use uuid as id for credentials

r4gus · Jul 22, 2024 · 55a224b · 55a224b
1 parent a554d40
commit 55a224b
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 12 deletions.
diff --git a/build.zig b/build.zig
@@ -19,6 +19,12 @@ pub fn build(b: *std.Build) !void {
         .optimize = optimize,
     });
 
+    const uuid_dep = b.dependency("uuid", .{
+        .target = target,
+        .optimize = optimize,
+    });
+    const uuid_module = uuid_dep.module("uuid");
+
     // ++++++++++++++++++++++++++++++++++++++++++++
     // Module
     // ++++++++++++++++++++++++++++++++++++++++++++
@@ -30,6 +36,7 @@ pub fn build(b: *std.Build) !void {
         .root_source_file = b.path("lib/main.zig"),
         .imports = &.{
             .{ .name = "zbor", .module = zbor_module },
+            .{ .name = "uuid", .module = uuid_module },
         },
     });
     try b.modules.put(b.dupe("keylib"), keylib_module);

diff --git a/build.zig.zon b/build.zig.zon
@@ -11,6 +11,10 @@
             .url = "https://github.com/r4gus/hidapi/archive/master.tar.gz",
             .hash = "1220e65a0ac25c2f68a5024986bd73a2be7ea269c9ea83d5e624df74683194a38a35",
         },
+        .uuid = .{
+            .url = "https://github.com/r4gus/uuid-zig/archive/refs/tags/0.2.1.tar.gz",
+            .hash = "1220b4deeb4ec1ec3493ea934905356384561b725dba69d1fbf6a25cb398716dd05b",
+        },
     },
     .paths = .{
         "bindings",

diff --git a/lib/ctap/commands/authenticator/authenticatorMakeCredential.zig b/lib/ctap/commands/authenticator/authenticatorMakeCredential.zig
@@ -354,17 +354,19 @@ pub fn authenticatorMakeCredential(
     // ++++++++++++++++++++++++++++++++++++++++++++++++
     // 16. Create a new credential
     // ++++++++++++++++++++++++++++++++++++++++++++++++
-    var id: [32]u8 = undefined;
-    auth.random.bytes(&id);
-    for (&id) |*b| {
-        // disallow 0 bytes
-        // -> The callbacks work with C strings and we don't pass a length, i.e.
-        //    0 terminates a string. If we would allow 0 bytes then the id would
-        //    get cut off.
-        while (b.* == 0) {
-            b.* = auth.random.int(u8);
-        }
-    }
+    //var id: [32]u8 = undefined;
+    //auth.random.bytes(&id);
+    //for (&id) |*b| {
+    //    // disallow 0 bytes
+    //    // -> The callbacks work with C strings and we don't pass a length, i.e.
+    //    //    0 terminates a string. If we would allow 0 bytes then the id would
+    //    //    get cut off.
+    //    while (b.* == 0) {
+    //        b.* = auth.random.int(u8);
+    //    }
+    //}
+    const id = uuid.v7.new2(auth.random, auth.milliTimestamp);
+    const urn = uuid.urn.serialize(id);
 
     const key_pair = if (alg.create(
         auth.random,
@@ -374,7 +376,7 @@ pub fn authenticatorMakeCredential(
     };
 
     var entry = fido.ctap.authenticator.Credential{
-        .id = (dt.ABS64B.fromSlice(&id) catch unreachable).?,
+        .id = (dt.ABS64B.fromSlice(&urn) catch unreachable).?,
         .user = mcp.user,
         .rp = mcp.rp,
         .sign_count = 0, // the first signature will be included in the response