From 0fb2487154c8d17cb4de04fb3695cf1829fcef56 Mon Sep 17 00:00:00 2001 From: Nick Zana Date: Thu, 11 May 2023 18:47:22 -0400 Subject: [PATCH] Move several types from ctap2-proto to fido-common --- crates/ctap2-proto/src/attestation/mod.rs | 38 --------- .../src/authenticator/assertion/get.rs | 7 +- .../src/authenticator/client_pin/mod.rs | 27 ++---- .../src/authenticator/credential/make.rs | 17 ++-- .../authenticator/credential/management.rs | 7 +- .../ctap2-proto/src/authenticator/device.rs | 20 ++--- crates/ctap2-proto/src/authenticator/mod.rs | 26 +----- crates/ctap2-proto/src/extensions/mod.rs | 2 + crates/ctap2-proto/src/lib.rs | 31 +++---- crates/fido-common/Cargo.toml | 1 + crates/fido-common/src/attestation.rs | 39 +++++++++ crates/fido-common/src/authenticator.rs | 82 +++++++++++++++++++ .../fido-common/src/credential/public_key.rs | 4 +- .../src/{extension.rs => extensions.rs} | 0 crates/fido-common/src/lib.rs | 42 +--------- .../webauthn3-proto/src/public_key/request.rs | 1 - 16 files changed, 176 insertions(+), 168 deletions(-) delete mode 100644 crates/ctap2-proto/src/attestation/mod.rs create mode 100644 crates/fido-common/src/authenticator.rs rename crates/fido-common/src/{extension.rs => extensions.rs} (100%) diff --git a/crates/ctap2-proto/src/attestation/mod.rs b/crates/ctap2-proto/src/attestation/mod.rs deleted file mode 100644 index acccfe7..0000000 --- a/crates/ctap2-proto/src/attestation/mod.rs +++ /dev/null @@ -1,38 +0,0 @@ -pub mod enterprise { - #[repr(usize)] - #[derive(Clone, Copy)] - pub enum Kind { - /// > In this case, an enterprise attestation capable authenticator, on - /// > which enterprise attestation is enabled, upon receiving the - /// > enterpriseAttestation parameter with a value of 1 (or 2, see Note - /// > below) on a authenticatorMakeCredential command, will provide - /// > enterprise attestation to a non-updateable pre-configured RP ID - /// > list, as identified by the enterprise and provided to the - /// > authenticator vendor, which is "burned into" the authenticator by - /// > the vendor. - /// > If enterprise attestation is requested for any RP ID other than - /// > the pre-configured RP ID(s), the attestation returned along with - /// > the new credential is a regular privacy-preserving attestation, - /// > i.e., NOT an enterprise attestation. - VendorFacilitated = 1, - /// > In this case, an enterprise attestation capable authenticator on - /// > which enterprise attestation is enabled, upon receiving the - /// > enterpriseAttestation parameter with a value of 2 on a - /// > authenticatorMakeCredential command, will return an enterprise - /// > attestation. The platform is enterprise-managed and has already - /// > performed the necessary vetting of the RP ID. - PlatformManaged = 2, - } -} - -/// > Attested credential data is a variable-length byte array added to the -/// > authenticator data when generating an attestation object for a given -/// > credential. -pub struct CredentialData { - /// > The AAGUID of the authenticator. - pub aaguid: [u8; 16], - /// The ID of the credential. - pub id: Vec, - /// The public key of the credential. - pub public_key: coset::CoseKey, -} diff --git a/crates/ctap2-proto/src/authenticator/assertion/get.rs b/crates/ctap2-proto/src/authenticator/assertion/get.rs index f6e9b5f..c25ddd9 100644 --- a/crates/ctap2-proto/src/authenticator/assertion/get.rs +++ b/crates/ctap2-proto/src/authenticator/assertion/get.rs @@ -1,7 +1,8 @@ -use crate::authenticator::{client_pin::AuthProtocolVersion, Sha256Hash}; +use crate::{authenticator::client_pin::AuthProtocolVersion, extensions}; +use crate::Sha256Hash; use bounded_vec::BoundedVec; use fido_common::credential::public_key; -use std::{collections::{BTreeMap}, usize}; +use std::{collections::BTreeMap, usize}; pub enum Error { OperationDenied, @@ -44,7 +45,7 @@ pub struct Request<'a> { pub allow_list: Option<&'a BoundedVec<&'a public_key::Descriptor, 1, { usize::MAX }>>, /// > Parameters to influence authenticator operation. These parameters /// > might be authenticator specific. - pub extensions: Option<&'a BTreeMap>, + pub extensions: Option<&'a