CTAP 2.2

[AdamVe]

Adds support for new CTAP2.2 features

• exposes new deviceInfo fields
• implements support for PPUAT and encIdentifier
• implements hmac-secret-mc extension processing
• implements thirdPartyPayment extension processing

[Copilot]

Pull Request Overview

Adds full CTAP 2.2 support, including new authenticator info fields, PPUAT/encIdentifier, hmac-secret-mc, and third-party-payment extensions. Test suites and integration tests are updated or split to cover both legacy and new behaviors.

• Update Ctap2Session to implement CTAP 2.2 (new info fields, encIdentifier decryption, updated CBOR link refs)
• Extend CredentialManagement and ClientPin APIs for read-only management and new PIN permissions
• Implement and test hmac-secret-mc and third-party-payment extensions; adjust integration tests

Reviewed Changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
fido/src/main/java/com/yubico/yubikit/fido/ctap/Ctap2Session.java	Bump to CTAP2.2, add encIdentifier support and related getters
fido/src/main/java/com/yubico/yubikit/fido/ctap/CredentialManagement.java	Add isReadonlySupported for per-credential read-only management
fido/src/main/java/com/yubico/yubikit/fido/ctap/ClientPin.java	Add new PIN_PERMISSION_PCMR
fido/src/main/java/com/yubico/yubikit/fido/client/extensions/HmacSecretExtension.java	Extend to handle hmac-secret-mc alongside PRF
fido/src/main/java/com/yubico/yubikit/fido/client/extensions/ThirdPartyPaymentExtension.java	New third-party-payment extension implementation
testing/src/main/java/com/yubico/yubikit/testing/fido/extensions/*ExtensionTests.java	Split and add tests for new extension modes (rk vs non-rk)
testing-desktop/src/integrationTest/java/com/yubico/yubikit/testing/desktop/fido/*InstrumentedTests.java	Update suites to run new tests (testPrfHmacSecretMc, testReadOnly)
testing-android/src/androidTest/java/com/yubico/yubikit/testing/fido/*InstrumentedTests.java	Mirror desktop integration test updates

Comments suppressed due to low confidence (3)

fido/src/main/java/com/yubico/yubikit/fido/ctap/Ctap2Session.java:1175

• The class uses Hkdf and later StringUtils without importing them, causing compilation errors. Please add the correct imports (e.g., com.yubico.yubikit.core.crypto.Hkdf and your project’s StringUtils).

Hkdf hkdf = new Hkdf("HmacSHA256");

testing/src/main/java/com/yubico/yubikit/testing/fido/extensions/HmacSecretExtensionTests.java:96

• The variable extensions is not defined in this test class, leading to a compile error. Define a static list of extensions (e.g., List<Extension> extensions = Collections.singletonList(new HmacSecretExtension(true));) or pass the correct variable to ClientHelper.

final ClientHelper client = new ClientHelper(session, extensions);

testing/src/main/java/com/yubico/yubikit/testing/fido/extensions/PrfExtensionTests.java:72

• Creating ClientHelper without the extensions list means the PRF extension won’t be applied during the test. Use new ClientHelper(session, extensions) to include the extension under test.

ClientHelper client = new ClientHelper(session);