11/*
2- * Copyright (C) 2025 KeePassXC Team <team@keepassxc.org>
2+ * Copyright (C) 2026 KeePassXC Team <team@keepassxc.org>
33 *
44 * This program is free software: you can redistribute it and/or modify
55 * it under the terms of the GNU General Public License as published by
@@ -77,7 +77,7 @@ const QString PublicKeyCredential = R"(
7777 "id": "yrzFJ5lwcpTwYMOdXSmxF5b5cYQlqBMzbbU_d-oFLO8",
7878 "rawId": "cabcc52799707294f060c39d5d29b11796f9718425a813336db53f77ea052cef",
7979 "response": {
80- "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFAAAAAP2xQbJdhEQ -ijVGmMIFpQIAIMq8xSeZcHKU8GDDnV0psReW-XGEJagTM221P3fqBSzvpQECAyYgASFYIHK1iVimeR02UYipyiEKrKhhfhJRMew8EbDWGKtMZ2wUIlggbtZ70X11SLx17QFDWVAR3_qqk5OqrRS--Whc7hyw9YU",
80+ "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBdAAAAAP2xQbJdhEQ -ijVGmMIFpQIAIMq8xSeZcHKU8GDDnV0psReW-XGEJagTM221P3fqBSzvpQECAyYgASFYIHK1iVimeR02UYipyiEKrKhhfhJRMew8EbDWGKtMZ2wUIlggbtZ70X11SLx17QFDWVAR3_qqk5OqrRS--Whc7hyw9YU",
8181 "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoibFZlSHpWeFdzcjhNUXhNa1pGMHRpNkZYaGRnTWxqcUt6Z0EtcV96azJNbmlpM2VKNDdWRjk3c3FVb1lrdFZDODVXQVoxdUlBU20tYV9sREZad3NMZnciLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ"
8282 },
8383 "type": "public-key"
@@ -185,6 +185,8 @@ void TestPasskeys::testDecodeResponseData()
185185 QCOMPARE (authData[" rpIdHash" ].toString (), QString (" dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA" ));
186186 QCOMPARE (flags[" AT" ], true );
187187 QCOMPARE (flags[" UP" ], true );
188+ QCOMPARE (flags[" BE" ], true );
189+ QCOMPARE (flags[" BS" ], true );
188190 QCOMPARE (publicKey[" 1" ], 2 );
189191 QCOMPARE (publicKey[" 3" ], -7 );
190192 QCOMPARE (publicKey[" -1" ], 1 );
@@ -285,13 +287,18 @@ void TestPasskeys::testCreatingAttestationObjectWithEC()
285287 result,
286288 QString (" \xA3 "
287289 " cfmtdnonegattStmt\xA0 hauthDataX\xA4 t\xA6\xEA\x92\x13\xC9\x9C /t\xB2 $\x92\xB3 \xCF @&*\x94\xC1\xA9 P\xA0 "
288- " 9\x7F )%\x0B `\x84\x1E\xF0 "
289- " E\x00\x00\x00\x01\x01\x02\x03\x04\x05\x06\x07\b\x01\x02\x03\x04\x05\x06\x07\b\x00 \x8B\xB0\xCA "
290- " 6\x17\xD6\xDE\x01\x11 |\xEA\x94\r\xA0 R\xC0\x80 _\xF3 r\xFB r\xB5\x02\x03 :"
291- " \xBA r\x0F i\x81\xFE\xA5\x01\x02\x03 & \x01 !X "
292- " e\xE2\xF2\x1F :cq\xD3 G\xEA\xE0\xF7\x1F\xCF\xFA\\\xAB O\xF6\x86\x88\x80\t\xAE\x81\x8B T\xB2\x9B\x15\x85 ~"
293- " \" X \\\x8E\x1E @\xDB\x97 T-\xF8\x9B\xB0\xAD "
294- " 5\xDC\x12 ^\xC3\x95\x05\xC6\xDF ^\x03\xCB\xB4 Q\x91\xFF |\xDB\x94\xB7 " ));
290+ " 9\x7F )%\x0B `\x84\x1E\xF0 ]\x00\x00\x00\x00\xFD\xB1 "
291+ " A\xB2 ]\x84 "
292+ " D>\x8A "
293+ " 5F\x98\xC2\x05\xA5\x02\x00 \xCA\xBC\xC5 '\x99 pr\x94\xF0 `\xC3\x9D ])\xB1\x17\x96\xF9 q\x84 %\xA8\x13 "
294+ " 3m\xB5 ?w\xEA\x05 ,\xEF\xA5\x01\x02\x03 & \x01 !X \x06\xEC\xAF "