BTreeMap>, /// > Parameters to influence authenticator operation. pub options: Option<&'a BTreeMap>, pub pin_uv_auth_param: Option<&'a [u8]>, diff --git a/crates/ctap2-proto/src/authenticator/client_pin/mod.rs b/crates/ctap2-proto/src/authenticator/client_pin/mod.rs index a661e1a..a674826 100644 --- a/crates/ctap2-proto/src/authenticator/client_pin/mod.rs +++ b/crates/ctap2-proto/src/authenticator/client_pin/mod.rs @@ -1,4 +1,4 @@ -use std::collections::{BTreeSet}; +use std::collections::BTreeSet; use bounded_integer::BoundedUsize; @@ -26,7 +26,7 @@ pub enum Request<'a> { version: AuthProtocolVersion, }, SetPin { - key_agreement: &'a KeyAgreement, + key_agreement: &'a coset::CoseKey, new_pin_encrypted: &'a [u8], pin_uv_auth_param: &'a [u8], }, @@ -38,38 +38,25 @@ pub enum Request<'a> { }, GetPinToken { version: AuthProtocolVersion, - key_agreement: &'a KeyAgreement, + key_agreement: &'a coset::CoseKey, pin_hash_encrypted: &'a [u8], }, GetPinUvAuthTokenUsingUvWithPermissions { version: AuthProtocolVersion, - key_agreement: &'a KeyAgreement, + key_agreement: &'a coset::CoseKey, permissions: &'a BTreeSet, // TODO: Enforce non-empty set? relying_party_id: Option, }, GetUvRetries, GetPinUvAuthTokenUsingPinWithPermissions { version: AuthProtocolVersion, - key_agreement: &'a KeyAgreement, + key_agreement: &'a coset::CoseKey, pin_hash_encrypted: usize, permissions: &'a BTreeSet, // TODO: Enforce non-empty set? relying_party_id: Option, }, } -/// The [`Ctap2Device::client_pin`] command enforces several restrictions on the -/// COSE key used in a request and response. The restrictions are as follows: -/// -/// > This COSE_Key-encoded public key MUST contain the optional "`alg`" -/// > parameter and MUST NOT contain any other optional parameters. The "`alg`" -/// > parameter MUST contain a `COSEAlgorithmIdentifier` value. -// This seems like it should be an enum where each `KeyType` variant has its own -// parameters? `coset` uses a CBOR map directly -pub struct KeyAgreement { - pub kty: coset::KeyType, - pub alg: Option, -} - pub enum PinUvAuthToken { Short([u8; 16]), Long([u8; 32]), @@ -81,10 +68,10 @@ pub enum Response { power_cycle_state: Option, }, GetKeyAgreement { - key_agreement: KeyAgreement, + key_agreement: coset::CoseKey, }, SetPin { - key_agreement: KeyAgreement, + key_agreement: coset::CoseKey, new_pin_encrypted: [u8; 64], pin_uv_auth_param: (), }, diff --git a/crates/ctap2-proto/src/authenticator/credential/make.rs b/crates/ctap2-proto/src/authenticator/credential/make.rs index 6330aa4..0419cc0 100644 --- a/crates/ctap2-proto/src/authenticator/credential/make.rs +++ b/crates/ctap2-proto/src/authenticator/credential/make.rs @@ -1,6 +1,9 @@ -use crate::authenticator::{self, client_pin, Sha256Hash}; -use fido_common::{credential::public_key, extension}; -use std::collections::{HashMap, BTreeMap}; +use crate::{ + authenticator::{self, client_pin}, + extensions, Sha256Hash, +}; +use fido_common::{attestation, credential::public_key}; +use std::collections::{BTreeMap, HashMap}; pub enum Error { OperationDenied, @@ -52,7 +55,7 @@ pub struct Request<'a> { /// > specified in [WebAuthn]. The array is ordered from most preferred /// > to least preferred and MUST NOT include duplicate entries. pub public_key_credential_params: &'a [public_key::Parameters], // TODO: BTreeSet? BTreeMap - // with preference as key? + // with preference as key? /// > An array of PublicKeyCredentialDescriptor structures, as specified /// > in [WebAuthn]. The authenticator returns an error if the /// > authenticator already contains one of the credentials enumerated @@ -61,7 +64,7 @@ pub struct Request<'a> { pub exclude_list: Option<&'a [&'a public_key::Descriptor]>, /// > Parameters to influence authenticator operation, as specified in /// > [WebAuthn]. These parameters might be authenticator specific. - pub extensions: Option<&'a HashMap>>, + pub extensions: Option<&'a HashMap>>, pub options: Option<&'a BTreeMap>, pub pin_uv_auth_param: &'a [u8], /// > PIN/UV protocol version selected by platform. @@ -78,7 +81,7 @@ pub struct Request<'a> { /// > attestation batching may not apply to the