authenticator-rs icon indicating copy to clipboard operation
authenticator-rs copied to clipboard
verified publisher icon mozilla

RegisterResult::CTAP2 needs to return serialised json blob

Open Firstyear opened this issue 3 years ago • 1 comments

RegisterResult::CTAP2 currently has the signature CTAP2(AttestationObject, CollectedClientData). However, AttestationObject contains a hash of the serialised bytes of CollectedClientData. By returning it in a struct form, the caller needs to re-serialise CollectedClientData identically as performed in the signature, which may open up instability or unreliability. Instead, RegisterResult::CTAP2 should return CTAP2(AttestationObject, Vec<u8>) where vec is the serialised CollectedClientData in byte form, which was used in the signature process of the attestation object.

Firstyear avatar Jul 19 '22 00:07 Firstyear

@msirringhaus I can't assign the CTAP2 label to this issue, so I'll need you to do this :)

Firstyear avatar Jul 19 '22 00:07 Firstyear

Closing this, since we don't return CollectedClientData anymore. It's now expected that the user serializes and hashes the client data prior to calling register or sign.

jschanck avatar Aug 23 '23 16:08 jschanck