Add hmac-secret-mc CTAP 2.2 extension for PRF at MakeCredential time

[Copilot]

Adds support for the hmac-secret-mc CTAP 2.2 extension, enabling PRF evaluation during credential registration rather than requiring a subsequent GetAssertion roundtrip.

Shared PRF→HMAC logic

• Extracted prf_value_to_hmac_input() and CalculatedHMACGetSecretInput into a dedicated proto::extensions::prf module, shared between GetAssertion (hmac-secret) and MakeCredential (hmac-secret-mc)
• Added Deserialize to PRFValue with proper default serde attributes for JSON/CBOR deserialization support

CTAP request layer

• Added hmac-secret-mc field (Option<CalculatedHMACGetSecretInput>) to Ctap2MakeCredentialsRequestExtensions, reusing the same wire format as hmac-secret in GetAssertion
• Added calculate_hmac_secret_mc() — mirrors calculate_hmac() from GetAssertion: encrypts PRF-derived salts with the ECDH shared secret
• MC follows the same internal pattern as GA: prf_input stored internally (#[serde(skip)]), calculated after user verification using the shared prf_value_to_hmac_input()

Shared secret negotiation

• Updated needs_shared_secret() for Ctap2MakeCredentialRequest to return true when the authenticator advertises hmac-secret-mc and PRF eval input is present — per @msirringhaus's note on PR Allow for shared secret to be created even if no PIN is set on the device #146

CTAP response layer

• Added hmac-secret-mc field (Option<Ctap2HMACGetSecretOutput>) to Ctap2MakeCredentialsResponseExtensions
• Response decryption reuses existing decrypt_output() infrastructure

WebAuthn-level types

• MakeCredentialPrfInput: uses eval: Option<PRFValue> with proper serde support for both JSON and binary deserialization
• MakeCredentialPrfOutput: added results: Option<PRFValue> to carry decrypted PRF output

Orchestration

• _webauthn_make_credential_fido2 now calls calculate_hmac_secret_mc() after user verification and passes auth_data through to response processing for decryption

Usage

let extensions = MakeCredentialsRequestExtensions {
    prf: Some(MakeCredentialPrfInput {
        eval: Some(PRFValue { first: [1u8; 32], second: None }),
    }),
    ..Default::default()
};
// Response will include prf.results if authenticator supports hmac-secret-mc

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Extensions: hmac-secret-mc</issue_title>
<issue_description>* Add support for hmac-secret-mc (spec link) CTAP extension

• Support PRF at MakeCredential time, backed by said extension

Note: See @msirringhaus's comment on updating needs_shared_secret for MC: #146 (comment)</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Extensions: hmac-secret-mc #147

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[kalvdans]

Don't create a PR until you have some changes to show.

[AlfioEmanueleFresta]

Please address the comments. You now have access to fetch the FIDO specs, so you can try those requests again.

[AlfioEmanueleFresta]

You should reuse the existing HMAC <-> PRF logic (eg. Ctap2GetAssertionRequestExtensions.prf_to_hmac_input), refactoring it so it can be shared across MC and GA.

[Copilot]

Extracted prf_value_to_hmac_input as a shared pub(crate) function in get_assertion.rs that both GA's prf_to_hmac_input and MC's from_webauthn_request now call. Removed the duplicate prf_eval_to_hmac_input from MC. See commit 2ea1691.

[AlfioEmanueleFresta]

You do not need to keep the old _eval value. You can break compatibility with old libwebauthn versions.

[Copilot]

Removed _eval: Option<JsonValue> entirely. MakeCredentialPrfInput now has just eval: Option<PRFValue> with proper Deserialize support. Added Deserialize to PRFValue so it works for both JSON and binary deserialization paths. See commit 2ea1691.

[Copilot]

Please address the comments. You now have access to fetch the FIDO specs, so you can try those requests again.

All three review comments addressed in commits 2ea1691 and 1d0e025:

1. Shared prf_value_to_hmac_input function for GA and MC
2. Consistent MC implementation following GA patterns
3. Removed _eval, using typed eval: Option<PRFValue> with proper serde support

All 112 tests pass.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• fidoalliance.org
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[AlfioEmanueleFresta]

Can you move this to its own module, as it's not get_assertion specific. proto::extensions::prf, maybe.

[Copilot]

Moved prf_value_to_hmac_input and CalculatedHMACGetSecretInput to proto::extensions::prf module. Both get_assertion.rs and make_credential.rs now import from crate::proto::extensions::prf. See commit 8395abe.

[AlfioEmanueleFresta]

Modify this test to actually include PRF evaluation.

[Copilot]

Updated the test to include PRF eval values (first: [1; 32]) in the MakeCredentialPrfInput. The virtual authenticator doesn't support hmac-secret-mc, so the result is still None, but the eval input is now exercised through the code path. See commit 8395abe.

[AlfioEmanueleFresta]

Constructor seems unnecessary.

[Copilot]

Removed the constructor. See commit 8395abe.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.