tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit f6c9a6d5497b4768648ac119fa568e10c9493558
parent 47aa4a24ba2dc325b254112f2c571644cf1d62fa
Author: John M. Schanck <jschanck@mozilla.com>
Date:   Mon, 10 Nov 2025 18:16:08 +0000

Bug 1998548 - return all supported transports in WebAuthn attestation response on Windows. r=keeler

Differential Revision: https://phabricator.services.mozilla.com/D271525

Diffstat:

Mdom/webauthn/WebAuthnResult.h | 37+++++++++++++++++++++++--------------


1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/dom/webauthn/WebAuthnResult.h b/dom/webauthn/WebAuthnResult.h
@@ -139,25 +139,34 @@ class WebAuthnRegisterResult final : public nsIWebAuthnRegisterResult {
       }
     }
 
-    if (aResponse->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3) {
-      if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_USB) {
-        mTransports.AppendElement(u"usb"_ns);
-      }
-      if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_NFC) {
-        mTransports.AppendElement(u"nfc"_ns);
-      }
-      if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_BLE) {
-        mTransports.AppendElement(u"ble"_ns);
-      }
-      if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_INTERNAL) {
-        mTransports.AppendElement(u"internal"_ns);
-      }
+    DWORD transports = 0;
+    if (aResponse->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8) {
+      // The dwTransports field added in version 8 lists all supported
+      // transports, whereas the dwUsedTransport available since version 3 only
+      // returns the transport that was used.
+      transports = aResponse->dwTransports;
+    } else if (aResponse->dwVersion >=
+               WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3) {
+      transports = aResponse->dwUsedTransport;
+    }
+
+    if (transports & WEBAUTHN_CTAP_TRANSPORT_USB) {
+      mTransports.AppendElement(u"usb"_ns);
+    }
+    if (transports & WEBAUTHN_CTAP_TRANSPORT_NFC) {
+      mTransports.AppendElement(u"nfc"_ns);
+    }
+    if (transports & WEBAUTHN_CTAP_TRANSPORT_BLE) {
+      mTransports.AppendElement(u"ble"_ns);
+    }
+    if (transports & WEBAUTHN_CTAP_TRANSPORT_INTERNAL) {
+      mTransports.AppendElement(u"internal"_ns);
     }
     // WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 corresponds to
     // WEBAUTHN_API_VERSION_6 which is where WEBAUTHN_CTAP_TRANSPORT_HYBRID was
     // defined.
     if (aResponse->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5) {
-      if (aResponse->dwUsedTransport & WEBAUTHN_CTAP_TRANSPORT_HYBRID) {
+      if (transports & WEBAUTHN_CTAP_TRANSPORT_HYBRID) {
         mTransports.AppendElement(u"hybrid"_ns);
       }
     }