2021-02-19 00:17:40 +01:00
|
|
|
# Copyright (C) 2021 Freie Universität Berlin
|
|
|
|
#
|
|
|
|
# This file is subject to the terms and conditions of the GNU Lesser
|
|
|
|
# General Public License v2.1. See the file LICENSE in the top level
|
|
|
|
# directory for more details.
|
|
|
|
|
2021-12-22 11:33:10 +01:00
|
|
|
menuconfig MODULE_FIDO2_CTAP
|
2021-02-19 00:17:40 +01:00
|
|
|
bool "FIDO2 CTAP"
|
2021-12-22 11:33:10 +01:00
|
|
|
depends on HAS_PERIPH_FLASHPAGE
|
2022-04-11 13:03:41 +02:00
|
|
|
depends on HAS_PERIPH_FLASHPAGE_IN_ADDRESS_SPACE
|
2021-12-22 11:33:10 +01:00
|
|
|
depends on HAS_PERIPH_GPIO
|
|
|
|
depends on HAS_PERIPH_GPIO_IRQ
|
|
|
|
depends on MODULE_FIDO2
|
|
|
|
depends on TEST_KCONFIG
|
|
|
|
select PACKAGE_TINYCBOR
|
|
|
|
select PACKAGE_MICRO-ECC
|
|
|
|
select PACKAGE_TINY-ASN1
|
|
|
|
select MODULE_PERIPH_GPIO
|
|
|
|
select MODULE_PERIPH_GPIO_IRQ
|
|
|
|
select MODULE_EVENT
|
2022-03-04 16:57:20 +01:00
|
|
|
select MODULE_EVENT_TIMEOUT_ZTIMER
|
2021-12-22 11:33:10 +01:00
|
|
|
select MODULE_ZTIMER
|
|
|
|
select MODULE_ZTIMER_MSEC
|
|
|
|
select MODULE_MTD
|
|
|
|
select MODULE_MTD_FLASHPAGE
|
|
|
|
select MODULE_MTD_WRITE_PAGE
|
|
|
|
select MODULE_RANDOM
|
|
|
|
select MODULE_CRYPTO_AES_256
|
|
|
|
select MODULE_CIPHER_MODES
|
|
|
|
select MODULE_HASHES
|
2022-04-11 13:03:41 +02:00
|
|
|
select MODULE_PERIPH_FLASHPAGE_IN_ADDRESS_SPACE
|
2021-02-19 00:17:40 +01:00
|
|
|
help
|
2021-12-22 11:33:10 +01:00
|
|
|
Y to enable CTAP protocol support. The Client-to-Authenticator
|
|
|
|
Protocol (CTAP) is an application layer protocol for the communication
|
|
|
|
between an authenticator and a host. CTAP is part of the FIDO2 Project.
|
|
|
|
For more information visit https://fidoalliance.org/fido2.
|
2021-02-19 00:17:40 +01:00
|
|
|
|
2021-12-22 11:33:10 +01:00
|
|
|
|
|
|
|
if MODULE_FIDO2_CTAP
|
2021-02-19 00:17:40 +01:00
|
|
|
|
|
|
|
config FIDO2_CTAP_STACK_SIZE
|
|
|
|
int "CTAP thread stack size"
|
|
|
|
default 15000
|
|
|
|
|
|
|
|
config FIDO2_CTAP_DEVICE_AAGUID
|
|
|
|
string "AAGUID of the CTAP authenticator"
|
|
|
|
default "9c295865fa2c36b705a42320af9c8f16"
|
|
|
|
help
|
|
|
|
The AAGUID is identifying the type of the authenticator (e.g manufacturer
|
|
|
|
and model). The AAGUID needs to be 128 bits long. The default value here
|
|
|
|
is a fallback value that was randomly generated.
|
|
|
|
|
|
|
|
config FIDO2_CTAP_DISABLE_UP
|
|
|
|
bool "Disable user presence tests"
|
|
|
|
help
|
|
|
|
When set, the authenticator will not ask for permission before creating
|
|
|
|
a new credential pair or authenticating.