results of this operation /// > and the platform is requesting an enterprise attestation that includes /// > uniquely identifying information. - pub enterprise_attestation: Option, + pub enterprise_attestation: Option, } pub struct Response { @@ -94,5 +97,5 @@ pub struct Response { pub large_blob_key: Option>, /// > A map, keyed by extension identifiers, to unsigned outputs of /// > extensions, if any. - pub unsigned_extension_outputs: Option>>, + pub unsigned_extension_outputs: Option>>, } diff --git a/crates/ctap2-proto/src/authenticator/credential/management.rs b/crates/ctap2-proto/src/authenticator/credential/management.rs index bd70fc3..cfdb4f2 100644 --- a/crates/ctap2-proto/src/authenticator/credential/management.rs +++ b/crates/ctap2-proto/src/authenticator/credential/management.rs @@ -1,7 +1,4 @@ -use crate::{ - authenticator::{client_pin, Sha256Hash}, - extensions::cred_protect, -}; +use crate::{authenticator::client_pin, extensions::cred_protect, Sha256Hash}; use fido_common::credential::public_key; pub type PinUvAuthParam = [u8; 16]; @@ -93,7 +90,7 @@ pub struct Credential { /// A description of the public key associated with the credential. pub credential_id: public_key::Descriptor, /// The public key associated with the credential. - pub public_key: coset::CoseKey, // TODO: Is this the right set of parameters for cosekey? + pub public_key: Vec, // TODO: Replace arbitrary bytes with parsed key type /// Indicates the level of user verification the authenticator requires for /// this credential. pub credential_protection_policy: cred_protect::Policy, diff --git a/crates/ctap2-proto/src/authenticator/device.rs b/crates/ctap2-proto/src/authenticator/device.rs index e82244e..015fdb3 100644 --- a/crates/ctap2-proto/src/authenticator/device.rs +++ b/crates/ctap2-proto/src/authenticator/device.rs @@ -1,12 +1,12 @@ use crate::authenticator::client_pin::AuthProtocolVersion; +use crate::authenticator::Transport; +use crate::extensions; use bounded_vec::BoundedVec; use fido_common::credential::public_key; -use fido_common::{registry, Transport}; -use std::collections::{BTreeSet, BTreeMap}; +use fido_common::registry; +use std::collections::{BTreeMap, BTreeSet}; +use std::num::NonZeroUsize; use std::usize; -use std::{ - num::NonZeroUsize, -}; /// A usize with a minimum value of N #[derive(PartialEq, Eq)] @@ -15,13 +15,7 @@ pub struct UsizeN(bounded_integer::BoundedUsize data type byte string and identifying the authenticator model, i.e. /// > identical values mean that they refer to the same authenticator model and /// > different values mean they refer to different authenticator models. -pub struct Aaguid([u8; 16]); - -impl Aaguid { - pub const fn from(bytes: [u8; 16]) -> Self { - Self(bytes) - } -} +pub type Aaguid = [u8; 16]; #[derive(Debug, Hash, PartialEq, Eq, Clone, Copy, PartialOrd, Ord)] pub enum Version { @@ -192,7 +186,7 @@ pub struct Info { /// > List of supported CTAP versions. pub versions: BTreeSet, /// > List of supported extensions. - pub extensions: Option>, + pub extensions: Option>, /// > The claimed AAGUID. pub aaguid: Aaguid, /// > List of supported options. diff --git a/crates/ctap2-proto/src/authenticator/mod.rs b/crates/ctap2-proto/src/authenticator/mod.rs index aac9e32..5a1dbbc 100644 --- a/crates/ctap2-proto/src/authenticator/mod.rs +++ b/crates/ctap2-proto/src/authenticator/mod.rs @@ -1,6 +1,4 @@ -use crate::attestation; -use fido_common::extension; -use std::collections::{BTreeMap}; +pub use fido_common::authenticator::*; pub mod assertion; pub mod bio_enrollment; @@ -11,25 +9,3 @@ pub mod device; pub mod reset; pub mod selection; -/// SHA 256 hash values are 32 bytes long. -pub struct Sha256Hash(pub [u8; 32]); - -/// > The authenticator data structure encodes contextual bindings made by the -/// > authenticator. These bindings are controlled by the authenticator itself, -/// > and derive their trust from the `WebAuthn` Relying Party's assessment of -/// > the security properties of the authenticator. In one extreme case, the -/// > authenticator may be embedded in the client, and its bindings may be no -/// > more trustworthy than