Rename discoverable_credential back to resident_key

Author: msirringhaus

libwebauthn/examples/webauthn_cable.rs

@@ -18,8 +18,7 @@ use tokio::time::sleep;
 use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
-    DiscoverableCredentialRequirement, GetAssertionRequest, MakeCredentialRequest,
-    UserVerificationRequirement,
+    GetAssertionRequest, MakeCredentialRequest, ResidentKeyRequirement, UserVerificationRequirement,
 };
 use libwebauthn::proto::ctap2::{
     Ctap2CredentialType, Ctap2PublicKeyCredentialDescriptor, Ctap2PublicKeyCredentialRpEntity,
@@ -113,7 +112,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
             hash: Vec::from(challenge),
             relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
             user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
-            discoverable_credential: Some(DiscoverableCredentialRequirement::Discouraged),
+            resident_key: Some(ResidentKeyRequirement::Discouraged),
             user_verification: UserVerificationRequirement::Preferred,
             algorithms: vec![Ctap2CredentialType::default()],
             exclude: None,

libwebauthn/examples/webauthn_extensions_hid.rs

@@ -10,10 +10,10 @@ use tokio::sync::mpsc::Receiver;
 use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
-    CredentialProtectionExtension, CredentialProtectionPolicy, DiscoverableCredentialRequirement,
-    GetAssertionHmacOrPrfInput, GetAssertionRequest, GetAssertionRequestExtensions,
-    HMACGetSecretInput, MakeCredentialHmacOrPrfInput, MakeCredentialLargeBlobExtension,
-    MakeCredentialRequest, MakeCredentialsRequestExtensions, UserVerificationRequirement,
+    CredentialProtectionExtension, CredentialProtectionPolicy, GetAssertionHmacOrPrfInput,
+    GetAssertionRequest, GetAssertionRequestExtensions, HMACGetSecretInput,
+    MakeCredentialHmacOrPrfInput, MakeCredentialLargeBlobExtension, MakeCredentialRequest,
+    MakeCredentialsRequestExtensions, ResidentKeyRequirement, UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::proto::ctap2::{
@@ -108,7 +108,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
             hash: Vec::from(challenge),
             relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
             user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
-            discoverable_credential: Some(DiscoverableCredentialRequirement::Required),
+            resident_key: Some(ResidentKeyRequirement::Required),
             user_verification: UserVerificationRequirement::Preferred,
             algorithms: vec![Ctap2CredentialType::default()],
             exclude: None,

libwebauthn/examples/webauthn_hid.rs

@@ -10,8 +10,7 @@ use tokio::sync::mpsc::Receiver;
 use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
-    DiscoverableCredentialRequirement, GetAssertionRequest, MakeCredentialRequest,
-    UserVerificationRequirement,
+    GetAssertionRequest, MakeCredentialRequest, ResidentKeyRequirement, UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::proto::ctap2::{
@@ -92,7 +91,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
             hash: Vec::from(challenge),
             relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
             user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
-            discoverable_credential: Some(DiscoverableCredentialRequirement::Discouraged),
+            resident_key: Some(ResidentKeyRequirement::Discouraged),
             user_verification: UserVerificationRequirement::Preferred,
             algorithms: vec![Ctap2CredentialType::default()],
             exclude: None,

libwebauthn/examples/webauthn_preflight_hid.rs

@@ -12,8 +12,8 @@ use tokio::sync::mpsc::Receiver;
 use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
-    DiscoverableCredentialRequirement, GetAssertionRequest, GetAssertionResponse,
-    MakeCredentialRequest, UserVerificationRequirement,
+    GetAssertionRequest, GetAssertionResponse, MakeCredentialRequest, ResidentKeyRequirement,
+    UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::proto::ctap2::{
@@ -165,7 +165,7 @@ async fn make_credential_call(
         hash: Vec::from(challenge),
         relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
         user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
-        discoverable_credential: Some(DiscoverableCredentialRequirement::Discouraged),
+        resident_key: Some(ResidentKeyRequirement::Discouraged),
         user_verification: UserVerificationRequirement::Preferred,
         algorithms: vec![Ctap2CredentialType::default()],
         exclude: exclude_list,

libwebauthn/examples/webauthn_prf_hid.rs

@@ -12,9 +12,9 @@ use tokio::sync::mpsc::Receiver;
 use tracing_subscriber::{self, EnvFilter};
 
