added new param to read_first callback. This allows to pass a hash instead of a rpId.

Author: r4gus

example/authenticator.zig

@@ -223,7 +223,12 @@ pub fn my_up(
 pub fn my_read_first(
     id: ?dt.ABS64B,
     rp: ?dt.ABS128T,
+    hash: ?[32]u8,
 ) CallbackError!Credential {
+    // The hash is mostly relevant for credential management
+    // because the client will only send a SHA256(rpId).
+    _ = hash;
+
     std.log.info("my_first_read: {s}, {s}", .{
         if (id) |uid| uid.get() else "n.a.",
         if (rp) |rpid| rpid.get() else "n.a.",

lib/ctap/auth/Callbacks.zig

@@ -128,6 +128,7 @@ pub const UvCallback = ?*const fn (
 pub const ReadFirstCallback = *const fn (
     id: ?dt.ABS64B,
     rp: ?dt.ABS128T,
+    hash: ?[32]u8,
 ) CallbackError!fido.ctap.authenticator.Credential;
 
 /// This function can be called multiple times after calling the ReadFirstCallback to obtain the remaining credentials.

lib/ctap/commands/authenticator/authenticatorGetAssertion.zig

@@ -174,7 +174,7 @@ pub fn authenticatorGetAssertion(
     // ++++++++++++++++++++++++++++++++++++++++++++++++
     var selected_credential: ?fido.ctap.authenticator.Credential = null;
     var total_credentials: usize = 0;
-    var credential = auth.callbacks.read_first(null, gap.rpId) catch {
+    var credential = auth.callbacks.read_first(null, gap.rpId, null) catch {
         return fido.ctap.StatusCodes.ctap2_err_no_credentials;
     };
 
@@ -215,7 +215,7 @@ pub fn authenticatorGetAssertion(
 
     // We previously iterated over all credentials, now we have to get back to the
     // first one, so we can iterate over the remaining ones using getNextAssertion.
-    credential = auth.callbacks.read_first(null, gap.rpId) catch {
+    credential = auth.callbacks.read_first(null, gap.rpId, null) catch {
         return fido.ctap.StatusCodes.ctap2_err_no_credentials;
     };
 

lib/ctap/commands/authenticator/authenticatorMakeCredential.zig

@@ -244,7 +244,7 @@ pub fn authenticatorMakeCredential(
 
     if (mcp.excludeList) |ecllist| {
         for (ecllist.get()) |item| {
-            const cred = auth.callbacks.read_first(item.id, null) catch {
+            const cred = auth.callbacks.read_first(item.id, null, null) catch {
                 continue;
             };
             // If the credential was created by this authenticator: Return.
@@ -392,7 +392,7 @@ pub fn authenticatorMakeCredential(
         std.log.info("MakeCredential: creating resident key", .{});
         entry.discoverable = true;
 
-        var credential = auth.callbacks.read_first(null, mcp.rp.id) catch {
+        var credential = auth.callbacks.read_first(null, mcp.rp.id, null) catch {
             break :outer;
         };