Currently, we do not support any authenticator preference when choosing a cryptographic algorithm as well as a PIN protocol.
While the platform may specify its own preference, supporting the preference of the authenticator may be desirable to improve the speed (in case the authenticator has hardware support for certain algorithms for example).
Implementation Note
Currently, we use bitfields to store the support of certain algorithms. These bitfiels, however, do not provide any ranking.
As we only need the first algorithm from the authenticators list, which both parties support, a single additional field containing the preferred algorithm may be enough.
The struct is defined here and should likely be extended:
|
// See https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#authenticatorGetInfo |
|
typedef struct fido_cbor_info { |
|
fido_cbor_version_t versions; /* list of supported versions */ |
|
fido_cbor_extension_t extensions; /* list of supported extensions */ |
|
fido_cbor_transport_t transports; /* list of supported transports */ |
|
unsigned char aaguid[16]; /* aaguid */ |
|
fido_cbor_options_t options; /* list of supported options */ |
|
uint64_t maxmsgsize; /* maximum message size */ |
|
// TODO: How to support authenticator preference? |
|
fido_cbor_pin_protocol_t protocols; /* supported pin protocols */ |
|
// TODO: How to support authenticator preference? |
|
fido_cbor_algorithm_t algorithms; /* list of supported algorithms */ |
|
uint64_t maxcredcntlst; /* max credentials in list */ |
|
uint64_t maxcredidlen; /* max credential ID length */ |
|
uint64_t fwversion; /* firmware version */ |
|
uint64_t maxcredbloblen; /* max credBlob length */ |
|
uint64_t maxlargeblob; /* max largeBlob array length */ |
|
} fido_cbor_info_t; |
