Dynamic factor keys for crypto4

[romanstrobl]

Description

New validations for protocol version 4 (e.g. pa_activation.version is 4):

• If signature contains biometric component, then such signature should be rejected if pa_activation.biometric_factor_enabled is false.

• If signature contains biometric component and pa_activation.biometric_factor_index is different than biometric_factor_index_next:

  1. At first, try to validate signature with key derived with using biometric_factor_index. If OK, then do nothing and accept signature.
  2. Try to validate signature with key derived with biometric_factor_index_next. If match, then set pa_activation.biometric_factor_index to pa_activation.biometric_factor_index_next

• If signature contains knowledge component and pa_activation.knowledge_factor_index is different than knowledge_factor_index_next:

  1. At first, try to validate signature with key derived with using knowledge_factor_index. If OK, then do nothing and accept signature
  2. Try to validate signature with key derived with pa_activation.knowledge_factor_index_next. If match, then set pa_activation.knowledge_factor_index to pa_activation.knowledge_factor_index_next

Acceptance criteria

No response

Technical specification

No response

QA specification

No response

JIRA issue code

No response