Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected keys in CTAP2 responses should be ignored #343

Open
hvge opened this issue Dec 17, 2024 · 0 comments
Open

Unexpected keys in CTAP2 responses should be ignored #343

hvge opened this issue Dec 17, 2024 · 0 comments

Comments

@hvge
Copy link

hvge commented Dec 17, 2024

Hello,

I'm working on a FIDO2 hardware token that supports the CTAP2.1 protocol, and we have identified an issue with Mozilla Firefox on Linux. Specifically, when the authenticatorGetAssertion command's response contains keys introduced in CTAP2.1, the entire response is rejected. This behavior contradicts the specification, which mandates that implementations must ignore any keys they do not understand.

Refer to the CTAP2.1 specification, which states:

"If map keys are present that an implementation does not understand, they MUST be ignored. Note that this enables additional fields to be used as new features are added without breaking existing implementations."

Our hardware token includes the userSelected member in the authenticatorGetAssertion response structure. After investigation, I identified that this line in the code is responsible for rejecting the entire response.

Although I have not reviewed other commands in depth, the "ignore unknown keys" principle applies universally to all responses returned by the authenticator.

Thank you for reviewing this issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hvge