the client data. At the other extreme, the -/// > authenticator may be a discrete entity with high-security hardware and -/// > software, connected to the client over a secure channel. In both cases, -/// > the Relying Party receives the authenticator data in the same format, and -/// > uses its knowledge of the authenticator to make trust decisions. -pub struct Data { - /// > SHA-256 hash of the RP ID the credential is scoped to. - pub relying_party_id_hash: Sha256Hash, - pub user_is_present: bool, - pub user_is_verified: bool, - pub signature_counter: u32, - pub attested_credential_data: Option, - pub extensions: Option>>, -} diff --git a/crates/ctap2-proto/src/extensions/mod.rs b/crates/ctap2-proto/src/extensions/mod.rs index c9288d9..061bed7 100644 --- a/crates/ctap2-proto/src/extensions/mod.rs +++ b/crates/ctap2-proto/src/extensions/mod.rs @@ -1,3 +1,5 @@ +pub use fido_common::extensions::*; + pub mod cred_protect; /// The extension input parameters passed to the authenticator during a call to diff --git a/crates/ctap2-proto/src/lib.rs b/crates/ctap2-proto/src/lib.rs index d05f9ff..842d3d6 100644 --- a/crates/ctap2-proto/src/lib.rs +++ b/crates/ctap2-proto/src/lib.rs @@ -8,9 +8,9 @@ pub mod prelude { }, Ctap2_2Authenticator, }; + pub use fido_common::Sha256Hash; } -pub mod attestation; pub mod authenticator; pub mod extensions; @@ -49,26 +49,27 @@ pub trait Ctap2_2Authenticator { /// > factory default state. fn reset() -> Result<(), reset::Error>; - fn bio_enrollment( - request: bio_enrollment::Request, - ) -> Result; + // fn bio_enrollment( + // request: bio_enrollment::Request, + // ) -> Result; - #[allow(clippy::missing_errors_doc)] - /// > This command is used by the platform to manage discoverable - /// > credentials on the authenticator. - fn credential_management( - request: management::Request, - ) -> Result; + // #[allow(clippy::missing_errors_doc)] + // > This command is used by the platform to manage discoverable + // > credentials on the authenticator. + // fn credential_management( + // request: management::Request, + // ) -> Result; #[allow(clippy::missing_errors_doc)] /// > This command allows the platform to let a user select a certain /// > authenticator by asking for user presence. fn selection() -> Result<(), authenticator::selection::Error>; - fn large_blobs() -> Result<(), ()>; + // fn large_blobs() -> Result<(), ()>; - #[allow(clippy::missing_errors_doc)] - /// > This command is used to configure various authenticator features - /// > through the use of its subcommands. - fn authenticator_config(request: config::Request) -> Result<(), config::Error>; + // #[allow(clippy::missing_errors_doc)] + // > This command is used to configure various authenticator features + // > through the use of its subcommands. + // fn authenticator_config(request: config::Request) -> Result<(), + // config::Error>; } diff --git a/crates/fido-common/Cargo.toml b/crates/fido-common/Cargo.toml index 3beb7b9..27e2a1c 100644 --- a/crates/fido-common/Cargo.toml +++ b/crates/fido-common/Cargo.toml @@ -7,6 +7,7 @@ edition = "2021" [dependencies] bounded-vec = { version = "0.7.1", features = ["serde"] } +coset = { version = "0.3.4", default-features = false } serde = { version = "1", features = ["derive"], optional = true } [features] diff --git a/crates/fido-common/src/attestation.rs b/crates/fido-common/src/attestation.rs index 2b164f1..22b2d27 100644 --- a/crates/fido-common/src/attestation.rs +++ b/crates/fido-common/src/attestation.rs @@ -69,3 +69,42 @@ pub enum FormatIdentifier { #[cfg_attr(feature = "serde", serde(rename = "none"))] None, } + +pub mod enterprise { + #[repr(usize)] + #[derive(Clone, Copy)] + pub enum Kind { + /// > In this case, an enterprise attestation capable authenticator, on + /// > which enterprise attestation is enabled, upon receiving the + /// > enterpriseAttestation parameter with a value of 1 (or 2, see Note + /// > below) on a authenticatorMakeCredential command, will provide + /// > enterprise attestation to a non-updateable pre-configured RP ID + /// > list, as identified by the enterprise and provided to the + /// > authenticator