 5e a9 3e 4c b8 6f 04 b2 77 a0 a9 46 e5 2a 09 8a ^.>L.o..w..F.*.. 0030 6f 00 b7 o..
No. Time Source Destination Protocol Length Info 778 21.573014 1.2.2 host USBCCID 44 CCID Packet - Reader to PC: Data Block
Frame 778: 44 bytes on wire (352 bits), 44 bytes captured (352 bits) USB URB USB CCID Data (7 bytes)
0000 00 40 03 33 90 00 e0 .@.3...
No. Time Source Destination Protocol Length Info 779 21.603615 host 1.2.2 USBCCID 37 CCID Packet - PC to Reader: ICC Power Off
yackermann
commented
1 year ago @carov0610 try this: https://builds.fidoalliance.org/Desktop%20UAF%20FIDO2%20U2F/v1.7.14/
carov0610
commented
1 year ago Hi Yuriy,
Tests passed. Thank you!
From: Ackermann Yuriy @.> Sent: lundi 24 juillet 2023 05:54 To: fido-alliance/conformance-test-tools-resources @.> Cc: VOGUE Caroline @.>; Mention @.> Subject: Re: [fido-alliance/conformance-test-tools-resources] Regression on FIDO Conformance Tools v1.7.11 : authenticatorConfiguration API tests (Issue #706)
@carov0610https://github.com/carov0610 try this: https://builds.fidoalliance.org/Desktop%20UAF%20FIDO2%20U2F/v1.7.14/
— Reply to this email directly, view it on GitHubhttps://github.com/fido-alliance/conformance-test-tools-resources/issues/706#issuecomment-1647158877, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A25FFHEBXP6I5MTYCRHZ4Y3XRXWWRANCNFSM6AAAAAAWLVEUPM. You are receiving this because you were mentioned.Message ID: @.**@.>>
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org
What is the version of the tool are you using?
FIDO Conformance Tools v1.7.11
What is the OS and the version are you running?
For desktop tools
For UAF mobile tools
Issue description
There is a regression between FIDO Conformance Tools v1.7.6 and FIDO Conformance Tools v1.7.11 On v6, a PINuvAuthToken was created before command authenticatorConfig. On v11, this command is played directly after selection of the applet
Traces
v6 Test started: P-2
Generating test PUAT with permissions... Sending CTAP CMD: ClientPIN... Uint8Array(5) Selected protocol "2" for reader "Gemalto USB Smart Card Reader 0" NFC DATA SENT: 00a4040008a0000006472f000100 NFC DATA RECEIVED: 5532465f56329000 RECEIVED SW_NO_ERROR NFC DATA SENT: 801000000606a20102020200 NFC DATA RECEIVED: 00a101a501020338182001215820e176f1fea3e784422a28e57936e49af2bc4922f59e6f77b4f70cb820c37526b92258205889a7d24835f14c6823e794013b151d409c952985b217a27e3a3c3c5d793bd39000 RECEIVED SW_NO_ERROR Sending CTAP CMD: ClientPIN... Uint8Array(121) NFC DATA SENT: 801000007a06a50102020903a50102033818200121582066e77f5e3b196780a38afaa2accb38eecdf3238ac686abd66594f12969e6c21a2258202ac3950456f0b7b9c132e5465ca533b42650420b9e521d907061f731c158a7190658200a24c11e6b82eb9c7c945cb3fddf464b8c63e57ba46fe039e53c33b25d408fa4090400 NFC DATA RECEIVED: 00a1025830236f16e3d57d16b98bf3d918bdc75d111026c0e61a3248eed9e4607c9bdb4d81b726935999196977024cc03891fd567f9000 RECEIVED SW_NO_ERROR Object Sending CTAP CMD: CredentialManagement... Uint8Array(40) NFC DATA SENT: 80100000290aa301020302045820ab501cc0dc968fef4375bd0f82b8716f7a5b3ad517acd3cf233cbceaca29438800 NFC DATA RECEIVED: 00a303a16269646d7461626c656d75726b792e67610458204a939a967729b151e1b9fc615446d70be54f39fd3febec6f0b33ce4fdb57eb1e05029000 RECEIVED SW_NO_ERROR
v11 Test started: P-2
VM226:3284 Sending CTAP CMD: CredentialManagement... VM226:3285 Uint8Array(40) [163, 1, 2, 3, 2, 4, 88, 32, 102, 198, 239, 9, 36, 60, 107, 244, 8, 82, 55, 116, 44, 210, 94, 105, 72, 156, 141, 49, 19, 207, 176, 55, 53, 166, 192, 87, 222, 133, 82, 85] C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:122 Selected protocol "2" for reader "Gemalto USB Smart Card Reader 0" C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:238 NFC DATA SENT: 00a4040008a0000006472f000100 C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:243 NFC DATA RECEIVED: 5532465f56329000 C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:211 RECEIVED SW_NO_ERROR C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:238 NFC DATA SENT: 80100000290aa30102030204582066c6ef09243c6bf4085237742cd25e69489c8d3113cfb03735a6c057de85525500 C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:243 NFC DATA RECEIVED: 339000 C:\Users\t0265240\AppData\Local\Programs\fido-conformance-tools-electron\resources\app.asar\dependencies\transports\nfcdep.js:211 RECEIVED SW_NO_ERROR controller.js