diff --git a/crates/credential-management-proto/src/credential.rs b/crates/credential-management-proto/src/credential.rs index 09fc136..57d7049 100644 --- a/crates/credential-management-proto/src/credential.rs +++ b/crates/credential-management-proto/src/credential.rs @@ -74,7 +74,7 @@ pub trait Container { origin: &str, options: &Self::RequestOptions, same_origin_with_ancestors: bool, - ) -> Result, discovery::Error>; + ) -> Result, discovery::Error>; } // TODO: More types of errors here diff --git a/crates/ctap2-proto/src/authenticator/assertion/get.rs b/crates/ctap2-proto/src/authenticator/assertion/get.rs index 530bdf4..f6e9b5f 100644 --- a/crates/ctap2-proto/src/authenticator/assertion/get.rs +++ b/crates/ctap2-proto/src/authenticator/assertion/get.rs @@ -1,7 +1,7 @@ use crate::authenticator::{client_pin::AuthProtocolVersion, Sha256Hash}; use bounded_vec::BoundedVec; use fido_common::credential::public_key; -use std::{collections::HashMap, usize}; +use std::{collections::{BTreeMap}, usize}; pub enum Error { OperationDenied, @@ -44,9 +44,9 @@ pub struct Request<'a> { pub allow_list: Option<&'a BoundedVec<&'a public_key::Descriptor, 1, { usize::MAX }>>, /// > Parameters to influence authenticator operation. These parameters /// > might be authenticator specific. - pub extensions: Option<&'a HashMap>, + pub extensions: Option<&'a BTreeMap>, /// > Parameters to influence authenticator operation. - pub options: Option<&'a HashMap>, + pub options: Option<&'a BTreeMap>, pub pin_uv_auth_param: Option<&'a [u8]>, /// > PIN/UV protocol version selected by platform. pub pin_uv_auth_protocol_version: Option, diff --git a/crates/ctap2-proto/src/authenticator/client_pin/mod.rs b/crates/ctap2-proto/src/authenticator/client_pin/mod.rs index c58425f..a661e1a 100644 --- a/crates/ctap2-proto/src/authenticator/client_pin/mod.rs +++ b/crates/ctap2-proto/src/authenticator/client_pin/mod.rs @@ -1,4 +1,4 @@ -use std::collections::HashSet; +use std::collections::{BTreeSet}; use bounded_integer::BoundedUsize; @@ -44,7 +44,7 @@ pub enum Request<'a> { GetPinUvAuthTokenUsingUvWithPermissions { version: AuthProtocolVersion, key_agreement: &'a KeyAgreement, - permissions: &'a HashSet, // TODO: Enforce non-empty hashset? HashSet1? + permissions: &'a BTreeSet, // TODO: Enforce non-empty set? relying_party_id: Option, }, GetUvRetries, @@ -52,7 +52,7 @@ pub enum Request<'a> { version: AuthProtocolVersion, key_agreement: &'a KeyAgreement, pin_hash_encrypted: usize, - permissions: &'a HashSet, // TODO: Enforce non-empty hashset? HashSet1? + permissions: &'a BTreeSet, // TODO: Enforce non-empty set? relying_party_id: Option, }, } diff --git a/crates/ctap2-proto/src/authenticator/config.rs b/crates/ctap2-proto/src/authenticator/config.rs index 2e94522..8acdd5c 100644 --- a/crates/ctap2-proto/src/authenticator/config.rs +++ b/crates/ctap2-proto/src/authenticator/config.rs @@ -1,4 +1,4 @@ -use std::collections::HashMap; +use std::collections::{BTreeMap}; use super::client_pin::AuthProtocolVersion; @@ -37,7 +37,7 @@ pub enum Request<'a> { /// > expected to generally utilize this subCommand. VendorPrototype { vendor_command_id: usize, - params: &'a HashMap, Vec>, /* TODO: Is the character space of keys + params: &'a BTreeMap, Vec>, /* TODO: Is the character space of keys * restricted to UTF-8? */ pin_uv_auth_protocol: AuthProtocolVersion, pin_uv_auth_param: &'a [u8], // TODO: Is using a more specific type possible? diff --git a/crates/ctap2-proto/src/authenticator/credential/make.rs b/crates/ctap2-proto/src/authenticator/credential/make.rs index cd4630d..6330aa4 100644 --- a/crates/ctap2-proto/src/authenticator/credential/make.rs +++ b/crates/ctap2-proto/src/authenticator/credential/make.rs @@ -1,6 +1,6 @@ use crate::authenticator::{self, client_pin, Sha256Hash}; use