Dedicated AAGUID Type #58
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dimitribouniol
force-pushed
the
dimitri/aaguid
branch
6 times, most recently
from
4549f3d
to
a98ef3a
Compare
0xTim
reviewed
May 7, 2024
| @@ -14,7 +14,7 @@ | |||
|
|
|||
| // Contains the new public key created by the authenticator. | |||
| struct AttestedCredentialData: Equatable { | |||
| let aaguid: [UInt8] | |||
| let authenticatorAttestationGloballyUniqueID: AAGUID | |||
There was a problem hiding this comment.
I would say GUID is a well enough understood term that we can use it here without causing confusion - wdyt?
Suggested change
| let authenticatorAttestationGloballyUniqueID: AAGUID | |
| let authenticatorAttestationGUID: AAGUID |
| /// | ||
| /// The Relying Party MAY use the AAGUID to infer certain properties of the authenticator, such as certification level and strength of key protection, using information from other sources. The Relying Party MAY use the AAGUID to attempt to identify the maker of the authenticator without requesting and verifying attestation, but the AAGUID is not provably authentic without attestation. | ||
| /// - SeeAlso: [WebAuthn Leven 3 Editor's Draft §6. WebAuthn Authenticator Model](https://w3c.github.io/webauthn/#aaguid) | ||
| public struct AuthenticatorAttestationGloballyUniqueID: Hashable { |
There was a problem hiding this comment.
Given #64
Suggested change
| public struct AuthenticatorAttestationGloballyUniqueID: Hashable { | |
| public struct AuthenticatorAttestationGloballyUniqueID: Hashable, Sendable { |
dimitribouniol
force-pushed
the
dimitri/aaguid
branch
from
a98ef3a
to
ecfe814
Compare
Merged
0xTim
requested changes
Jun 9, 2024
| public var bytes: [UInt8] { withUnsafeBytes(of: id) { Array($0) } } | ||
|
|
||
| /// The identifier of an anonymized authenticator, set to a byte sequence of 16 zeros. | ||
| public static let anonymous = AuthenticatorAttestationGloballyUniqueID(bytes: Array(repeating: 0, count: 16))! |
There was a problem hiding this comment.
Nit
Suggested change
| public static let anonymous = AuthenticatorAttestationGloballyUniqueID(bytes: Array(repeating: 0, count: 16))! | |
| public static let anonymous = AuthenticatorAttestationGloballyUniqueID(bytes: Array(repeating: 0, count: Self.size))! |
There was a problem hiding this comment.
Good catch, fixed!
dimitribouniol
force-pushed
the
dimitri/aaguid
branch
from
ecfe814
to
08904b6
Compare
dimitribouniol
force-pushed
the
dimitri/aaguid
branch
from
08904b6
to
eeb44d5
Compare
0xTim
approved these changes
Sep 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As I was implementing the client, I found it useful to have a type for Authenticator Attestation Globally Unique IDs (AAGUIDs) since AAGUIDs are defined as 16-byte IDs, which prevents passing in the wrong-sized values. Internally, I have this wrapping a UUID since they are conceptually similar. Some questions before we consider merging this though:
AuthenticatorAttestationGloballyUniqueIDis clearly more descriptive, thoughAAGUIDis defined as a type alias. Similarly, the property names are now spelled out, but I keptaaguidfor things like local variables.AttestedCredentialData(and by extensionAuthenticatorData) are, but not sure they need to be since authenticator data is represented in a binary form.As a follow-up, would love to extend this to other bag-of-byte types like CredentialID.