What is going on in F-2 Send ServerAuthenticatorAttestationResponse with SELF "packed" attestation, that contains full attestation, and check that server returns an error

[dawid-nowak]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email [email protected]

What protocol and version of the protocol are you testing?

UAF/U2F/FIDO2 v1.0/v1.1/v1.2
FIDO2

What is your implementation class?

Server/Client/ASM+Authr

What is the version of the tool are you using?

FIDO Conformance Tools v0.10.108 (BETA)((BETA) FIDO2 )

What is the OS and the version are you running?

Windows 7

Issue description

Not entirely sure what is the purpose of that test. x5c is present which would indicate not self-surrogate attestation. All checks seem to pass as well.

[yackermann]

@dawid-nowak Replied in the email

[aseigler]

What was the answer to this? This conformance test is not clear as to what is being looked for.

[dawid-nowak]

@aseigler @herrjemand Yeah, I am glad it wasn't just me :)
The metadata for this authenticator is indicating that the SELF attestation is in use, therefore, FULL attestation which contains full certificate chain can't be verified.

[aseigler]

I haven't finished plumbing in the metadata, so that would certainly explain it. This would be the only test outside of the metadata tests that requires metadata. I would suggest moving it to the metadata test section and check for other similar conditions as well in that area.

[ynojima]

I faced the same issue. I agree with aseigler.

[yackermann]

@aseigler Every single make credential test requires metadata. You download them by pressing "download metadata" button