 use libwebauthn::ops::webauthn::{
-    DiscoverableCredentialRequirement, GetAssertionHmacOrPrfInput, GetAssertionRequest,
-    GetAssertionRequestExtensions, MakeCredentialHmacOrPrfInput, MakeCredentialRequest,
-    MakeCredentialsRequestExtensions, PRFValue, UserVerificationRequirement,
+    GetAssertionHmacOrPrfInput, GetAssertionRequest, GetAssertionRequestExtensions,
+    MakeCredentialHmacOrPrfInput, MakeCredentialRequest, MakeCredentialsRequestExtensions,
+    PRFValue, ResidentKeyRequirement, UserVerificationRequirement,
 };
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::proto::ctap2::{
@@ -102,7 +102,7 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
             hash: Vec::from(challenge),
             relying_party: Ctap2PublicKeyCredentialRpEntity::new("example.org", "example.org"),
             user: Ctap2PublicKeyCredentialUserEntity::new(&user_id, "mario.rossi", "Mario Rossi"),
-            discoverable_credential: Some(DiscoverableCredentialRequirement::Required),
+            resident_key: Some(ResidentKeyRequirement::Required),
             user_verification: UserVerificationRequirement::Preferred,
             algorithms: vec![Ctap2CredentialType::default()],
             exclude: None,

libwebauthn/src/ops/webauthn.rs

@@ -12,11 +12,10 @@ pub use get_assertion::{
 };
 pub use make_credential::{
     CredentialPropsExtension, CredentialProtectionExtension, CredentialProtectionPolicy,
-    DiscoverableCredentialRequirement, MakeCredentialHmacOrPrfInput,
-    MakeCredentialLargeBlobExtension, MakeCredentialLargeBlobExtensionOutput,
-    MakeCredentialPrfOutput, MakeCredentialRequest, MakeCredentialResponse,
-    MakeCredentialsRequestExtensions, MakeCredentialsResponseExtensions,
-    MakeCredentialsResponseUnsignedExtensions,
+    MakeCredentialHmacOrPrfInput, MakeCredentialLargeBlobExtension,
+    MakeCredentialLargeBlobExtensionOutput, MakeCredentialPrfOutput, MakeCredentialRequest,
+    MakeCredentialResponse, MakeCredentialsRequestExtensions, MakeCredentialsResponseExtensions,
+    MakeCredentialsResponseUnsignedExtensions, ResidentKeyRequirement,
 };
 
 #[derive(Debug, Clone, Copy)]
@@ -51,9 +50,9 @@ pub trait DowngradableRequest<T> {
 
 #[cfg(test)]
 mod tests {
+    use crate::ops::webauthn::make_credential::ResidentKeyRequirement;
     use crate::ops::webauthn::{
-        DiscoverableCredentialRequirement, DowngradableRequest, MakeCredentialRequest,
-        UserVerificationRequirement,
+        DowngradableRequest, MakeCredentialRequest, UserVerificationRequirement,
     };
     use crate::proto::ctap2::{
         Ctap2COSEAlgorithmIdentifier, Ctap2CredentialType, Ctap2PublicKeyCredentialType,
@@ -63,15 +62,15 @@ mod tests {
     fn ctap2_make_credential_downgradable() {
         let mut request = MakeCredentialRequest::dummy();
         request.algorithms = vec![Ctap2CredentialType::default()];
-        request.discoverable_credential = Some(DiscoverableCredentialRequirement::Discouraged);
+        request.resident_key = Some(ResidentKeyRequirement::Discouraged);
         assert!(request.is_downgradable());
     }
 
     #[test]
     fn ctap2_make_credential_downgradable_unsupported_rk() {
         let mut request = MakeCredentialRequest::dummy();
         request.algorithms = vec![Ctap2CredentialType::default()];
-        request.discoverable_credential = Some(DiscoverableCredentialRequirement::Required);
+        request.resident_key = Some(ResidentKeyRequirement::Required);
         assert!(!request.is_downgradable());
     }
 

