[webkit-changes] [WebKit/WebKit] 303a79: [WebAuthn] Adjustments to PRF to match forward dec...

Sat, 06 Dec 2025 13:41:42 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 303a79e4d23ddc2a1f8338731882af60ce8dcd96
      
https://github.com/WebKit/WebKit/commit/303a79e4d23ddc2a1f8338731882af60ce8dcd96
  Author: Pascoe <[email protected]>
  Date:   2025-12-06 (Sat, 06 Dec 2025)

  Changed paths:
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html
    M Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp
    M Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
    M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
    M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.h
    M Source/WebCore/Modules/webauthn/fido/Pin.cpp
    M Source/WebCore/Modules/webauthn/fido/Pin.h
    M Source/WebKit/Modules/OSX_Private.modulemap
    M Source/WebKit/Modules/iOS_Private.modulemap
    M 
Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientInputs.h
    M 
Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientInputs.mm
    M 
Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientOutputs.mm
    M Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidService.mm
    M 
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm
    M Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidService.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
    M Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp
    M Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm

  Log Message:
  -----------
  [WebAuthn] Adjustments to PRF to match forward declarations and spec
rdar://165935406
https://bugs.webkit.org/show_bug.cgi?id=303653

Reviewed by Brent Fulgham.

This patch is required to match certain internal requirements for
forward declarations. It also fixes some cases where we didn't
meet spec behavior for things like PRF requiring user verification
and evalByCredential.

I had to remove a test that needs to be reworked to accept pin entry,
but verified with physical key.

Tests: Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp
       Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm

* 
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt:
* 
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html:
* Source/WebCore/Modules/webauthn/AuthenticationExtensionsClientInputs.cpp:
(WebCore::AuthenticationExtensionsClientInputs::toCBOR const):
* Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h:
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp:
(fido::encodeMakeCredentialRequestAsCBOR):
(fido::encodeGetAssertionRequestAsCBOR):
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h:
* Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp:
(fido::parseAuthenticatorDataExtensions):
(fido::readCTAPMakeCredentialResponse):
(fido::readCTAPGetAssertionResponse):
* Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.h:
* Source/WebCore/Modules/webauthn/fido/Pin.cpp:
(fido::pin::HmacSecretRequest::create):
* Source/WebCore/Modules/webauthn/fido/Pin.h:
* Source/WebKit/Modules/OSX_Private.modulemap:
* Source/WebKit/Modules/iOS_Private.modulemap:
* Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientInputs.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientInputs.mm:
(-[_WKAuthenticationExtensionsClientInputs dealloc]):
(-[_WKAuthenticationExtensionsClientInputs copyWithZone:]):
(-[_WKAuthenticationPRFInputValues dealloc]):
(-[_WKAuthenticationPRFInputValues copyWithZone:]):
(-[_WKAuthenticationExtensionsLargeBlobInputs dealloc]):
* Source/WebKit/UIProcess/API/Cocoa/_WKAuthenticationExtensionsClientOutputs.mm:
(-[_WKAuthenticationExtensionsClientOutputs dealloc]):
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
(authenticationExtensionsClientInputs):
(wkAuthenticationExtensionsClientOutputs):
(wkAuthenticatorAttestationResponse):
(wkAuthenticatorAssertionResponse):
(+[_WKWebAuthenticationPanel 
encodeMakeCredentialCommandWithClientDataJSON:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel 
encodeGetAssertionCommandWithClientDataJSON:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel 
encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
(+[_WKWebAuthenticationPanel 
encodeMakeCredentialCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedCredentialParameters:]):
(+[_WKWebAuthenticationPanel 
encodeGetAssertionCommandWithClientDataHash:options:userVerificationAvailability:authenticatorSupportedExtensions:]):
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidService.mm:
(WebKit::CcidService::updateSlots):
* 
Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
(WebKit::WebAuthenticatorCoordinatorProxy::performRequest):
* Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidService.cpp:
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::continueSilentlyCheckCredentials):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
(WebKit::CtapAuthenticator::continueGetAssertionAfterCheckAllowCredentials):
(WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):
(WebKit::CtapAuthenticator::continueGetNextAssertionAfterResponseReceived):
(WebKit::CtapAuthenticator::continueRequestPinAfterGetKeyAgreement):
(WebKit::CtapAuthenticator::prepareHmacSecretParameters):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
* Tools/TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp:
(TestWebKitAPI::TEST(CTAPRequestTest, TestConstructMakeCredentialRequestParam)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestParamNoUVNoRK)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestParamUVRequiredButNotSupported)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestParamWithPin)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestRKPreferred)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestRKPreferredNotSupported)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestRKDiscouraged)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestWithLargeBlob)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestWithUnsupportedLargeBlob)):
(TestWebKitAPI::TEST(CTAPRequestTest, TestConstructGetAssertionRequest)):
(TestWebKitAPI::TEST(CTAPRequestTest, TestConstructGetAssertionRequestNoUV)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructGetAssertionRequestUVRequiredButNotSupported)):
(TestWebKitAPI::TEST(CTAPRequestTest, TestConstructGetAssertionRequestWithPin)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructGetAssertionRequestLargeBlobRead)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructGetAssertionRequestUnsupportedLargeBlobRead)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructGetAssertionRequestLargeBlobWrite)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructGetAssertionRequestWithHmacSecret)):
(TestWebKitAPI::TEST(CTAPRequestTest, 
TestConstructMakeCredentialRequestWithHmacSecret)):
* Tools/TestWebKitAPI/Tests/WebCore/CtapResponseTest.cpp:
(TestWebKitAPI::TEST(CTAPResponseTest, 
TestReadGetAssertionResponseWithHmacSecret)): Deleted.
(TestWebKitAPI::TEST(CTAPResponseTest, 
TestReadGetAssertionResponseWithHmacSecret64)): Deleted.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
(TestWebKitAPI::TEST(WebAuthenticationPanel, MakeCredentialLA)):
(TestWebKitAPI::TEST(WebAuthenticationPanel, 
MakeCredentialLAClientDataHashMediation)):
(TestWebKitAPI::TEST(WebAuthenticationPanel, GetAssertionLA)):
(TestWebKitAPI::TEST(WebAuthenticationPanel, 
GetAssertionLAClientDataHashMediation)):

Canonical link: https://commits.webkit.org/304064@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to