Fix encoding of allowList in CTAP1

Yubico · Jan 20, 2025 · b7804ac · b7804ac
1 parent d116d9d
commit b7804ac
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/fido2/client/__init__.py b/fido2/client/__init__.py
@@ -445,7 +445,9 @@ def do_get_assertion(
                     app_param,
                     cred.id,
                 )
-                assertions = [AssertionResponse.from_ctap1(app_param, cred, auth_resp)]
+                assertions = [
+                    AssertionResponse.from_ctap1(app_param, _as_cbor(cred), auth_resp)
+                ]
                 return AssertionSelection(client_data, assertions)
             except ClientError as e:
                 if e.code == ClientError.ERR.TIMEOUT:

diff --git a/tests/device/conftest.py b/tests/device/conftest.py
@@ -1,5 +1,6 @@
 from fido2.hid import CtapHidDevice, list_descriptors, open_connection, open_device
 from fido2.cose import CoseKey
+from fido2.hid import CAPABILITY
 from fido2.ctap2 import Ctap2
 from fido2.ctap2.pin import ClientPin, PinProtocolV1, PinProtocolV2
 from fido2.ctap2.credman import CredentialManagement
@@ -47,9 +48,10 @@ def __init__(self, printer, reader_name):
             self._reader = None
             self._dev = self._select()
 
-        options = self.ctap2.info.options
-        if options.get("clientPin") or options.get("uv"):
-            pytest.exit("Authenticator must be in a newly-reset state!")
+        if self.has_ctap2():
+            options = Ctap2(self.device).info.options
+            if options.get("clientPin") or options.get("uv"):
+                pytest.exit("Authenticator must be in a newly-reset state!")
 
         self.setup()
 
@@ -145,9 +147,14 @@ def _connect():
     def device(self):
         return self._dev
 
+    def has_ctap2(self):
+        return self.device.capabilities & CAPABILITY.CBOR
+
     @property
     def ctap2(self):
-        return Ctap2(self.device)
+        if self.has_ctap2():
+            return Ctap2(self.device)
+        pytest.skip("Authenticator does not support CTAP 2")
 
     @property
     def info(self):
@@ -217,7 +224,7 @@ def factory_reset(self, setup=False):
             self.setup()
 
     def setup(self):
-        if ClientPin.is_supported(self.info):
+        if self.has_ctap2() and ClientPin.is_supported(self.info):
             ClientPin(self.ctap2).set_pin(TEST_PIN)
 
 
@@ -238,7 +245,8 @@ def dev_manager(pytestconfig, printer):
     yield manager
 
     # after the test, reset the device
-    manager.factory_reset()
+    if manager.has_ctap2():
+        manager.factory_reset()
 
 
 @pytest.fixture