Merge branch 'develop' into ed25519

libraries/crypto/Cargo.toml

@@ -10,7 +10,6 @@ license = "Apache-2.0"
 edition = "2018"
 
 [dependencies]
-libtock_drivers = { path = "../../third_party/libtock-drivers" }
 rng256 = { path = "../rng256" }
 arrayref = "0.3.6"
 subtle = { version = "2.2.3", default-features = false, features = ["nightly"] }

src/ctap/crypto_wrapper.rs

@@ -97,7 +97,9 @@ pub fn aes256_cbc_decrypt(
 }
 
 /// An asymmetric private key that can sign messages.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug)]
+// We shouldn't compare private keys in prod without constant-time operations.
+#[cfg_attr(test, derive(PartialEq, Eq))]
 pub enum PrivateKey {
     Ecdsa(ecdsa::SecKey),
     #[cfg(feature = "ed25519")]

src/ctap/data_formats.rs

@@ -577,7 +577,8 @@ impl TryFrom<cbor::Value> for CredentialProtectionPolicy {
 //
 // Note that we only use the WebAuthn definition as an example. This data-structure is not specified
 // by FIDO. In particular we may choose how we serialize and deserialize it.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug)]
+#[cfg_attr(test, derive(PartialEq, Eq))]
 pub struct PublicKeyCredentialSource {
     pub key_type: PublicKeyCredentialType,
     pub credential_id: Vec<u8>,