204111 2019-11-12 05:16:02 -0800 [WebAuthn] User Verification (UV) option present on a CTAP2 authenticatorMakeCredential while the authenticator has not advertised support for it 2020-01-22 15:47:13 -0800 1 1 1 Unclassified WebKit WebCore Misc. Safari 13 All All RESOLVED FIXED InRadar P2 Normal --- 181943 1 kostas jiewen_tan alex.gaynor bfulgham commit-queue jiewen_tan jonathan kostas loginllama paul.l.kehrer webkit-bug-importer oldest_to_newest 1589494 0 kostas 2019-11-12 05:16:02 -0800 The latest public FIDO2 CTAP spec mandates authenticators to terminate any ongoing procedures with CTAP2_ERR_UNSUPPORTED_OPTION if any of the options passed are not supported by the authenticator. In this case, a CTAP2 authenticatorMakeCredential from Safari sets the UV option to FALSE even if the authenticator never advertised support for it in authenticatorGetInfo response. The expected behavior here would be to not include the UV option at all since it is not supported (and not set it to FALSE or TRUE). See chapter 5.3 in latest FIDO2 CTAP spec, step 3 in the procedure of authenticatorMakeCredential and step 5 in the procedure for authenticatorGetAssertion. Please note, that the above is applicable to the authenticatorGetAssertion requests as well. Latest public spec: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html 1602543 1 loginllama 2020-01-03 12:03:42 -0800 It seems bug (198408) has landed in iOS 13.3.1 and for desktop. Good but that makes this bug much worse. Now almost no CTAP 2 keys are working, unless they support builtin UV. I have tested that and they work. There are some authenticators that for whatever reason don't properly check like some of the early Yubico 5ci with software 5.2.3. All of the shipping ones with 5.2.4 fail to work with Safari because of this bug. I tested other CTAP 2 authenticators and they also don't work almost certainly for the same reason. So basically all CTAP2 authenticators without built in UV are currently broken. 1603057 2 webkit-bug-importer 2020-01-06 08:46:30 -0800 <rdar://problem/58342561> 1607299 3 jiewen_tan 2020-01-15 18:19:11 -0800 <rdar://problem/57019604> 1607322 4 387887 jiewen_tan 2020-01-15 19:20:19 -0800 Created attachment 387887 Patch 1607616 5 387887 bfulgham 2020-01-16 13:16:07 -0800 Comment on attachment 387887 Patch r=me 1607656 6 387887 jiewen_tan 2020-01-16 14:11:03 -0800 Comment on attachment 387887 Patch Thanks Brent for r+ the patch. 1607680 7 387887 commit-queue 2020-01-16 14:54:08 -0800 Comment on attachment 387887 Patch Clearing flags on attachment: 387887 Committed r254710: <https://trac.webkit.org/changeset/254710> 1607681 8 commit-queue 2020-01-16 14:54:09 -0800 All reviewed patches have been landed. Closing bug. 1607682 9 jiewen_tan 2020-01-16 14:57:27 -0800 (In reply to kostas from comment #0) > The latest public FIDO2 CTAP spec mandates authenticators to terminate any > ongoing procedures with CTAP2_ERR_UNSUPPORTED_OPTION if any of the options > passed are not supported by the authenticator. In this case, a CTAP2 > authenticatorMakeCredential from Safari sets the UV option to FALSE even if > the authenticator never advertised support for it in authenticatorGetInfo > response. The