Library does not check algorithm in specific case. #248

lightpurple · 2022-08-12T07:46:33Z

We developed Server using simpleWebAuthn(5.4.2) library. Test by FIDO Conformance Tools 1.7.2

And I found that library no algorithm check when the fmt value is 'packed' and the x5c value exists.

So there are successful cases even if the algorithm value not allowed in the fido2. ex) alg = -42

Can you give some suggestions to solve this?

The text was updated successfully, but these errors were encountered:

MasterKale · 2022-08-14T19:17:45Z

Thanks for reporting this, I have a fix for it out in #251. I'll merge it later today and release this with the fix for #247.

MasterKale · 2022-08-16T03:39:57Z

The fix for this is now available in @simplewebauthn/[email protected].

MasterKale mentioned this issue Aug 14, 2022

fix/metadata-attstmt-alg-check #251

Merged

MasterKale closed this as completed in #251 Aug 15, 2022

MasterKale mentioned this issue Aug 15, 2022

Re-implement optional user presence #253

Closed

lightpurple changed the title ~~Do not check algorithm in specific case.~~ Library Does not check algorithm in specific case. Aug 21, 2022

lightpurple changed the title ~~Library Does not check algorithm in specific case.~~ Library does not check algorithm in specific case. Aug 21, 2022

Provide feedback