As far as I can tell, WebAuthn PRF salt inputs do not have any required length in WebAuthn, only salt outputs. (CTAP2 hmac-secret salt inputs are required to be 32 bytes, but there is not an explicit requirement in the WebAuthn spec.)
We use the same type for PRF input and output values PRFValue, which requires them to be 32 bytes. We should split these into PrfInputValue and PrfOutputValue where the former allows any length (greater than 1?).
As far as I can tell, WebAuthn PRF salt inputs do not have any required length in WebAuthn, only salt outputs. (CTAP2
hmac-secretsalt inputs are required to be 32 bytes, but there is not an explicit requirement in the WebAuthn spec.)We use the same type for PRF input and output values
PRFValue, which requires them to be 32 bytes. We should split these intoPrfInputValueandPrfOutputValuewhere the former allows any length (greater than 1?).