expected behavior here would be to not include the UV option > at all since it is not supported (and not set it to FALSE or TRUE). See > chapter 5.3 in latest FIDO2 CTAP spec, step 3 in the procedure of > authenticatorMakeCredential and step 5 in the procedure for > authenticatorGetAssertion. Please note, that the above is applicable to the > authenticatorGetAssertion requests as well. > > Latest public spec: > https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to- > authenticator-protocol-v2.0-ps-20190130.html Thanks for reporting the issue, please follow our STP release to verify the fix or you could use our nightly to do that. 1607963 10 loginllama 2020-01-17 06:39:27 -0800 Thanks Jiewen When will this land in the STP? I think Kostas is on vacation, and I am traveling but will have a computer to test on Monday. I will let you know once I can test. 1608157 11 jiewen_tan 2020-01-17 13:00:19 -0800 (In reply to login Llama from comment #10) > Thanks Jiewen > > When will this land in the STP? > > I think Kostas is on vacation, and I am traveling but will have a computer > to test on Monday. > > I will let you know once I can test. Even for (In reply to login Llama from comment #10) > Thanks Jiewen > > When will this land in the STP? > > I think Kostas is on vacation, and I am traveling but will have a computer > to test on Monday. > > I will let you know once I can test. Sorry, even for STP, we don't usually comment on its future release. But you can definitely follow webkit.org's release note to see if the next one contains the fix. 1609035 12 loginllama 2020-01-21 07:51:22 -0800 I tested with build 254850 from today. The UV bug for make credential seems to be fixed. For Get Assertion I am still seeing a problem. Is there any debugging like Chrome's chrome://device-log/ That will let me see the messages? 1609055 13 loginllama 2020-01-21 08:27:55 -0800 If option clientPin=0 then it works for makeCradential and getAssertion. If clientPin=1 then both makeCradential and getAssertion fail. I expect that for makeCredential because pintoken is required to be able to make the credential over CTAP2. getAssertion should work as long as WebAuthn has UV unset or discouraged. Given I cant see the cbor message going to the authenticator I cant say if this is the same bug or another one related to Pin triggered when getInfo contains clientPin=1. 1609186 14 jiewen_tan 2020-01-21 12:00:24 -0800 (In reply to login Llama from comment #13) > If option clientPin=0 then it works for makeCradential and getAssertion. > > If clientPin=1 then both makeCradential and getAssertion fail. > > I expect that for makeCredential because pintoken is required to be able to > make the credential over CTAP2. > > getAssertion should work as long as WebAuthn has UV unset or discouraged. > > Given I cant see the cbor message going to the authenticator I cant say if > this is the same bug or another one related to Pin triggered when getInfo > contains clientPin=1. It should be a bug about our immature ClientPIN support. Bug 206547. 