I'm interested in developing an alternative authentication method for authorizing an agent with Spire, one that involves authenticating the device based on a specific pattern(like the time it takes to type the password or something like that).
I've experimented with the NodeAuthenticator in the Spire-server configuration, but I believe I might be making changes to the wrong component (specifically, I made an edit to the generateKey method). I'm curious if I'm heading in the right direction and whether the file I'm currently editing is the appropriate one for this task.
I believe you are heading in the wrong direction, and your example just happens to be a poor example.
SPIRE provides identities for workloads (basically a service or set of services). As a result, delays in typing passwords wouldn't be possible, as SPIRE doesn't provide user identities (items that identify users). Workloads don't "type in passwords" so they can't have delays in typing them.
Also, SPIRE doesn't use passwords. Authentication, in this case, is more about proving one has a private key. The "client side" sends a small generated document to the "other side" which encrypts the document with the private key. The encrypted response is then sent back to the client. The client decrypts the document with a public key matching the private key, and if the documents match, then one can know (by the virtue of cryptographic verification) that they are talking to the correct service, the one identified by the public certificate containing the key used to decrypt the message. In mTLS, both sides act as clients validating the other side's private keys (each different) against the other side's public certificates (again different, but matching the private keys)
Now to handle your question about NodeAttestor, that's not part of the above authentication process. The NodeAttestor is part of the rotating certificate delivery infrastructure. Basically a "node" or "agent" is located on the machine where certificates are distributed to the local processes. The NodeAttestor is the way the node can prove / attest it should be part of the SPIRE server's installation. This is a little like the workload attestation (proving a process should get a SVID, a private key / certificate bundle), but is scoped only for SPIRE maintaining its own deployment.
If you want to change how a process would prove itself to the system (maybe add a special field), look into the workload attestor plugins.