mozilla/authenticator-rs

Audit for use of CTAP2 canonical CBOR encoding

jschanck opened this issue · 0 comments

We need to review our serialization routines to ensure that we use CTAP2 canonical CBOR encoding form. Martin Kreichgauer noticed that the keys in our AttestationObjects maps are in the order (authData, fmt, attStmt) instead of the correct (fmt, attStmt, authData). I'll fix that issue, but we should do an audit and add tests as well.