1609237 15 loginllama 2020-01-21 13:22:29 -0800 While there may be a pin bug, I don't think this is that. I modified a authenticator to ignore the extra UV option in the request and that works for getAssertion with no "uv" option advertised in getInfo and clientPin=1 I think there is still a bug with getAssertion. Are you perhaps sending options with uv=0 for iterating through the allow list or something? 1609258 16 jiewen_tan 2020-01-21 13:56:29 -0800 (In reply to login Llama from comment #15) > While there may be a pin bug, I don't think this is that. > > I modified a authenticator to ignore the extra UV option in the request and > that works for getAssertion with no "uv" option advertised in getInfo and > clientPin=1 > > I think there is still a bug with getAssertion. Are you perhaps sending > options with uv=0 for iterating through the allow list or something? Maybe you could tell me the model of the key you are using and the parameters you pass to the API? So, I can try to reproduce the bug. Otherwise, I'm not seeing any problems with our current code. 1609787 17 loginllama 2020-01-22 15:40:51 -0800 I think I must have just been having trouble with the version from the build archives. STP 99 with webkit 15610 seems to be working fine. With and without pin configured as long as you don't send UV required. Thanks big improvement in STP 99 1609804 18 jiewen_tan 2020-01-22 15:47:13 -0800 (In reply to login Llama from comment #17) > I think I must have just been having trouble with the version from the build > archives. > > STP 99 with webkit 15610 seems to be working fine. > > With and without pin configured as long as you don't send UV required. > > Thanks big improvement in STP 99 I don't think STP 99 contains this fix. It will be great if you could redo your test with the next one, which will probably have the fix. 387887 2020-01-15 19:20:19 -0800 2020-01-16 14:54:08 -0800 Patch bug-204111-20200115192018.patch text/plain 12813 jiewen_tan U3VidmVyc2lvbiBSZXZpc2lvbjogMjU0NTU0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYjEwNDhmMjk4MWZhNmM1 ZTk2N2YyM2FkNWY3M2ZkMWFiZDBiN2E4Zi4uN2Q2OTY1ZTcyM2NlNDk2M2ZkYWQ1MDkxNWE3MDVh OGQ3NDRhYTkzMiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDIwLTAxLTE1ICBKaWV3 ZW4gVGFuICA8amlld2VuX3RhbkBhcHBsZS5jb20+CisKKyAgICAgICAgW1dlYkF1dGhuXSBVc2Vy IFZlcmlmaWNhdGlvbiAoVVYpIG9wdGlvbiBwcmVzZW50IG9uIGEgQ1RBUDIgYXV0aGVudGljYXRv ck1ha2VDcmVkZW50aWFsIHdoaWxlIHRoZSBhdXRoZW50aWNhdG9yIGhhcyBub3QgYWR2ZXJ0aXNl ZCBzdXBwb3J0IGZvciBpdAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1 Zy5jZ2k/aWQ9MjA0MTExCisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS81NzAxOTYwND4KKworICAg ICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDb3ZlcmVkIGJ5IEFQ SSB0ZXN0cy4KKworICAgICAgICAqIE1vZHVsZXMvd2ViYXV0aG4vZmlkby9EZXZpY2VSZXF1ZXN0 Q29udmVydGVyLmNwcDoKKyAgICAgICAgKGZpZG86OmVuY29kZU1ha2VDcmVkZW5pdGFsUmVxdWVz dEFzQ0JPUik6CisgICAgICAgIChmaWRvOjplbmNvZGVHZXRBc3NlcnRpb25SZXF1ZXN0QXNDQk9S KToKKyAgICAgICAgT25seSBzZXQgVVYgaWYgUlAgcmVxdWlyZXMgaXQuCisKIDIwMjAtMDEtMTQg IERlYW4gSmFja3NvbiAgPGRpbm9AYXBwbGUuY29tPgogCiAgICAgICAgIEJ1aWxkIEFOR0xFIGFz IGEgZHluYW1pYyBsaWJyYXJ5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dl YmF1dGhuL2ZpZG8vRGV2aWNlUmVxdWVzdENvbnZlcnRlci5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9N b2R1bGVzL3dlYmF1dGhuL2ZpZG8vRGV2aWNlUmVxdWVzdENvbnZlcnRlci5jcHAKaW5kZXggMTU1 