John Schanck
John Schanck
Our constant time test raises three issues with the "clean" implementation of the HQC code. I've reviewed these and I am of the opinion that they are true instances of...
One of the CI runs for #418 observed address sanitizer errors for SPHINCS+ on emulated armhf. Relevant part of the [log](https://github.com/PQClean/PQClean/pull/418/checks?check_run_id=3577019882): ``` mkdir -p /home/runner/work/PQClean/PQClean/testcases/test_functest_sanitizers__3QjBI6sH/bin ccache gcc -O3 -Wall -Wextra...
As discussed on our call, I'm going to script the inclusion of the Classic McEliece code. A few questions: * The latest code package for NIST is more recent and...
Firefox relies on `StatusUpdate`s to determine the UI that should be shown for a transaction. We send `PresenceRequired` if one device is connected, and we sends `SelectDeviceNotice` if multiple devices...
An `AuthenticatorData::to_writer` function would let us avoid some copies from `Vec` to `ThinVec` in Firefox.
If a user has multiple connected tokens, we should only blink the ones that are "useful" for the request. For instance, if the request requires user verification, we should only...
The mock device tests (e.g. [test_get_assertion_ctap2_pre_flight](https://github.com/mozilla/authenticator-rs/blob/7da65ec24558a595098f6971df98f0153590c32c/src/ctap2/commands/get_assertion.rs#L1046)) are hard to maintain because they simultaneously test high-level protocol behavior and low-level serialization details. We should have separate tests for protocol behavior and...
We need to review our serialization routines to ensure that we use [CTAP2 canonical CBOR encoding form](https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#ctap2-canonical-cbor-encoding-form). Martin Kreichgauer noticed that the keys in our `AttestationObjects` maps are in the...
Section 5.1.9 on the `parseCreationOptionsFromJSON` method states that > any [DOMString](https://webidl.spec.whatwg.org/#idl-DOMString) attributes in [PublicKeyCredentialCreationOptionsJSON](https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptionsjson) that correspond to [buffer source type](https://webidl.spec.whatwg.org/#dfn-buffer-source-type) attributes in [PublicKeyCredentialCreationOptions](https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptions). This conversion MUST also apply to any...
https://groups.google.com/a/ccadb.org/g/public/c/3FMFP0huxno/m/HMWF6NITBAAJ?pli=1