Skip to content

Commit

Permalink
Always verify UP bit in RP ops
Browse files Browse the repository at this point in the history 
As pointed out by @akshayku, recent drafts of CTAP now support this.
  • Loading branch information
@emlun
emlun committed Apr 4, 2018
1 parent 5b026ad commit a462471
Showing 1 changed file with 4 additions and 6 deletions.
10 changes: 4 additions & 6 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2880,12 +2880,11 @@ When registering a new credential, represented by an {{AuthenticatorAttestationR

1. Verify that the [=RP ID=] hash in |authData| is indeed the SHA-256 hash of the [=RP ID=] expected by the RP.

1. Verify that the [=User Present=] bit of the <code>[=flags=]</code> in |authData| is set.

1. If [=user verification=] is required for this registration, verify that the [=User Verified=] bit of the <code>[=flags=]</code>
in |authData| is set.

1. If the [=User Verified=] bit of the <code>[=flags=]</code> in |authData| is not set, verify that the [=User Present=] bit of
the <code>[=flags=]</code> in |authData| is set.

1. Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension
outputs=] in the <code>[=authdataextensions|extensions=]</code> in |authData| are as expected, considering the [=client
extension input=] values that were given as the {{PublicKeyCredentialCreationOptions/extensions}} option in the
Expand Down Expand Up @@ -2991,12 +2990,11 @@ When verifying a given {{PublicKeyCredential}} structure (|credential|) and an {

1. Verify that the <code>[=rpIdHash=]</code> in |aData| is the SHA-256 hash of the [=RP ID=] expected by the [=[RP]=].

1. Verify that the [=User Present=] bit of the <code>[=flags=]</code> in |authData| is set.

1. If [=user verification=] is required for this assertion, verify that the [=User Verified=] bit of the <code>[=flags=]</code> in
|aData| is set.

1. If the [=User Verified=] bit of the <code>[=flags=]</code> in |authData| is not set, verify that the [=User Present=] bit of
the <code>[=flags=]</code> in |authData| is set.

1. Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension
outputs=] in the <code>[=authdataextensions|extensions=]</code> in |authData| are as expected, considering the [=client
extension input=] values that were given as the {{PublicKeyCredentialRequestOptions/extensions}} option in the
Expand Down

0 comments on commit a462471

Please sign in to comment.