fido_common::{credential::public_key, extension}; -use std::collections::HashMap; +use std::collections::{HashMap, BTreeMap}; pub enum Error { OperationDenied, @@ -21,7 +21,7 @@ pub enum Error { /// > The following option keys are defined for use in /// > `authenticatorMakeCredential`'s `options` parameter. -#[derive(Clone, Copy, PartialEq, Eq, Hash)] +#[derive(Clone, Copy, PartialEq, Eq, Hash, PartialOrd, Ord)] pub enum OptionKey { /// > Specifies whether this credential is to be discoverable or /// > not. @@ -51,7 +51,8 @@ pub struct Request<'a> { /// > List of supported algorithms for credential generation, as /// > specified in [WebAuthn]. The array is ordered from most preferred /// > to least preferred and MUST NOT include duplicate entries. - pub public_key_credential_params: &'a [public_key::Parameters], + pub public_key_credential_params: &'a [public_key::Parameters], // TODO: BTreeSet? BTreeMap + // with preference as key? /// > An array of PublicKeyCredentialDescriptor structures, as specified /// > in [WebAuthn]. The authenticator returns an error if the /// > authenticator already contains one of the credentials enumerated @@ -61,7 +62,7 @@ pub struct Request<'a> { /// > Parameters to influence authenticator operation, as specified in /// > [WebAuthn]. These parameters might be authenticator specific. pub extensions: Option<&'a HashMap>>, - pub options: Option<&'a HashMap>, + pub options: Option<&'a BTreeMap>, pub pin_uv_auth_param: &'a [u8], /// > PIN/UV protocol version selected by platform. pub pin_uv_auth_protocol_version: Option, @@ -93,5 +94,5 @@ pub struct Response { pub large_blob_key: Option>, /// > A map, keyed by extension identifiers, to unsigned outputs of /// > extensions, if any. - pub unsigned_extension_outputs: Option>>, + pub unsigned_extension_outputs: Option>>, } diff --git a/crates/ctap2-proto/src/authenticator/device.rs b/crates/ctap2-proto/src/authenticator/device.rs index ce298f1..e82244e 100644 --- a/crates/ctap2-proto/src/authenticator/device.rs +++ b/crates/ctap2-proto/src/authenticator/device.rs @@ -2,9 +2,9 @@ use crate::authenticator::client_pin::AuthProtocolVersion; use bounded_vec::BoundedVec; use fido_common::credential::public_key; use fido_common::{registry, Transport}; +use std::collections::{BTreeSet, BTreeMap}; use std::usize; use std::{ - collections::{HashMap, HashSet}, num::NonZeroUsize, }; @@ -23,7 +23,7 @@ impl Aaguid { } } -#[derive(Debug, Hash, PartialEq, Eq, Clone, Copy)] +#[derive(Debug, Hash, PartialEq, Eq, Clone, Copy, PartialOrd, Ord)] pub enum Version { Fido2_1, Fido2_0, @@ -108,7 +108,7 @@ pub enum FidoLevel { } /// These options describe properties of a CTAP device. -#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] +#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)] pub enum OptionId { /// > Indicates that the device is attached to the client and therefore /// > can’t be removed and used on another client. @@ -190,13 +190,13 @@ pub enum OptionId { /// > information to tailor their command parameters choices. pub struct Info { /// > List of supported CTAP versions. - pub versions: HashSet, + pub versions: BTreeSet, /// > List of supported extensions. - pub extensions: Option>, + pub extensions: Option>, /// > The claimed AAGUID. pub aaguid: Aaguid, /// > List of supported options. - pub options: Option>, + pub options: Option>, /// > Maximum message size supported by the authenticator. pub max_message_size: Option, /// > List of supported PIN/UV auth protocols in order of decreasing @@ -208,7 +208,7 @@ pub struct Info { /// > Maximum Credential ID Length supported by the authenticator. pub max_credential_id_length: Option, /// > List of supported transports. - pub transports: Option>, + pub transports: Option>, /// > List of supported algorithms