[fix] Cred number must be set to 1 when credential is chosen SK-side

LedgerHQ · Nov 6, 2024 · 85263f0 · 85263f0
1 parent c84ead4
commit 85263f0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/src/ctap2/get_assertion/get_assertion_ui.c b/src/ctap2/get_assertion/get_assertion_ui.c
@@ -65,10 +65,11 @@ static void ctap_ux_on_user_choice(bool confirm, uint16_t idx) {
     ctap2UxState = CTAP2_UX_STATE_NONE;
 
     if (confirm) {
-        // As the choice is made authenticator-side, according to the spec SK should display 1 and
-        // only 1 matching credential. This will prevent the client to call getNextAssertion to
-        // discover more credentials.
-        globals_get_ctap2_assert_data()->availableCredentials = 1;
+        // As the choice is made authenticator-side, according to the spec SK should not let the
+        // client being aware of additional credentials. This will prevent the client to call
+        // getNextAssertion to discover more credentials.
+        globals_get_ctap2_assert_data()->availableCredentials =
+            MIN(globals_get_ctap2_assert_data()->availableCredentials, 1);
         get_assertion_confirm(idx);
 #ifdef HAVE_NBGL
         app_nbgl_status("Login request signed", true, ui_idle);

diff --git a/src/ctap2/get_assertion/get_assertion_utils.c b/src/ctap2/get_assertion/get_assertion_utils.c
@@ -229,7 +229,7 @@ static int sign_and_encode_authData(cbipEncoder_t *encoder,
     uint32_t signatureLength;
     int status;
 
-    PRINTF("Data to sign (szie %d) %.*H\n", authDataLen, authDataLen, authData);
+    PRINTF("Data to sign (size %d) %.*H\n", authDataLen, authDataLen, authData);
 
     // Add client data hash for the attestation.
     // We consider we can add it after authData.