Ext: CredProtect - CTAP2.0 Authenticator

JisungPark0122 commented 4 months ago

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

[x] I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

[ ] FIDO2 Server
[x] CTAP2.0
[ ] CTAP2.1
[ ] UAF 1.1
[ ] U2F 1.1
[ ] U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

[x] Security Key / FIDO2 / U2F authenticators
[ ] Server
[ ] UAF Client-ASM-Authenticator combo
[ ] UAF Client
[ ] UAF ASM-Authenticator

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

v1.7.19

What is the OS and the version are you running?

For desktop tools

[ ] OSX
[x] Windows
[ ] Linux

For UAF mobile tools

[ ] iOS
[ ] Android

Issue description

This extension is not required in CTAP2.0 specification. Please check

iirachek commented 3 months ago

CredProtect is required by the security requirements to the FIDO authenticators.

See section 3.4 Privacy, requirement 4.6:

The Authenticator shall implement the CredProtect extension.

JisungPark0122 commented 3 months ago

Hi @iirachek Thank for your reply.

As my test result, It'll be failed if "credProtect" extension set to userVerificationOptionalWithCredentialIDList(0x02) or userVerificationRequired(0x03). Ext_CredProtected

How do I implement "credProtect" extension in CTAP2.0 authenticator?

fido-alliance / conformance-test-tools-resources