Audit for use of CTAP2 canonical CBOR encoding
jschanck opened this issue · 0 comments
jschanck commented
We need to review our serialization routines to ensure that we use CTAP2 canonical CBOR encoding form. Martin Kreichgauer noticed that the keys in our AttestationObjects
maps are in the order (authData, fmt, attStmt)
instead of the correct (fmt, attStmt, authData)
. I'll fix that issue, but we should do an audit and add tests as well.