From 07424c31237b348a08db074a8345ca42b2b1852f Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Tue, 17 May 2022 22:55:51 +0200
Subject: [PATCH 1/2] Only derive PartialEq and Eq for PrivateKey for tests

We shouldn't compare private keys in prod for side-channel resilience. Ideally
we shouldn't clone too. We currently do for storage. Fixing this would probably
require to serialize the private key in the credential struct.
---
 src/ctap/crypto_wrapper.rs | 4 +++-
 src/ctap/data_formats.rs   | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/ctap/crypto_wrapper.rs b/src/ctap/crypto_wrapper.rs
index 3420081..cd59d65 100644
--- a/src/ctap/crypto_wrapper.rs
+++ b/src/ctap/crypto_wrapper.rs
@@ -89,7 +89,9 @@ pub fn aes256_cbc_decrypt(
 }
 
 /// An asymmetric private key that can sign messages.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug)]
+// We shouldn't compare private keys in prod without constant-time operations.
+#[cfg_attr(test, derive(PartialEq, Eq))]
 pub enum PrivateKey {
     Ecdsa(ecdsa::SecKey),
 }
diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index b5866de..658ba58 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -571,7 +571,8 @@ impl TryFrom<cbor::Value> for CredentialProtectionPolicy {
 //
 // Note that we only use the WebAuthn definition as an example. This data-structure is not specified
 // by FIDO. In particular we may choose how we serialize and deserialize it.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug)]
+#[cfg_attr(test, derive(PartialEq, Eq))]
 pub struct PublicKeyCredentialSource {
     pub key_type: PublicKeyCredentialType,
     pub credential_id: Vec<u8>,

From 5685e95b7999b79bd34dca2f5941ae863e5ae107 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 19 May 2022 15:20:39 +0200
Subject: [PATCH 2/2] Remove useless dependency after rng256 was split out

---
 libraries/crypto/Cargo.toml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libraries/crypto/Cargo.toml b/libraries/crypto/Cargo.toml
index 4bb5d45..12944d0 100644
--- a/libraries/crypto/Cargo.toml
+++ b/libraries/crypto/Cargo.toml
@@ -10,7 +10,6 @@ license = "Apache-2.0"
 edition = "2018"
 
 [dependencies]
-libtock_drivers = { path = "../../third_party/libtock-drivers" }
 rng256 = { path = "../rng256" }
 arrayref = "0.3.6"
 subtle = { version = "2.2.3", default-features = false, features = ["nightly"] }