Stateful commands shouldn't use different channels

[kaczmarczyck]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

• [x] I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

• [ ] FIDO2 Server
• [ ] CTAP2.0
• [x] CTAP2.1
• [ ] UAF 1.1
• [ ] U2F 1.1
• [ ] U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

• [x] Security Key / FIDO2 / U2F authenticators
• [ ] Server
• [ ] UAF Client-ASM-Authenticator combo
• [ ] UAF Client
• [ ] UAF ASM-Authenticator

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

v1.7.17

What is the OS and the version are you running?

For desktop tools

• [ ] OSX
• [x] Windows
• [ ] Linux

For UAF mobile tools

• [ ] iOS
• [ ] Android

Issue description

Tests for stateful commands don't work for me, and to fix that, I'd have to introduce a security vulnerability. The tool calls CTAPHID Init before each CTAP command. Therefore, a new HID channel is used for each command. From the authenticator's perspective, it is indistinguishable whether it is talking to different clients or the same client, if they don't use the same HID channel.

So if you call GetAssertion on HID channel 1, and then GetNextAssertion on HID channel 2, the GetNextAssertion command should be rejected, as it might otherwise leak assertion responses to a client that didn't collect the required UV, for example.

Affected tests with links for those with access:

• P-2 and P-3 in ResidentKey
• P-2 in EnumerateCredentials
• P-3 in EnumerateRPs

[iirachek]

This should be resolved with changes introduced in the 1.17.18 version.

[kaczmarczyck]

Confirmed, works now.