Fails when a CTAP2 authenticator advertises Ed25519 algorithms in `GetInfo`

[pando85]

There appears to be a compatibility issue in the Firefox / authenticator-rs stack when a CTAP2 authenticator advertises Ed25519-related COSE algorithms in authenticatorGetInfo.algorithms.

Observed behavior

• If the authenticator advertises only -7 (ES256), registration succeeds.
• If the authenticator advertises -19 (Ed25519), registration fails.
• If the authenticator advertises -8 (EdDSA) and -19, registration also fails.
• The failure is reported as U2FToken(NotAllowed).
• Chrome succeeds with the same authenticator and the same advertised algorithms.

Minimal matrix

• algorithms = [-7] -> works
• algorithms = [-7, -19] -> fails in Firefox/authenticator-rs
• algorithms = [-7, -8, -19] -> fails in Firefox/authenticator-rs

Why this looks incorrect

• The failure depends on the advertised algorithm list in GetInfo.
• The authenticator can otherwise handle Ed25519-related requests correctly.
• Other clients do not fail in the same configuration.
• This suggests Firefox/authenticator-rs is rejecting or mishandling the authenticator based on advertised algorithms rather than the actual request/response flow.

Environment

• Linux
• CTAP2 authenticator exposed through UHID/hidraw

Current workaround

• Advertise only -7 (ES256) in authenticatorGetInfo.algorithms
• Still accept -8 / -19 during makeCredential

That workaround avoids the Firefox/authenticator-rs failure while still allowing clients that request Ed25519-related algorithms during enrollment.