kaczmarczyck
commented
4 years ago As discussed in https://github.com/google/OpenSK/issues/126 , UTF8 tests will be informative for CTAP2.0, whereas CTAP2.1 more thoroughly defines correct behavior.
Open geofli opened 4 years ago
kaczmarczyck
commented
4 years ago As discussed in https://github.com/google/OpenSK/issues/126 , UTF8 tests will be informative for CTAP2.0, whereas CTAP2.1 more thoroughly defines correct behavior.
According to CTAP 2.0 Proposed Standard: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html
and
CTAP 2.1 Review Draft: https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html
and latest working draft, to authenticatorClientPIN:
"newPin" be the UTF-8 representation of "newPinUnicode". "curPin" be the UTF-8 representation of "curPinUnicode"
So authenticator should check newPin and curPin against UTF-8 encoding, then test tool should test this with wrong/correct UTF-8 encoding input parameters.