[BUG] Invalid Value sent in Protected header in message 61

[Sai-Anudeep47]

To simplify issue resolution process, please provide network logs, and or test voucher. to2_msg61_invalid_protected_header_logs.txt

What part of the spec are you testing?

• [ ] Rendezvous Server
• [ ] Device Onboarding Service
• [x] Device Implementation

What protocol are having issue with?

• [ ] TO0
• [ ] TO1
• [x] TO2

Issue description

• Null/ Invalid value for protected header is sent by conformance owner in message 61.
• According to Specification and COSE RFC https://www.rfc-editor.org/rfc/rfc8152#section-4.2 and Table 2 in https://www.rfc-editor.org/rfc/rfc8152#section-3.1, it should be a map value of {1 : COSE_ALG}
• Expected protected header for ECDSA384 attestation type in diagnostic form h'A1013822'
• Received protected header in diagnostic form h'A0'

Log is attached for reference

[yackermann]

So the spec is kind of confusing on that part:

Here is a definitions in the protected header:

https://drafts.fidoalliance.org/internet-of-things-specs/stable-links-to-latest/FIDO-IoT-spec.html#cose-signatures

$$COSEProtectedHeaders /= ()

The only time the header contains any algorithms is in Voucher:

$COSEProtectedHeaders //= (
    1: OVSignType
)

I do agree that we should be specifying it, and have added it to the latest build.

But it does need to be addressed in the spec: @GeofCooper