Inconsistent Serialization/Deserialization Behavior with Empty Extension Data in attestation.rs
dangfan opened this issue · 1 comments
In the process of deserializing AuthenticatorData
within attestation.rs
, it is observed that when the flags
indicate an extension, and upon parsing the cbor
map, it is found to be empty, this empty map is saved. However, during serialization, the presence of an empty map leads to the omission of the extension
field, while the flags
still indicate the presence of an extension. This inconsistency results in AuthenticatorData
read in Firefox being one byte shorter than what is saved in cbor
.
According to CTAP 2 specifications, it states: "If the authenticator does not include any extension data, it MUST set the ED flag to zero, and to one if extension data is included." I am uncertain whether an empty map qualifies as legal extension data, but for better compatibility, I suggest that authenticator-rs
supports this behavior.
Thanks for the report!