CTAP2-test-tool icon indicating copy to clipboard operation
CTAP2-test-tool copied to clipboard
verified publisher icon google

Test UTF-8 encoding of newPin and curPin

Open geofli opened this issue 5 years ago • 1 comments

According to CTAP 2.0 Proposed Standard: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html

and

CTAP 2.1 Review Draft: https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html

and latest working draft, to authenticatorClientPIN:

"newPin" be the UTF-8 representation of "newPinUnicode". "curPin" be the UTF-8 representation of "curPinUnicode"

So authenticator should check newPin and curPin against UTF-8 encoding, then test tool should test this with wrong/correct UTF-8 encoding input parameters.

geofli avatar Jul 02 '20 14:07 geofli

As discussed in https://github.com/google/OpenSK/issues/126 , UTF8 tests will be informative for CTAP2.0, whereas CTAP2.1 more thoroughly defines correct behavior.

kaczmarczyck avatar Jul 06 '20 07:07 kaczmarczyck