Skip to content

Commit

Permalink
Merge pull request #849 from w3c/issue-848-rp-up-verification
Browse files Browse the repository at this point in the history 
Fix #848: Weirdness in RP UP verification
  • Loading branch information
@emlun
emlun committed May 2, 2018
2 parents da1d21d + 2dabcf8 commit c22b1ac
Showing 1 changed file with 4 additions and 6 deletions.
10 changes: 4 additions & 6 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2914,12 +2914,11 @@ When registering a new credential, represented by an {{AuthenticatorAttestationR

1. Verify that the [=RP ID=] hash in |authData| is indeed the SHA-256 hash of the [=RP ID=] expected by the RP.

1. Verify that the [=User Present=] bit of the <code>[=flags=]</code> in |authData| is set.

1. If [=user verification=] is required for this registration, verify that the [=User Verified=] bit of the <code>[=flags=]</code>
in |authData| is set.

1. If [=user verification=] is not required for this registration, verify that the [=User Present=] bit of the
<code>[=flags=]</code> in |authData| is set.

1. Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension
outputs=] in the <code>[=authdataextensions|extensions=]</code> in |authData| are as expected, considering the [=client
extension input=] values that were given as the {{PublicKeyCredentialCreationOptions/extensions}} option in the
Expand Down Expand Up @@ -3025,12 +3024,11 @@ When verifying a given {{PublicKeyCredential}} structure (|credential|) and an {

1. Verify that the <code>[=rpIdHash=]</code> in |aData| is the SHA-256 hash of the [=RP ID=] expected by the [=[RP]=].

1. Verify that the [=User Present=] bit of the <code>[=flags=]</code> in |aData| is set.

1. If [=user verification=] is required for this assertion, verify that the [=User Verified=] bit of the <code>[=flags=]</code> in
|aData| is set.

1. If [=user verification=] is not required for this assertion, verify that the [=User Present=] bit of the <code>[=flags=]</code>
in |aData| is set.

1. Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension
outputs=] in the <code>[=authdataextensions|extensions=]</code> in |authData| are as expected, considering the [=client
extension input=] values that were given as the {{PublicKeyCredentialRequestOptions/extensions}} option in the
Expand Down

0 comments on commit c22b1ac

Please sign in to comment.