for credential generation... The array is /// > ordered from most preferred to least preferred and MUST NOT include /// > duplicate entries... @@ -255,9 +255,9 @@ pub struct Info { /// > to help the platform construct user dialogs. If `clientPin` /// > is supported it MUST NOT be included in the bit-flags, as `clientPIN` /// > is not a built-in user verification method. - pub uv_modality: Option>, + pub uv_modality: Option>, /// > This specifies a list of authenticator certifications. - pub certifications: Option>, + pub certifications: Option>, /// > If this member is present it indicates the estimated number of /// > additional discoverable credentials that can be stored. If this value /// > is zero then platforms SHOULD create non-discoverable credentials if @@ -279,5 +279,5 @@ pub struct Info { /// > `vendorPrototype` subcommand, and its value is a list of /// > `authenticatorConfig` `vendorCommandId` values supported, which MAY be /// > empty. - pub vendor_prototype_config_commands: Option>, + pub vendor_prototype_config_commands: Option>, } diff --git a/crates/ctap2-proto/src/authenticator/mod.rs b/crates/ctap2-proto/src/authenticator/mod.rs index b2494e4..aac9e32 100644 --- a/crates/ctap2-proto/src/authenticator/mod.rs +++ b/crates/ctap2-proto/src/authenticator/mod.rs @@ -1,6 +1,6 @@ use crate::attestation; use fido_common::extension; -use std::collections::HashMap; +use std::collections::{BTreeMap}; pub mod assertion; pub mod bio_enrollment; @@ -31,5 +31,5 @@ pub struct Data { pub user_is_verified: bool, pub signature_counter: u32, pub attested_credential_data: Option, - pub extensions: Option>>, + pub extensions: Option>>, } diff --git a/crates/fido-common/src/credential/public_key.rs b/crates/fido-common/src/credential/public_key.rs index 75cb131..bc2ac9c 100644 --- a/crates/fido-common/src/credential/public_key.rs +++ b/crates/fido-common/src/credential/public_key.rs @@ -1,7 +1,7 @@ use crate::registry::algorithms; use crate::{credential, Transport}; use bounded_vec::BoundedVec; -use std::collections::HashSet; +use std::collections::{BTreeSet}; #[cfg(feature = "serde")] use serde::{Deserialize, Serialize}; @@ -39,7 +39,7 @@ pub struct Descriptor { /// > This... member contains a hint as to how the client might /// > communicate with the managing authenticator of the public /// > key credential the caller is referring to. - pub transports: Option>, + pub transports: Option>, } /// > This `PublicKeyCredentialUserEntity` data structure describes the user diff --git a/crates/fido-common/src/extension.rs b/crates/fido-common/src/extension.rs index 15caa20..dd32853 100644 --- a/crates/fido-common/src/extension.rs +++ b/crates/fido-common/src/extension.rs @@ -18,6 +18,7 @@ /// > Extensions that may exist in multiple versions should take care to include /// > a version in their identifier. In effect, different versions are thus /// > treated as different extensions, e.g., `myCompany_extension_01` +#[derive(PartialEq, Eq, PartialOrd, Ord)] pub enum Identifier { AppId, TransactionAuthSimple, diff --git a/crates/fido-common/src/lib.rs b/crates/fido-common/src/lib.rs index 50ba861..d92775d 100644 --- a/crates/fido-common/src/lib.rs +++ b/crates/fido-common/src/lib.rs @@ -13,7 +13,7 @@ use serde::{Deserialize, Serialize}; /// > `WebAuthn` Relying Party's best belief as to how an authenticator may be /// > reached. A Relying Party will typically learn of the supported transports /// > for a public key credential via getTransports(). -#[derive(Clone, PartialEq, Eq, Hash, Debug)] +#[derive(Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Debug)] #[cfg_attr(feature = "serde", derive(Serialize, Deserialize), serde(untagged))] pub enum Transport { /// > Indicates the respective authenticator can be contacted over removable