I'm trying webauthn with EdDSA. I understand that pico-fido does not support this. But when sending a pubKeyCredParams list with both supported (ECDSA) and unsupported EdDSA for makeCred operation then pico-fido returns error code CTAP2_ERR_CBOR_UNEXPECTED_TYPE. In my opiniion this not a conformant implementation. 6.1.2. authenticatorMakeCredential Algorithm states
If the values of any known members have the wrong type then return an error, for example CTAP2_ERR_CBOR_UNEXPECTED_TYPE.
My interpretation is that the type of the CBOR values, not the values itself are meant. E.g. that an integer was expected but a string was provided. Also there is the Note
This loop chooses the first occurrence of an algorithm identifier supported by this authenticator but always iterates over every element of pubKeyCredParams to validate them.
This further supports my interpretation, that the loop is meant for choosing a supported algorithm, not for checking that all listed algorithms are supported. Can the implementation be changed to simply ignore the entries with unsupported algorithms?
I'm trying webauthn with EdDSA. I understand that pico-fido does not support this. But when sending a pubKeyCredParams list with both supported (ECDSA) and unsupported EdDSA for makeCred operation then pico-fido returns error code CTAP2_ERR_CBOR_UNEXPECTED_TYPE. In my opiniion this not a conformant implementation. 6.1.2. authenticatorMakeCredential Algorithm states
My interpretation is that the type of the CBOR values, not the values itself are meant. E.g. that an integer was expected but a string was provided. Also there is the Note
This further supports my interpretation, that the loop is meant for choosing a supported algorithm, not for checking that all listed algorithms are supported. Can the implementation be changed to simply ignore the entries with unsupported algorithms?