libwebauthn/src/ops/webauthn/make_credential.rs

@@ -98,11 +98,11 @@ impl MakeCredentialsResponseUnsignedExtensions {
                     // https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#op-makecred-step-rk
                     // if the "rk" option is false: the authenticator MUST create a non-discoverable credential.
                     // Note: This step is a change from CTAP2.0 where if the "rk" option is false the authenticator could optionally create a discoverable credential.
-                    match request.discoverable_credential {
-                        Some(DiscoverableCredentialRequirement::Discouraged) | None => {
+                    match request.resident_key {
+                        Some(ResidentKeyRequirement::Discouraged) | None => {
                             Some(CredentialPropsExtension { rk: Some(false) })
                         }
-                        Some(DiscoverableCredentialRequirement::Preferred) => {
+                        Some(ResidentKeyRequirement::Preferred) => {
                             if info.map(|i| i.option_enabled("rk")).unwrap_or_default() {
                                 Some(CredentialPropsExtension { rk: Some(true) })
                             } else {
@@ -111,7 +111,7 @@ impl MakeCredentialsResponseUnsignedExtensions {
                                 Some(CredentialPropsExtension { rk: Some(false) })
                             }
                         }
-                        Some(DiscoverableCredentialRequirement::Required) => {
+                        Some(ResidentKeyRequirement::Required) => {
                             Some(CredentialPropsExtension { rk: Some(true) })
                         }
                     }
@@ -150,7 +150,7 @@ impl MakeCredentialsResponseUnsignedExtensions {
 }
 
 #[derive(Debug, Clone, Copy)]
-pub enum DiscoverableCredentialRequirement {
+pub enum ResidentKeyRequirement {
     Required,
     Preferred,
     Discouraged,
@@ -164,7 +164,7 @@ pub struct MakeCredentialRequest {
     pub relying_party: Ctap2PublicKeyCredentialRpEntity,
     /// userEntity
     pub user: Ctap2PublicKeyCredentialUserEntity,
-    pub discoverable_credential: Option<DiscoverableCredentialRequirement>,
+    pub resident_key: Option<ResidentKeyRequirement>,
     pub user_verification: UserVerificationRequirement,
     /// credTypesAndPubKeyAlgs
     pub algorithms: Vec<Ctap2CredentialType>,
@@ -291,7 +291,7 @@ impl MakeCredentialRequest {
             exclude: None,
             extensions: None,
             origin: "example.org".to_owned(),
-            discoverable_credential: None,
+            resident_key: None,
             user_verification: UserVerificationRequirement::Discouraged,
             timeout: Duration::from_secs(10),
         }
@@ -316,8 +316,8 @@ impl DowngradableRequest<RegisterRequest> for MakeCredentialRequest {
 
         // Options must not include "rk" set to true.
         if matches!(
-            self.discoverable_credential,
-            Some(DiscoverableCredentialRequirement::Required)
+            self.resident_key,
+            Some(ResidentKeyRequirement::Required)
         ) {
             debug!("Not downgradable: request requires resident key");
             return false;

libwebauthn/src/proto/ctap2/model/make_credential.rs

@@ -7,7 +7,7 @@ use super::{
 use crate::{
     fido::AuthenticatorData,
     ops::webauthn::{
-        CredentialProtectionPolicy, DiscoverableCredentialRequirement,
+        CredentialProtectionPolicy, ResidentKeyRequirement,
         MakeCredentialHmacOrPrfInput, MakeCredentialLargeBlobExtension, MakeCredentialRequest,
         MakeCredentialResponse, MakeCredentialsRequestExtensions,
         MakeCredentialsResponseUnsignedExtensions,
@@ -134,9 +134,9 @@ impl Ctap2MakeCredentialRequest {
         };
 
         // Discoverable credential / resident key requirements
-        let require_resident_key = match req.discoverable_credential {
-            Some(DiscoverableCredentialRequirement::Discouraged) => Some(false),
-            Some(DiscoverableCredentialRequirement::Preferred) => {
+        let require_resident_key = match req.resident_key {
+            Some(ResidentKeyRequirement::Discouraged) => Some(false),
+            Some(ResidentKeyRequirement::Preferred) => {
                 if info.option_enabled("rk") {
                     Some(true)
                 } else {
@@ -147,7 +147,7 @@ impl Ctap2MakeCredentialRequest {
                     None
                 }
             }
-            Some(DiscoverableCredentialRequirement::Required) => {
+            Some(ResidentKeyRequirement::Required) => {
                 if !info.option_enabled("rk") {
                     warn!("This request will potentially fail. Discoverable credential required, but device does not support it.");
                 }