ZTVkMWVlMmUzZjg1ZDc0NDkyMGU0YWEzOGI5ZThkOWE3MjY0NC4uZWFmNDFkNWM1MGUzMzQ1MGFi YTRhYTM5ZDg0M2JmNzU4N2E0ODJmYSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvTW9kdWxl cy93ZWJhdXRobi9maWRvL0RldmljZVJlcXVlc3RDb252ZXJ0ZXIuY3BwCisrKyBiL1NvdXJjZS9X ZWJDb3JlL01vZHVsZXMvd2ViYXV0aG4vZmlkby9EZXZpY2VSZXF1ZXN0Q29udmVydGVyLmNwcApA QCAtMTE5LDcgKzExOSw4IEBAIFZlY3Rvcjx1aW50OF90PiBlbmNvZGVNYWtlQ3JlZGVuaXRhbFJl cXVlc3RBc0NCT1IoY29uc3QgVmVjdG9yPHVpbnQ4X3Q+JiBoYXNoLCBjCiAgICAgICAgIGNhc2Ug VXNlclZlcmlmaWNhdGlvblJlcXVpcmVtZW50OjpEaXNjb3VyYWdlZDoKICAgICAgICAgICAgIHJl cXVpcmVVc2VyVmVyaWZpY2F0aW9uID0gZmFsc2U7CiAgICAgICAgIH0KLSAgICAgICAgb3B0aW9u TWFwW0NCT1JWYWx1ZShrVXNlclZlcmlmaWNhdGlvbk1hcEtleSldID0gQ0JPUlZhbHVlKHJlcXVp cmVVc2VyVmVyaWZpY2F0aW9uKTsKKyAgICAgICAgaWYgKHJlcXVpcmVVc2VyVmVyaWZpY2F0aW9u KQorICAgICAgICAgICAgb3B0aW9uTWFwW0NCT1JWYWx1ZShrVXNlclZlcmlmaWNhdGlvbk1hcEtl eSldID0gQ0JPUlZhbHVlKHJlcXVpcmVVc2VyVmVyaWZpY2F0aW9uKTsKICAgICB9CiAgICAgaWYg KCFvcHRpb25NYXAuZW1wdHkoKSkKICAgICAgICAgY2Jvck1hcFtDQk9SVmFsdWUoNyldID0gQ0JP UlZhbHVlKFdURk1vdmUob3B0aW9uTWFwKSk7CkBAIC0xNjQsNyArMTY1LDggQEAgVmVjdG9yPHVp bnQ4X3Q+IGVuY29kZUdldEFzc2VydGlvblJlcXVlc3RBc0NCT1IoY29uc3QgVmVjdG9yPHVpbnQ4 X3Q+JiBoYXNoLCBjb24KICAgICBjYXNlIFVzZXJWZXJpZmljYXRpb25SZXF1aXJlbWVudDo6RGlz Y291cmFnZWQ6CiAgICAgICAgIHJlcXVpcmVVc2VyVmVyaWZpY2F0aW9uID0gZmFsc2U7CiAgICAg fQotICAgIG9wdGlvbk1hcFtDQk9SVmFsdWUoa1VzZXJWZXJpZmljYXRpb25NYXBLZXkpXSA9IENC T1JWYWx1ZShyZXF1aXJlVXNlclZlcmlmaWNhdGlvbik7CisgICAgaWYgKHJlcXVpcmVVc2VyVmVy aWZpY2F0aW9uKQorICAgICAgICBvcHRpb25NYXBbQ0JPUlZhbHVlKGtVc2VyVmVyaWZpY2F0aW9u TWFwS2V5KV0gPSBDQk9SVmFsdWUocmVxdWlyZVVzZXJWZXJpZmljYXRpb24pOwogICAgIG9wdGlv bk1hcFtDQk9SVmFsdWUoa1VzZXJQcmVzZW5jZU1hcEtleSldID0gQ0JPUlZhbHVlKHRydWUpOwog CiAgICAgaWYgKCFvcHRpb25NYXAuZW1wdHkoKSkKZGlmZiAtLWdpdCBhL1Rvb2xzL0NoYW5nZUxv ZyBiL1Rvb2xzL0NoYW5nZUxvZwppbmRleCBmMWRjMGJkZWMwZWQyMGE0YWY5Nzc2ZWVhNDNiYWZh ZTczMWEzZDE5Li4xNWYwNGFjZDJmMDhhNWM3NTk4YTU3ODRhNmJmN2NhODkyNTFlNDE1IDEwMDY0 NAotLS0gYS9Ub29scy9DaGFuZ2VMb2cKKysrIGIvVG9vbHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEs MTUgQEAKKzIwMjAtMDEtMTUgIEppZXdlbiBUYW4gIDxqaWV3ZW5fdGFuQGFwcGxlLmNvbT4KKwor ICAgICAgICBbV2ViQXV0aG5dIFVzZXIgVmVyaWZpY2F0aW9uIChVVikgb3B0aW9uIHByZXNlbnQg b24gYSBDVEFQMiBhdXRoZW50aWNhdG9yTWFrZUNyZWRlbnRpYWwgd2hpbGUgdGhlIGF1dGhlbnRp Y2F0b3IgaGFzIG5vdCBhZHZlcnRpc2VkIHN1cHBvcnQgZm9yIGl0CisgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMDQxMTEKKyAgICAgICAgPHJkYXI6Ly9w cm9ibGVtLzU3MDE5NjA0PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgor CisgICAgICAgICogVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJDb3JlL0N0YXBSZXF1ZXN0VGVzdC5j cHA6CisgICAgICAgIChUZXN0V2ViS2l0QVBJOjpURVNUKToKKyAgICAgICAgKiBUZXN0V2ViS2l0 QVBJL1Rlc3RzL1dlYkNvcmUvRmlkb1Rlc3REYXRhLmg6CisKIDIwMjAtMDEtMTAgIEppZXdlbiBU YW4gIDxqaWV3ZW5fdGFuQGFwcGxlLmNvbT4KIAogICAgICAgICBbV2ViQXV0aG5dIEltcGxlbWVu dCBTUEkgdG8gdGVsbCBVSSBjbGllbnRzIHRvIHNlbGVjdCBhc3NlcnRpb24gcmVzcG9uc2VzCmRp ZmYgLS1naXQgYS9Ub29scy9UZXN0V2ViS2l0QVBJL1Rlc3RzL1dlYkNvcmUvQ3RhcFJlcXVlc3RU ZXN0LmNwcCBiL1Rvb2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV2ViQ29yZS9DdGFwUmVxdWVzdFRl c3QuY3BwCmluZGV4IGRhMDc1YTBjM2JhNDY0OGJlZTk3YzYzYzE1YWI1MTg2N2ZhYzA3ZGQuLjMz