|
|
|
|
|
|
|
|
config FIDO2_CTAP_DISABLE_LED
|
|
|
|
bool "Disable LED animations"
|
|
|
|
help
|
|
|
|
When set, the authenticator will not use LED's.
|
|
|
|
|
|
|
|
config FIDO2_CTAP_UP_TIMEOUT
|
|
|
|
int "Seconds until user presence test times out"
|
|
|
|
default 15
|
|
|
|
|
|
|
|
config FIDO2_CTAP_UP_BUTTON_PORT
|
|
|
|
int "Port of user presence button"
|
|
|
|
depends on !FIDO2_CTAP_DISABLE_UP
|
|
|
|
default -1
|
|
|
|
|
|
|
|
config FIDO2_CTAP_UP_BUTTON_PIN
|
|
|
|
int "Pin of user presence button"
|
|
|
|
depends on !FIDO2_CTAP_DISABLE_UP
|
|
|
|
default -1
|
|
|
|
|
|
|
|
choice
|
|
|
|
bool "User presence button mode"
|
|
|
|
depends on !FIDO2_CTAP_DISABLE_UP
|
|
|
|
default FIDO2_CTAP_UP_BUTTON_MODE_IN_PU
|
|
|
|
|
|
|
|
config FIDO2_CTAP_UP_BUTTON_MODE_IN_PU
|
|
|
|
bool "GPIO_IN_PU"
|
|
|
|
help
|
|
|
|
Configure as input with pull-up resistor
|
|
|
|
|
|
|
|
config FIDO2_CTAP_UP_BUTTON_MODE_IN_PD
|
|
|
|
bool "GPIO_IN_PD"
|
|
|
|
help
|
|
|
|
Configure as input with pull-down resistor
|
|
|
|
|
|
|
|
config FIDO2_CTAP_UP_BUTTON_MODE_IN
|
|
|
|
bool "GPIO_IN"
|
|
|
|
help
|
|
|
|
Configure as input without pull resistor
|
|
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
|
|
choice
|
|
|
|
bool "User presence button pin flank"
|
|
|
|
depends on !FIDO2_CTAP_DISABLE_UP
|
|
|
|
default FIDO2_CTAP_UP_BUTTON_FLANK_FALLING
|
|
|
|
|
|
|
|
config FIDO2_CTAP_UP_BUTTON_FLANK_FALLING
|
|
|
|
bool "GPIO_FALLING"
|
|
|
|
|
|
|
|
config FIDO2_CTAP_UP_BUTTON_FLANK_RISING
|
|
|
|
bool "GPIO_RISING"
|
|
|
|
|
|
|
|
endchoice
|
|
|
|
|
2022-04-11 13:03:41 +02:00
|
|
|
config FIDO2_CTAP_NUM_FLASHPAGES
|
|
|
|
int "Amount of flashpages to use"
|
|
|
|
range 2 256
|
|
|
|
default 4
|
2021-02-19 00:17:40 +01:00
|
|
|
help
|
2022-04-11 13:03:41 +02:00
|
|
|
Configure how many flashpages are used to store FIDO2 CTAP data.
|
|
|
|
|
|
|
|
To save a credential (rk) in flash memory, roughly 156 bytes are needed. This
|
|
|
|
number might change slightly depending on the flash block size.
|
|
|
|
Therefore, if one wants to e.g. save 40 credentials and the flashpage
|
|
|
|
size is 4096 bytes roughly 156 * 40 / 4096 (2) flashpages are needed.
|
|
|
|
To save authenticator state data one additional flashpage is needed.
|
|
|
|
So in total one has to configure 3 to save 40 credentials.
|
2021-02-19 00:17:40 +01:00
|
|
|
|
|
|
|
rsource "transport/Kconfig"
|
|
|
|
|
2021-12-22 11:33:10 +01:00
|
|
|
endif # MODULE_FIDO2_CTAP
|