295+ " 4[b\x91 "
296+ " am\x19 Y\x03\xA6 P*\xCA "
297+ " 1\xC4\x95\xA8 i\xE5\xF0\x87\xE5\xD4\xB8 "
298+ " 2\xCD\b\x85\xDD\" X \xE2\xEE\x7F\xE9\x0F\x0E\xE9\x1D\x07\x83 J\x03\t\xDB "
299+ " B$\xB1\x0B\xD3 %\xFF\x18 "
300+ " 2\xE1 S\x99\xB7\x1D "
301+ " B\x04\xE7\x83 " ));
295302
296303 // Double check that the result can be decoded
297304 BrowserCbor browserCbor;
@@ -312,6 +319,8 @@ void TestPasskeys::testCreatingAttestationObjectWithEC()
312319 QCOMPARE (authData[" rpIdHash" ].toString (), QString (" dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA" ));
313320 QCOMPARE (flags[" AT" ], true );
314321 QCOMPARE (flags[" UP" ], true );
322+ QCOMPARE (flags[" BE" ], true );
323+ QCOMPARE (flags[" BS" ], true );
315324 QCOMPARE (publicKey[" 1" ], WebAuthnCoseKeyType::EC2);
316325 QCOMPARE (publicKey[" 3" ], WebAuthnAlgorithms::ES256);
317326 QCOMPARE (publicKey[" -1" ], 1 );
@@ -368,6 +377,8 @@ void TestPasskeys::testCreatingAttestationObjectWithRSA()
368377 QCOMPARE (authData[" rpIdHash" ].toString (), QString (" dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA" ));
369378 QCOMPARE (flags[" AT" ], true );
370379 QCOMPARE (flags[" UP" ], true );
380+ QCOMPARE (flags[" BE" ], true );
381+ QCOMPARE (flags[" BS" ], true );
371382 QCOMPARE (publicKey[" 1" ], WebAuthnCoseKeyType::RSA);
372383 QCOMPARE (publicKey[" 3" ], WebAuthnAlgorithms::RS256);
373384 QCOMPARE (publicKey[" -1" ], predefinedModulus);
@@ -438,14 +449,14 @@ void TestPasskeys::testGet()
438449 QCOMPARE (publicKeyCredential[" id" ].toString (), id);
439450
440451 auto response = publicKeyCredential[" response" ].toObject ();
441- QCOMPARE (response[" authenticatorData" ].toString (), QString (" dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvAFAAAAAA " ));
452+ QCOMPARE (response[" authenticatorData" ].toString (), QString (" dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvAdAAAAAA " ));
442453 QCOMPARE (response[" clientDataJSON" ].toString (),
443454 QString (" eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiOXozNnZUZlFUTDk1TGY3V25aZ3l0ZTdvaEdlRi1YUmlMeGtML"
444455 " Ux1R1Uxem9wUm1NSVVBMUxWd3pHcHlJbTFmT0JuMVFuUmEwUUgyN0FEQWFKR0h5c1EiLCJvcmlnaW4iOiJodHRwczovL3dlYm"
445456 " F1dGhuLmlvIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ" ));
446457 QCOMPARE (
447458 response[" signature" ].toString (),
448- QString (" MEYCIQCpbDaYJ4b2ofqWBxfRNbH3XCpsyao7Iui5lVuJRU9HIQIhAPl5moNZgJu5zmurkKK_P900Ct6wd3ahVIqCEqTeeRdE " ));
459+ QString (" MEUCIQCvg3nXO2fiNK9ockxscgPtoM9_u6ERaW2-F1L99YasOAIgNhYOjPJyKJ-W8roV531kC59ss1USas7jy8TfRnbJLtg " ));
449460
450461 auto clientDataJson = response[" clientDataJSON" ].toString ();
451462 auto clientDataByteArray = browserMessageBuilder ()->getArrayFromBase64 (clientDataJson);
0 commit comments