Missing pinUvAuthToken fetch in Authr-CredentialManagement-EnumerateRPs Test P-2

[nagreme]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

• [x] I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

• [ ] FIDO2 Server
• [ ] CTAP2.0
• [x] CTAP2.1
• [ ] UAF 1.1
• [ ] U2F 1.1
• [ ] U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

• [x] Security Key / FIDO2 / U2F authenticators
• [ ] Server
• [ ] UAF Client-ASM-Authenticator combo
• [ ] UAF Client
• [ ] UAF ASM-Authenticator

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

v1.7.11

What is the OS and the version are you running?

For desktop tools

• [ ] OSX
• [x] Windows 11
• [ ] Linux

For UAF mobile tools

• [ ] iOS
• [ ] Android

Issue description

Authr-CredentialManagement-EnumerateRPs Test P-2 was passing on 1.7.10 but is now failing on 1.7.11 (same authenticator implementation) with pin auth invalid error (CTAP2_ERR_PIN_AUTH_INVALID).

Cause seems to be that the test in the 1.7.11 version of the tool doesn't re-fetch the pinUvAuthToken (Generating test PUAT..., i.e. getKeyAgreement + getPinToken) before sending the request unlike other tests in the same category.

v1.7.10

v1.7.11

If we can just add that back in the test it would resolve this.

Otherwise if this removal was intentional can you provide an explanation/reason?

[yackermann]

@nagreme is that for NFC?

[yackermann]

Otherwise:

P1 - Runs all necessary pre-sets, and initiates enumeration P2 - Actually calls GetNextRP.

P1 uses PUAT to inialise RP enumeration, while P2 simply continues to call for next entry, which does not require PUAT

[nagreme]

@nagreme is that for NFC?

Yes, it is for NFC

[yackermann]

ok, I am trying to reproduce but having problem. What reader do you have?

[nagreme]

I have the same error on both:

• Identiv uTrust 4701 F
• HID Omnikey 5022 CL

Also if it's relevant, I am using a smart card not a usb token with NFC

[yackermann]

Ok, confirmed and resolved.!

[nagreme]

Awesome thank you! 🙂

[yackermann]

latest build: https://builds.fidoalliance.org/Desktop%20UAF%20FIDO2%20U2F/v1.7.14/