Added AttestationRegistrationRequest to assist with registration attestations

Author: dimitribouniol

Sources/WebAuthn/Authenticators/Protocol/AttestationRegistrationRequest.swift

@@ -0,0 +1,59 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the WebAuthn Swift open source project
+//
+// Copyright (c) 2024 the WebAuthn Swift project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of WebAuthn Swift project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+@preconcurrency import Crypto
+import SwiftCBOR
+
+public struct AttestationRegistrationRequest: Sendable {
+    var options: PublicKeyCredentialCreationOptions
+    var publicKeyCredentialParameters: [PublicKeyCredentialParameters]
+    var clientDataHash: SHA256Digest
+    var attemptRegistration: Callback
+    
+    init(
+        options: PublicKeyCredentialCreationOptions,
+        publicKeyCredentialParameters: [PublicKeyCredentialParameters],
+        clientDataHash: SHA256Digest,
+        attemptRegistration: @Sendable @escaping (_ attestationObject: AttestationObject) async throws -> ()
+    ) {
+        self.options = options
+        self.publicKeyCredentialParameters = publicKeyCredentialParameters
+        self.clientDataHash = clientDataHash
+        self.attemptRegistration = Callback(callback: attemptRegistration)
+    }
+}
+
+extension AttestationRegistrationRequest {
+    public struct Callback: Sendable {
+        /// The internal callback the attestation should call.
+        var callback: @Sendable (_ attestationObject: AttestationObject) async throws -> ()
+        
+        /// Generate an attestation object for registration and submit it.
+        ///
+        /// Authenticators should call this to submit a successful registration and cancel any other pending authenticators.
+        ///
+        /// - SeeAlso: https://w3c.github.io/webauthn/#sctn-generating-an-attestation-object
+        public func submitAttestationObject(
+            attestationFormat: AttestationFormat,
+            authenticatorData: AuthenticatorData,
+            attestationStatement: CBOR
+        ) async throws {
+            try await callback(AttestationObject(
+                authenticatorData: authenticatorData,
+                format: attestationFormat,
+                attestationStatement: attestationStatement
+            ))
+        }
+    }
+}

Sources/WebAuthn/Authenticators/Protocol/AuthenticatorProtocol.swift

@@ -58,6 +58,11 @@ public protocol AuthenticatorProtocol<CredentialSource> {
         clientDataHash: SHA256.Digest
     ) async throws -> CBOR
 
+    /// Make credentials for the specified registration request, returning the credential source that the caller should store for subsequent authentication.
+    ///
+    /// - Important: Depending on the authenticator being used, the credential source may contain private keys, and must be stored sequirely, such as in the user's Keychain, or in a Hardware Security Module appropriate with the level of security you wish to secure your user's account with.
+    func makeCredentials(with registration: AttestationRegistrationRequest) async throws -> CredentialSource
+    
     /// Filter the provided credential descriptors to determine which, if any, should be handled by this authenticator.
     /// 
     /// This method should execute a client platform-specific procedure to determine which, if any, public key credentials described by `pkOptions.allowCredentials` are bound to this authenticator, by matching with `rpId`, `pkOptions.allowCredentials.id`, and `pkOptions.allowCredentials.type`
@@ -112,3 +117,13 @@ extension AuthenticatorProtocol {
         return credentialDescriptors
     }
 }
+
+// MARK: Registration
+
+extension AuthenticatorProtocol {
+    public func makeCredentials(
+        with registration: AttestationRegistrationRequest
+    ) async throws -> CredentialSource {
+        throw WebAuthnError.unsupported
+    }
+}

Sources/WebAuthn/Ceremonies/Registration/AttestedCredentialData.swift

@@ -13,7 +13,7 @@
 //===----------------------------------------------------------------------===//
 
 // Contains the new public key created by the authenticator.
-struct AttestedCredentialData: Equatable {
+public struct AttestedCredentialData: Equatable, Sendable {
     let authenticatorAttestationGUID: AAGUID
     let credentialID: [UInt8]
     let publicKey: [UInt8]

Sources/WebAuthn/Ceremonies/Shared/AuthenticatorData.swift

@@ -18,7 +18,7 @@ import SwiftCBOR
 
 /// Data created and/ or used by the authenticator during authentication/ registration.
 /// The data contains, for example, whether a user was present or verified.
-struct AuthenticatorData: Equatable, Sendable {
+public struct AuthenticatorData: Equatable, Sendable {
     let relyingPartyIDHash: [UInt8]
     let flags: AuthenticatorFlags
     let counter: UInt32