* Add CBOR credential ID type
Update the format of the credential ID we generated to extend the
encrypted portion from only private_key + rp_id_hash to a flexible CBOR
map. This way we can persist more data into the key handle in the future
without need of a new version.
We add credProtectPolicy to the persisted data in this commit too, so we
can correctly check the credProtectPolicy for non-discoverable
credentials in follow-up commits.
* Fixed some style problems.
* Fix cargo clippy warning
* Check credProtectPolicy for non-discoverable credentials.
* Remove support of old v1, v2 key handles
- And changed some style problems
* Style changes
* Add missing `alloc` use
We shouldn't compare private keys in prod for side-channel resilience. Ideally
we shouldn't clone too. We currently do for storage. Fixing this would probably
require to serialize the private key in the credential struct.
ed25519-dalek does not implement Clone and Eq for secret keys, and
relevant PR in its repository wait for merge from long time ago, leading
to potential problems with maintainability
* adds PrivateKey to handle different algorithms
* fixes input check problem of decrypt_credential_source
* addresses comments
* version number not encrypted
* version number test
* adds a credential size test
* removes the algorithm from credential encoding
They assume blocks are encrypted/decrypted one at a time. To avoid one syscall
per block, it is preferable to encrypt/decrypt the data at once.
Change-Id: I795c8f5b7901a1b55fa3b06fa45fe57ab19d06ea