MjczOWYwNDc0YzA1NWVlMWNmOTU0YmFjNmRkMmM3ZTMwNjg3OTggMTAwNjQ0Ci0tLSBhL1Rvb2xz L1Rlc3RXZWJLaXRBUEkvVGVzdHMvV2ViQ29yZS9DdGFwUmVxdWVzdFRlc3QuY3BwCisrKyBiL1Rv b2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV2ViQ29yZS9DdGFwUmVxdWVzdFRlc3QuY3BwCkBAIC02 OSw2ICs2OSwyOSBAQCBURVNUKENUQVBSZXF1ZXN0VGVzdCwgVGVzdENvbnN0cnVjdE1ha2VDcmVk ZW50aWFsUmVxdWVzdFBhcmFtKQogICAgIEVYUEVDVF9FUShtZW1jbXAoc2VyaWFsaXplZERhdGEu ZGF0YSgpLCBUZXN0RGF0YTo6a0N0YXBNYWtlQ3JlZGVudGlhbFJlcXVlc3QsIHNlcmlhbGl6ZWRE YXRhLnNpemUoKSksIDApOwogfQogCitURVNUKENUQVBSZXF1ZXN0VGVzdCwgVGVzdENvbnN0cnVj dE1ha2VDcmVkZW50aWFsUmVxdWVzdFBhcmFtTm9VVk5vUkspCit7CisgICAgUHVibGljS2V5Q3Jl ZGVudGlhbENyZWF0aW9uT3B0aW9uczo6UnBFbnRpdHkgcnA7CisgICAgcnAubmFtZSA9ICJBY21l IjsKKyAgICBycC5pZCA9ICJhY21lLmNvbSI7CisKKyAgICBQdWJsaWNLZXlDcmVkZW50aWFsQ3Jl YXRpb25PcHRpb25zOjpVc2VyRW50aXR5IHVzZXI7CisgICAgdXNlci5uYW1lID0gImpvaG5wc21p dGhAZXhhbXBsZS5jb20iOworICAgIHVzZXIuaWNvbiA9ICJodHRwczovL3BpY3MuYWNtZS5jb20v MDAvcC9hQmpqanBxUGIucG5nIjsKKyAgICB1c2VyLmlkVmVjdG9yLmFwcGVuZChUZXN0RGF0YTo6 a1VzZXJJZCwgc2l6ZW9mKFRlc3REYXRhOjprVXNlcklkKSk7CisgICAgdXNlci5kaXNwbGF5TmFt ZSA9ICJKb2huIFAuIFNtaXRoIjsKKworICAgIFZlY3RvcjxQdWJsaWNLZXlDcmVkZW50aWFsQ3Jl YXRpb25PcHRpb25zOjpQYXJhbWV0ZXJzPiBwYXJhbXMgeyB7IFB1YmxpY0tleUNyZWRlbnRpYWxU eXBlOjpQdWJsaWNLZXksIDcgfSwgeyBQdWJsaWNLZXlDcmVkZW50aWFsVHlwZTo6UHVibGljS2V5 LCAyNTcgfSB9OworICAgIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnM6OkF1dGhl bnRpY2F0b3JTZWxlY3Rpb25Dcml0ZXJpYSBzZWxlY3Rpb24geyBQdWJsaWNLZXlDcmVkZW50aWFs Q3JlYXRpb25PcHRpb25zOjpBdXRoZW50aWNhdG9yQXR0YWNobWVudDo6UGxhdGZvcm0sIGZhbHNl LCBVc2VyVmVyaWZpY2F0aW9uUmVxdWlyZW1lbnQ6OkRpc2NvdXJhZ2VkIH07CisKKyAgICBQdWJs aWNLZXlDcmVkZW50aWFsQ3JlYXRpb25PcHRpb25zIG9wdGlvbnMgeyBycCwgdXNlciwgeyB9LCBw YXJhbXMsIFdURjo6bnVsbG9wdCwgeyB9LCBzZWxlY3Rpb24sIEF0dGVzdGF0aW9uQ29udmV5YW5j ZVByZWZlcmVuY2U6Ok5vbmUsIFdURjo6bnVsbG9wdCB9OworICAgIFZlY3Rvcjx1aW50OF90PiBo YXNoOworICAgIGhhc2guYXBwZW5kKFRlc3REYXRhOjprQ2xpZW50RGF0YUhhc2gsIHNpemVvZihU ZXN0RGF0YTo6a0NsaWVudERhdGFIYXNoKSk7CisgICAgYXV0byBzZXJpYWxpemVkRGF0YSA9IGVu Y29kZU1ha2VDcmVkZW5pdGFsUmVxdWVzdEFzQ0JPUihoYXNoLCBvcHRpb25zLCBBdXRoZW50aWNh dG9yU3VwcG9ydGVkT3B0aW9uczo6VXNlclZlcmlmaWNhdGlvbkF2YWlsYWJpbGl0eTo6a1N1cHBv cnRlZEJ1dE5vdENvbmZpZ3VyZWQpOworICAgIEVYUEVDVF9FUShzZXJpYWxpemVkRGF0YS5zaXpl KCksIHNpemVvZihUZXN0RGF0YTo6a0N0YXBNYWtlQ3JlZGVudGlhbFJlcXVlc3RTaG9ydCkpOwor ICAgIEVYUEVDVF9FUShtZW1jbXAoc2VyaWFsaXplZERhdGEuZGF0YSgpLCBUZXN0RGF0YTo6a0N0 YXBNYWtlQ3JlZGVudGlhbFJlcXVlc3RTaG9ydCwgc2VyaWFsaXplZERhdGEuc2l6ZSgpKSwgMCk7 Cit9CisKIFRFU1QoQ1RBUFJlcXVlc3RUZXN0LCBUZXN0Q29uc3RydWN0TWFrZUNyZWRlbnRpYWxS ZXF1ZXN0UGFyYW1XaXRoUGluKQogewogICAgIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9w dGlvbnM6OlJwRW50aXR5IHJwOwpAQCAtMTMzLDYgKzE1Niw0MyBAQCBURVNUKENUQVBSZXF1ZXN0 VGVzdCwgVGVzdENvbnN0cnVjdEdldEFzc2VydGlvblJlcXVlc3QpCiAgICAgRVhQRUNUX0VRKG1l bWNtcChzZXJpYWxpemVkRGF0YS5kYXRhKCksIFRlc3REYXRhOjprVGVzdENvbXBsZXhDdGFwR2V0 QXNzZXJ0aW9uUmVxdWVzdCwgc2VyaWFsaXplZERhdGEuc2l6ZSgpKSwgMCk7CiB9CiAKK1RFU1Qo Q1RBUFJlcXVlc3RUZXN0LCBUZXN0Q29uc3RydWN0R2V0QXNzZXJ0aW9uUmVxdWVzdE5vVVYpCit7 CisgICAgUHVibGljS2V5Q3JlZGVudGlhbFJlcXVlc3RPcHRpb25zIG9wdGlvbnM7CisgICAgb3B0 aW9ucy5ycElkID0gImFjbWUuY29tIjsKKworICAgIFB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlw dG9yIGRlc2NyaXB0b3IxOworICAgIGRlc2NyaXB0b3IxLnR5cGUgPSBQdWJsaWNLZXlDcmVkZW50 aWFsVHlwZTo6UHVibGljS2V5OworICAgIGNvbnN0IHVpbnQ4X3QgaWQxW10gPSB7CisgICAgICAg IDB4ZjIsIDB4MjAsIDB4MDYsIDB4ZGUsIDB4NGYsIDB4OTAsIDB4NWEsIDB4ZjYsIDB4OGEsIDB4 NDMsIDB4OTQsCisgICAgICAgIDB4MmYsIDB4MDIsIDB4NGYsIDB4MmEsIDB4NWUsIDB4Y2UsIDB4 NjAsIDB4M2QsIDB4OWMsIDB4NmQsIDB4NGIsCisgICAgICAgIDB4M2QsIDB4ZjgsIDB4YmUsIDB4 MDgsIDB4ZWQsIDB4MDEsIDB4ZmMsIDB4NDQsIDB4MjYsIDB4NDYsIDB4ZDAsCisgICAgICAgIDB4 MzQsIDB4ODUsIDB4OGEsIDB4YzcsIDB4NWIsIDB4ZWQsIDB4M2YsIDB4ZDUsIDB4ODAsIDB4YmYs IDB4OTgsCisgICAgICAgIDB4MDgsIDB4ZDksIDB4NGYsIDB4Y2IsIDB4ZWUsIDB4ODIsIDB4Yjks IDB4YjIsIDB4ZWYsIDB4NjYsIDB4NzcsCisgICAgICAgIDB4YWYsIDB4MGEsIDB4ZGMsIDB4YzMs IDB4NTgsIDB4NTIsIDB4ZWEsIDB4NmIsIDB4OWUgfTsKKyAgICBkZXNjcmlwdG9yMS5pZFZlY3Rv ci5hcHBlbmQoaWQxLCBzaXplb2YoaWQxKSk7CisgICAgb3B0aW9ucy5hbGxvd0NyZWRlbnRpYWxz LmFwcGVuZChkZXNjcmlwdG9yMSk7CisKKyAgICBQdWJsaWNLZXlDcmVkZW50aWFsRGVzY3JpcHRv ciBkZXNjcmlwdG9yMjsKKyAgICBkZXNjcmlwdG9yMi50eXBlID0gUHVibGljS2V5Q3JlZGVudGlh bFR5cGU6OlB1YmxpY0tleTsKKyAgICBjb25zdCB1aW50OF90IGlkMltdID0geworICAgICAgICAw eDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAz LAorICAgICAgICAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAz LCAweDAzLCAweDAzLAorICAgICAgICAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAz LCAweDAzLCAweDAzLCAweDAzLCAweDAzLAorICAgICAgICAweDAzLCAweDAzLCAweDAzLCAweDAz LCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLAorICAgICAgICAweDAzLCAweDAz LCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzIH07CisgICAg ZGVzY3JpcHRvcjIuaWRWZWN0b3IuYXBwZW5kKGlkMiwgc2l6ZW9mKGlkMikpOworICAgIG9wdGlv bnMuYWxsb3dDcmVkZW50aWFscy5hcHBlbmQoZGVzY3JpcHRvcjIpOworCisgICAgb3B0aW9ucy51 c2VyVmVyaWZpY2F0aW9uID0gVXNlclZlcmlmaWNhdGlvblJlcXVpcmVtZW50OjpEaXNjb3VyYWdl ZDsKKworICAgIFZlY3Rvcjx1aW50OF90PiBoYXNoOworICAgIGhhc2guYXBwZW5kKFRlc3REYXRh OjprQ2xpZW50RGF0YUhhc2gsIHNpemVvZihUZXN0RGF0YTo6a0NsaWVudERhdGFIYXNoKSk7Cisg ICAgYXV0byBzZXJpYWxpemVkRGF0YSA9IGVuY29kZUdldEFzc2VydGlvblJlcXVlc3RBc0NCT1Io aGFzaCwgb3B0aW9ucywgQXV0aGVudGljYXRvclN1cHBvcnRlZE9wdGlvbnM6OlVzZXJWZXJpZmlj YXRpb25BdmFpbGFiaWxpdHk6OmtTdXBwb3J0ZWRCdXROb3RDb25maWd1cmVkKTsKKyAgICBFWFBF Q1RfRVEoc2VyaWFsaXplZERhdGEuc2l6ZSgpLCBzaXplb2YoVGVzdERhdGE6OmtUZXN0Q29tcGxl eEN0YXBHZXRBc3NlcnRpb25SZXF1ZXN0U2hvcnQpKTsKKyAgICBFWFBFQ1RfRVEobWVtY21wKHNl cmlhbGl6ZWREYXRhLmRhdGEoKSwgVGVzdERhdGE6OmtUZXN0Q29tcGxleEN0YXBHZXRBc3NlcnRp b25SZXF1ZXN0U2hvcnQsIHNlcmlhbGl6ZWREYXRhLnNpemUoKSksIDApOworfQorCiBURVNUKENU QVBSZXF1ZXN0VGVzdCwgVGVzdENvbnN0cnVjdEdldEFzc2VydGlvblJlcXVlc3RXaXRoUGluKQog ewogICAgIFB1YmxpY0tleUNyZWRlbnRpYWxSZXF1ZXN0T3B0aW9ucyBvcHRpb25zOwpkaWZmIC0t Z2l0IGEvVG9vbHMvVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJDb3JlL0ZpZG9UZXN0RGF0YS5oIGIv VG9vbHMvVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJDb3JlL0ZpZG9UZXN0RGF0YS5oCmluZGV4IGZj MzhkYWI3M2MzMmE5YzA1MTY2MzgxNjg4NWU3MjMxNzc2ZWNmOTUuLmVlNzcwNzdjNWQwMTgyNGI3 OTBlNDVjYTE5M2YwZmFmYmE3NGJjNjYgMTAwNjQ0Ci0tLSBhL1Rvb2xzL1Rlc3RXZWJLaXRBUEkv VGVzdHMvV2ViQ29yZS9GaWRvVGVzdERhdGEuaAorKysgYi9Ub29scy9UZXN0V2ViS2l0QVBJL1Rl c3RzL1dlYkNvcmUvRmlkb1Rlc3REYXRhLmgKQEAgLTUyOCw2ICs1MjgsODEgQEAgY29uc3RleHBy IHVpbnQ4X3Qga0N0YXBNYWtlQ3JlZGVudGlhbFJlcXVlc3RbXSA9IHsKICAgICAweGY1CiB9Owog