vendor, which is "burned into" the authenticator by + /// > the vendor. + /// > If enterprise attestation is requested for any RP ID other than + /// > the pre-configured RP ID(s), the attestation returned along with + /// > the new credential is a regular privacy-preserving attestation, + /// > i.e., NOT an enterprise attestation. + VendorFacilitated = 1, + /// > In this case, an enterprise attestation capable authenticator on + /// > which enterprise attestation is enabled, upon receiving the + /// > enterpriseAttestation parameter with a value of 2 on a + /// > authenticatorMakeCredential command, will return an enterprise + /// > attestation. The platform is enterprise-managed and has already + /// > performed the necessary vetting of the RP ID. + PlatformManaged = 2, + } +} + +/// > Attested credential data is a variable-length byte array added to the +/// > authenticator data when generating an attestation object for a given +/// > credential. +pub struct CredentialData { + /// > The AAGUID of the authenticator. + pub aaguid: [u8; 16], + /// The ID of the credential. + pub id: Vec, + /// The public key of the credential. + pub public_key: coset::CoseKey, +} diff --git a/crates/fido-common/src/authenticator.rs b/crates/fido-common/src/authenticator.rs new file mode 100644 index 0000000..60932d2 --- /dev/null +++ b/crates/fido-common/src/authenticator.rs @@ -0,0 +1,82 @@ +use crate::{attestation, extensions, Sha256Hash}; +use std::collections::BTreeMap; + +pub enum Flags {} + +/// > The authenticator data structure encodes contextual bindings made by the +/// > authenticator. These bindings are controlled by the authenticator itself, +/// > and derive their trust from the `WebAuthn` Relying Party's assessment of +/// > the security properties of the authenticator. In one extreme case, the +/// > authenticator may be embedded in the client, and its bindings may be no +/// > more trustworthy than the client data. At the other extreme, the +/// > authenticator may be a discrete entity with high-security hardware and +/// > software, connected to the client over a secure channel. In both cases, +/// > the Relying Party receives the authenticator data in the same format, and +/// > uses its knowledge of the authenticator to make trust decisions. +pub struct Data { + /// > SHA-256 hash of the RP ID the credential is scoped to. + pub relying_party_id_hash: Sha256Hash, + pub user_is_present: bool, + pub user_is_verified: bool, + pub signature_counter: u32, + pub attested_credential_data: Option, + pub extensions: Option>>, +} + +impl Data { + fn try_from(value: &[u8]) -> Option { + // 32 bytes: RP id hash + let rp_id = value.get(0..32)?.as_ref(); + // + let flags = value.get(32)?; + + None + } +} + +impl TryFrom<&[u8]> for Data { + type Error = (); + + fn try_from(value: &[u8]) -> Result { + Self::try_from(value).ok_or(()) + } +} + +#[cfg(feature = "serde")] +use serde::{Deserialize, Serialize}; + +/// > Authenticators may implement various transports for communicating with +/// > clients. This enumeration defines hints as to how clients might +/// > communicate with a particular authenticator in order to obtain an +/// > assertion for a specific credential. Note that these hints represent the +/// > `WebAuthn` Relying Party's best belief as to how an authenticator may be +/// > reached. A Relying Party will typically learn of the supported transports +/// > for a public key credential via getTransports(). +#[derive(Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Debug)] +#[cfg_attr(feature = "serde", derive(Serialize, Deserialize), serde(untagged))] +pub enum Transport { + /// > Indicates the respective authenticator can be contacted over removable + /// > USB. + #[cfg_attr(feature = "serde", serde(rename = "usb"))] + Usb, + /// > Indicates the respective authenticator can be contacted over Near + /// > Field Communication (NFC). + #[cfg_attr(feature = "serde", serde(rename = "nfc"))] + Nfc, + /// > Indicates the respective authenticator can be contacted over Bluetooth + /// > Smart (Bluetooth Low Energy / BLE). + #[cfg_attr(feature = "serde", serde(rename = "ble"))] + Ble, + /// > Indicates the respective authenticator can be contacted using a + /// > combination of (often separate) data-transport and proximity + /// > mechanisms. This supports, for example, authentication on a desktop + /// > computer using a smartphone. + #[cfg_attr(feature = "serde", serde(rename = "hybrid"))] + Hybrid, + /// > Indicates the respective authenticator is contacted using a client + /// > device-specific transport, i.e., it is a platform authenticator. These + /// > authenticators are not removable from the client device. + #[cfg_attr(feature = "serde", serde(rename = "internal"))] + Internal, + Unknown(String), +} diff --git a/crates/fido-common/src/credential/public_key.rs b/crates/fido-common/src/credential/public_key.rs index bc2ac9c..d0aff71 100644 --- a/crates/fido-common/src/credential/public_key.rs +++ b/crates/fido-common/src/credential/public_key.rs @@ -1,7 +1,7 @@ use crate::registry::algorithms; -use crate::{credential, Transport}; +use crate::{authenticator::Transport, credential}; use bounded_vec::BoundedVec; -use std::collections::{BTreeSet}; +use std::collections::BTreeSet; #[cfg(feature = "serde")] use serde::{Deserialize, Serialize}; diff --git a/crates/fido-common/src/extension.rs b/crates/fido-common/src/extensions.rs similarity index 100% rename from crates/fido-common/src/extension.rs rename to crates/fido-common/src/extensions.rs diff --git a/crates/fido-common/src/lib.rs b/crates/fido-common/src/lib.rs index d92775d..621c756 100644 --- a/crates/fido-common/src/lib.rs +++ b/crates/fido-common/src/lib.rs @@ -1,43 +1,7 @@ +pub mod authenticator; pub mod attestation; pub mod credential; -pub mod extension; +pub mod extensions; pub mod registry; -#[cfg(feature = "serde")] -use serde::{Deserialize, Serialize}; - -/// > Authenticators may implement various transports for communicating with -/// > clients. This enumeration defines hints as to how clients might -/// > communicate with a particular authenticator in order to obtain an -/// > assertion for a specific credential. Note that these hints represent the -/// > `WebAuthn` Relying Party's best belief as to how an authenticator may be -/// > reached. A Relying Party will typically learn of the supported transports -/// > for a public key credential via getTransports(). -#[derive(Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Debug)] -#[cfg_attr(feature = "serde", derive(Serialize, Deserialize), serde(untagged))] -pub enum Transport { - /// > Indicates the respective authenticator can be contacted over removable - /// > USB. - #[cfg_attr(feature = "serde", serde(rename = "usb"))] - Usb, - /// > Indicates the respective authenticator can be contacted over Near - /// > Field Communication (NFC). - #[cfg_attr(feature = "serde", serde(rename = "nfc"))] - Nfc, - /// > Indicates the respective authenticator can be contacted over Bluetooth - /// > Smart (Bluetooth Low Energy / BLE). - #[cfg_attr(feature = "serde", serde(rename = "ble"))] - Ble, - /// > Indicates the respective authenticator can be contacted using a - /// > combination of (often separate) data-transport and proximity - /// > mechanisms. This supports, for example, authentication on a desktop - /// > computer using a smartphone. - #[cfg_attr(feature = "serde", serde(rename = "hybrid"))] - Hybrid, - /// > Indicates the respective authenticator is contacted using a client - /// > device-specific transport, i.e., it is a platform authenticator. These - /// > authenticators are not removable from the client device. - #[cfg_attr(feature = "serde", serde(rename = "internal"))] - Internal, - Unknown(String), -} +pub type Sha256Hash = [u8; 32]; diff --git a/crates/webauthn3-proto/src/public_key/request.rs b/crates/webauthn3-proto/src/public_key/request.rs index 6434fee..03a0e08 100644 --- a/crates/webauthn3-proto/src/public_key/request.rs +++ b/crates/webauthn3-proto/src/public_key/request.rs @@ -1,5 +1,4 @@ use fido_common::{attestation::FormatIdentifier, credential::public_key}; - use crate::{attestation, UserVerificationRequirement}; /// > [This struct] supplies `get()` with the data it needs to generate an