Citjb25zdGV4cHIgdWludDhfdCBrQ3RhcE1ha2VDcmVkZW50aWFsUmVxdWVzdFNob3J0W10gPSB7 CisgICAgLy8gYXV0aGVudGljYXRvck1ha2VDcmVkZW50aWFsIGNvbW1hbmQKKyAgICAweDAxLAor ICAgIC8vIG1hcCg0KQorICAgIDB4YTQsCisgICAgLy8ga2V5KDEpIC0gY2xpZW50RGF0YUhhc2gK KyAgICAweDAxLAorICAgIC8vIGJ5dGVzKDMyKQorICAgIDB4NTgsIDB4MjAsIDB4NjgsIDB4NzEs IDB4MzQsIDB4OTYsIDB4ODIsIDB4MjIsIDB4ZWMsIDB4MTcsIDB4MjAsIDB4MmUsCisgICAgMHg0 MiwgMHg1MCwgMHg1ZiwgMHg4ZSwgMHhkMiwgMHhiMSwgMHg2YSwgMHhlMiwgMHgyZiwgMHgxNiwg MHhiYiwgMHgwNSwKKyAgICAweGI4LCAweDhjLCAweDI1LCAweGRiLCAweDllLCAweDYwLCAweDI2 LCAweDQ1LCAweGYxLCAweDQxLAorICAgIC8vIGtleSgyKSAtIHJwCisgICAgMHgwMiwKKyAgICAv LyBtYXAoMikKKyAgICAweGEyLAorICAgIC8vIGtleSAtICJpZCIKKyAgICAweDYyLCAweDY5LCAw eDY0LAorICAgIC8vIHZhbHVlIC0gImFjbWUuY29tIgorICAgIDB4NjgsIDB4NjEsIDB4NjMsIDB4 NmQsIDB4NjUsIDB4MmUsIDB4NjMsIDB4NmYsIDB4NmQsCisgICAgLy8ga2V5IC0gICJuYW1lIgor ICAgIDB4NjQsIDB4NmUsIDB4NjEsIDB4NmQsIDB4NjUsCisgICAgLy8gdmFsdWUgLSAiQWNtZSIK KyAgICAweDY0LCAweDQxLCAweDYzLCAweDZkLCAweDY1LAorICAgIC8vIGtleSgzKSAtIHVzZXIK KyAgICAweDAzLAorICAgIC8vIG1hcCg0KQorICAgIDB4YTQsCisgICAgLy8ga2V5IC0gImlkIgor ICAgIDB4NjIsIDB4NjksIDB4NjQsCisgICAgLy8gdmFsdWUgLSB1c2VyIGlkCisgICAgMHg0OCwg MHgxMCwgMHg5OCwgMHgyMywgMHg3MiwgMHgzNSwgMHg0MCwgMHg5OCwgMHg3MiwKKyAgICAvLyBr ZXkgLSAiaWNvbiIKKyAgICAweDY0LCAweDY5LCAweDYzLCAweDZmLCAweDZlLAorICAgIC8vIHZh bHVlIC0gImh0dHBzOi8vcGljcy5hY21lLmNvbS8wMC9wL2FCampqcHFQYi5wbmciCisgICAgMHg3 OCwgMHgyOCwgMHg2OCwgMHg3NCwgMHg3NCwgMHg3MCwgMHg3MywgMHgzYSwgMHgyZiwgMHgyZiwg MHg3MCwgMHg2OSwKKyAgICAweDYzLCAweDczLCAweDJlLCAweDYxLCAweDYzLCAweDZkLCAweDY1 LCAweDJlLCAweDYzLCAweDZmLCAweDZkLCAweDJmLAorICAgIDB4MzAsIDB4MzAsIDB4MmYsIDB4 NzAsIDB4MmYsIDB4NjEsIDB4NDIsIDB4NmEsIDB4NmEsIDB4NmEsIDB4NzAsIDB4NzEsCisgICAg MHg1MCwgMHg2MiwgMHgyZSwgMHg3MCwgMHg2ZSwgMHg2NywKKyAgICAvLyBrZXkgLSAibmFtZSIK KyAgICAweDY0LCAweDZlLCAweDYxLCAweDZkLCAweDY1LAorICAgIC8vIHZhbHVlIC0gImpvaG5w c21pdGhAZXhhbXBsZS5jb20iCisgICAgMHg3NiwgMHg2YSwgMHg2ZiwgMHg2OCwgMHg2ZSwgMHg3 MCwgMHg3MywgMHg2ZCwgMHg2OSwgMHg3NCwgMHg2OCwgMHg0MCwKKyAgICAweDY1LCAweDc4LCAw eDYxLCAweDZkLCAweDcwLCAweDZjLCAweDY1LCAweDJlLCAweDYzLCAweDZmLCAweDZkLAorICAg IC8vIGtleSAtICJkaXNwbGF5TmFtZSIKKyAgICAweDZiLCAweDY0LCAweDY5LCAweDczLCAweDcw LCAweDZjLCAweDYxLCAweDc5LCAweDRlLCAweDYxLCAweDZkLCAweDY1LAorICAgIC8vIHZhbHVl IC0gIkpvaG4gUC4gU21pdGgiCisgICAgMHg2ZCwgMHg0YSwgMHg2ZiwgMHg2OCwgMHg2ZSwgMHgy MCwgMHg1MCwgMHgyZSwgMHgyMCwgMHg1MywgMHg2ZCwgMHg2OSwKKyAgICAweDc0LCAweDY4LAor ICAgIC8vIGtleSg0KSAtIHB1YktleUNyZWRQYXJhbXMKKyAgICAweDA0LAorICAgIC8vIGFycmF5 KDIpCisgICAgMHg4MiwKKyAgICAvLyBtYXAoMikKKyAgICAweGEyLAorICAgIC8vIGtleSAtICJh bGciCisgICAgMHg2MywgMHg2MSwgMHg2YywgMHg2NywKKyAgICAvLyB2YWx1ZSAtIDcKKyAgICAw eDA3LAorICAgIC8vIGtleSAtICJ0eXBlIgorICAgIDB4NjQsIDB4NzQsIDB4NzksIDB4NzAsIDB4 NjUsCisgICAgLy8gdmFsdWUgLSAicHVibGljLWtleSIKKyAgICAweDZhLCAweDcwLCAweDc1LCAw eDYyLCAweDZDLCAweDY5LCAweDYzLCAweDJELCAweDZCLCAweDY1LCAweDc5LAorICAgIC8vIG1h cCgyKQorICAgIDB4YTIsCisgICAgLy8ga2V5IC0gImFsZyIKKyAgICAweDYzLCAweDYxLCAweDZj LCAweDY3LAorICAgIC8vIHZhbHVlIC0gMjU3CisgICAgMHgxOSwgMHgwMSwgMHgwMSwKKyAgICAv LyBrZXkgLSAidHlwZSIKKyAgICAweDY0LCAweDc0LCAweDc5LCAweDcwLCAweDY1LCAvLyAidHlw ZSIKKyAgICAvLyB2YWx1ZSAtICJwdWJsaWMta2V5IgorICAgIDB4NmEsIDB4NzAsIDB4NzUsIDB4 NjIsIDB4NkMsIDB4NjksIDB4NjMsIDB4MkQsIDB4NkIsIDB4NjUsIDB4NzksCit9OworCisKIGNv bnN0ZXhwciB1aW50OF90IGtDdGFwTWFrZUNyZWRlbnRpYWxSZXF1ZXN0V2l0aFBpbltdID0gewog ICAgIC8vIGF1dGhlbnRpY2F0b3JNYWtlQ3JlZGVudGlhbCBjb21tYW5kCiAgICAgMHgwMSwKQEAg LTY4NSw2ICs3NjAsNjQgQEAgY29uc3RleHByIHVpbnQ4X3Qga1Rlc3RDb21wbGV4Q3RhcEdldEFz c2VydGlvblJlcXVlc3RbXSA9IHsKICAgICAweGY1LAogfTsKIAorY29uc3RleHByIHVpbnQ4X3Qg a1Rlc3RDb21wbGV4Q3RhcEdldEFzc2VydGlvblJlcXVlc3RTaG9ydFtdID0geworICAgIC8vIGF1 dGhlbnRpY2F0b3JHZXRBc3NlcnRpb24gY29tbWFuZAorICAgIDB4MDIsCisgICAgLy8gbWFwKDQp CisgICAgMHhhNCwKKyAgICAvLyBrZXkoMDEpIC1ycElkCisgICAgMHgwMSwKKyAgICAvLyB2YWx1 ZSAtICJhY21lLmNvbSIKKyAgICAweDY4LCAweDYxLCAweDYzLCAweDZkLCAweDY1LCAweDJlLCAw eDYzLCAweDZmLCAweDZkLAorICAgIC8vIGtleSgwMikgLSBjbGllbnQgZGF0YSBoYXNoCisgICAg MHgwMiwKKyAgICAvLyB2YWx1ZSAtIGJ5dGVzKDMyKQorICAgIDB4NTgsIDB4MjAsIDB4NjgsIDB4 NzEsIDB4MzQsIDB4OTYsIDB4ODIsIDB4MjIsIDB4ZWMsIDB4MTcsIDB4MjAsIDB4MmUsCisgICAg MHg0MiwgMHg1MCwgMHg1ZiwgMHg4ZSwgMHhkMiwgMHhiMSwgMHg2YSwgMHhlMiwgMHgyZiwgMHgx NiwgMHhiYiwgMHgwNSwKKyAgICAweGI4LCAweDhjLCAweDI1LCAweGRiLCAweDllLCAweDYwLCAw eDI2LCAweDQ1LCAweGYxLCAweDQxLAorICAgIC8vIGtleSgwMykgLSBhbGxvdyBsaXN0CisgICAg MHgwMywKKyAgICAvLyB2YWx1ZSAtIGFycmF5KDIpCisgICAgMHg4MiwKKyAgICAvLyBtYXAoMikK KyAgICAweGEyLAorICAgIC8vIGtleSAtICJpZCIKKyAgICAweDYyLCAweDY5LCAweDY0LAorICAg IC8vIHZhbHVlIC0gY3JlZGVudGlhbCBJRAorICAgIDB4NTgsIDB4NDAsIDB4ZjIsIDB4MjAsIDB4 MDYsIDB4ZGUsIDB4NGYsIDB4OTAsIDB4NWEsIDB4ZjYsIDB4OGEsIDB4NDMsCisgICAgMHg5NCwg MHgyZiwgMHgwMiwgMHg0ZiwgMHgyYSwgMHg1ZSwgMHhjZSwgMHg2MCwgMHgzZCwgMHg5YywgMHg2 ZCwgMHg0YiwKKyAgICAweDNkLCAweGY4LCAweGJlLCAweDA4LCAweGVkLCAweDAxLCAweGZjLCAw eDQ0LCAweDI2LCAweDQ2LCAweGQwLCAweDM0LAorICAgIDB4ODUsIDB4OGEsIDB4YzcsIDB4NWIs IDB4ZWQsIDB4M2YsIDB4ZDUsIDB4ODAsIDB4YmYsIDB4OTgsIDB4MDgsIDB4ZDksCisgICAgMHg0 ZiwgMHhjYiwgMHhlZSwgMHg4MiwgMHhiOSwgMHhiMiwgMHhlZiwgMHg2NiwgMHg3NywgMHhhZiwg MHgwYSwgMHhkYywKKyAgICAweGMzLCAweDU4LCAweDUyLCAweGVhLCAweDZiLCAweDllLAorICAg IC8vIGtleSAtICJ0eXBlIgorICAgIDB4NjQsIDB4NzQsIDB4NzksIDB4NzAsIDB4NjUsCisgICAg Ly8gdmFsdWUgLSAicHVibGljLWtleSIKKyAgICAweDZhLCAweDcwLCAweDc1LCAweDYyLCAweDZD LCAweDY5LCAweDYzLCAweDJELCAweDZCLCAweDY1LCAweDc5LAorICAgIC8vIG1hcCgyKQorICAg IDB4YTIsCisgICAgLy8ga2V5IC0gImlkIgorICAgIDB4NjIsIDB4NjksIDB4NjQsCisgICAgLy8g dmFsdWUgLSBjcmVkZW50aWFsIElECisgICAgMHg1OCwgMHgzMiwgMHgwMywgMHgwMywgMHgwMywg MHgwMywgMHgwMywgMHgwMywgMHgwMywgMHgwMywgMHgwMywgMHgwMywKKyAgICAweDAzLCAweDAz LCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAweDAzLCAw eDAzLAorICAgIDB4MDMsIDB4MDMsIDB4MDMsIDB4MDMsIDB4MDMsIDB4MDMsIDB4MDMsIDB4MDMs IDB4MDMsIDB4MDMsIDB4MDMsIDB4MDMsCisgICAgMHgwMywgMHgwMywgMHgwMywgMHgwMywgMHgw MywgMHgwMywgMHgwMywgMHgwMywgMHgwMywgMHgwMywgMHgwMywgMHgwMywKKyAgICAweDAzLCAw eDAzLCAweDAzLCAweDAzLAorICAgIC8vIGtleSAtICJ0eXBlIgorICAgIDB4NjQsIDB4NzQsIDB4 NzksIDB4NzAsIDB4NjUsCisgICAgLy8gdmFsdWUgLSAicHVibGljLWtleSIKKyAgICAweDZhLCAw eDcwLCAweDc1LCAweDYyLCAweDZDLCAweDY5LCAweDYzLCAweDJELCAweDZCLCAweDY1LCAweDc5 LAorICAgIC8vIHVuc2lnbmVkKDUpIC0gb3B0aW9ucworICAgIDB4MDUsCisgICAgLy8gbWFwKDEp CisgICAgMHhhMSwKKyAgICAvLyBrZXkgLSJ1cCIKKyAgICAweDYyLCAweDc1LCAweDcwLAorICAg IC8vIHZhbHVlIC0gVHJ1ZSgyMSkKKyAgICAweGY1LAorfTsKKwogY29uc3RleHByIHVpbnQ4X3Qg a1Rlc3RDb21wbGV4Q3RhcEdldEFzc2VydGlvblJlcXVlc3RXaXRoUGluW10gPSB7CiAgICAgLy8g YXV0aGVudGljYXRvckdldEFzc2VydGlvbiBjb21tYW5kCiAgICAgMHgwMiwK