mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2024-12-29 04:50:03 +01:00
fido2/ctap: add test for ctap without transport layer
This commit is contained in:
parent
eddb00ae42
commit
7e0a86ba32
@ -30,6 +30,7 @@
|
|||||||
|
|
||||||
#ifdef BOARD_NATIVE
|
#ifdef BOARD_NATIVE
|
||||||
#include "mtd_default.h"
|
#include "mtd_default.h"
|
||||||
|
// native mtd is file backed => Start address of flash is 0.
|
||||||
char *_backing_memory = NULL;
|
char *_backing_memory = NULL;
|
||||||
static mtd_dev_t *_mtd_dev = NULL;
|
static mtd_dev_t *_mtd_dev = NULL;
|
||||||
#else
|
#else
|
||||||
|
@ -1,39 +1,17 @@
|
|||||||
BOARD ?= nrf52840dk
|
include ../Makefile.tests_common
|
||||||
#BOARD ?= nrf52840dongle
|
|
||||||
|
|
||||||
include ../Makefile.sys_common
|
# same as CTAP_STACKSIZE
|
||||||
|
CFLAGS += -DTHREAD_STACKSIZE_MAIN=15000
|
||||||
|
|
||||||
USEMODULE += fido2_ctap_transport_hid
|
# Add unittest framework
|
||||||
USEMODULE += usbus
|
USEMODULE += embunit
|
||||||
USEMODULE += ztimer_sec
|
|
||||||
USEPKG += fido2_tests
|
|
||||||
|
|
||||||
USB_VID ?= $(USB_VID_TESTING)
|
USEMODULE += fido2_ctap
|
||||||
USB_PID ?= $(USB_PID_TESTING)
|
|
||||||
|
|
||||||
# Disable user presence tests
|
# Disable user presence tests
|
||||||
# Should be used when running fido2-test to make them run quicker
|
CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_UP=1
|
||||||
#CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_UP=1
|
|
||||||
|
|
||||||
# Disable user LED animation
|
# Disable user LED animation
|
||||||
#CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_LED=1
|
CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_LED=1
|
||||||
|
|
||||||
# FIDO2 tests except for the ones requiring user presence
|
|
||||||
#
|
|
||||||
# Use env -i because fido2-test has a depedency (pyscard) that needs to be
|
|
||||||
# compiled natively (x86-64). Therefore we need to clear the flags set by e.g.
|
|
||||||
# BOARD = nrf52840dk
|
|
||||||
fido2-test:
|
|
||||||
env -i PATH=$(PATH) $(MAKE) -C $(PKGDIRBASE)/fido2_tests
|
|
||||||
|
|
||||||
# FIDO2 user presence tests.
|
|
||||||
#
|
|
||||||
# Make sure to enable user presence tests by uncommenting CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_UP=1
|
|
||||||
#
|
|
||||||
# Use env -i because fido2-test has a depedency (pyscard) that needs to be
|
|
||||||
# compiled natively (x86-64). Therefore we need to clear the flags set by e.g.
|
|
||||||
# BOARD = nrf52840dk
|
|
||||||
fido2-test-up:
|
|
||||||
env -i PATH=$(PATH) $(MAKE) -C $(PKGDIRBASE)/fido2_tests up-tests
|
|
||||||
|
|
||||||
include $(RIOTBASE)/Makefile.include
|
include $(RIOTBASE)/Makefile.include
|
||||||
|
@ -1,59 +1,16 @@
|
|||||||
# Test Application for FIDO2 CTAP
|
# Overview
|
||||||
|
|
||||||
This test aims to test the FIDO2 CTAP implementation by creating a FIDO2
|
This test application tests FIDO2 CTAP2 functionality without a transport layer being used.
|
||||||
authenticator which uses CTAPHID as communication protocol.
|
|
||||||
|
|
||||||
Note:
|
To execute the test run e.g.
|
||||||
* This test application has only been tested on an nrf52840 DK.
|
|
||||||
|
|
||||||
The test application requires at least 16536 bytes of stack memory which are
|
```
|
||||||
divided as follows:
|
BOARD = nrf52840dk make flash test
|
||||||
* 512 bytes isr_stack
|
```
|
||||||
* 1024 usbus
|
|
||||||
* 15000 bytes FIDO2 CTAP
|
|
||||||
|
|
||||||
## Usage
|
To generate a new test case array run:
|
||||||
The FIDO2 authenticator can be tested in two ways:
|
* Note: This requires the [python-fido lib](https://github.com/Yubico/python-fido2)
|
||||||
|
|
||||||
### Functional testing
|
```
|
||||||
1. Flash the device with `make flash`.
|
python3 gen_test_case.py
|
||||||
2. Test the authenticator on a website like [Webauthn.io](https://webauthn.io/).
|
```
|
||||||
|
|
||||||
Note:
|
|
||||||
* Due to limited support of FIDO2 CTAP in browsers as of now, make sure to use the
|
|
||||||
Chromium or Google Chrome browser when testing on [Webauthn.io](https://webauthn.io/).
|
|
||||||
* When registering and authenticating on [Webauthn.io](https://webauthn.io/) you
|
|
||||||
will need to push button 1 on your device in order to show user presence.
|
|
||||||
|
|
||||||
**Resetting the authenticator**
|
|
||||||
* To reset the authenticator, meaning that all credentials and state information
|
|
||||||
will be deleted, execute the `reset.py` file located in this directory.
|
|
||||||
* This requires you to install the python fido2 package. To install run:
|
|
||||||
`pip install fido2==0.8.1`.
|
|
||||||
|
|
||||||
### Unit testing
|
|
||||||
Unit testing is based on the `fido2_tests` package.
|
|
||||||
|
|
||||||
There are two test targets (fido2-test, fido2-test-up). The former requires no user
|
|
||||||
interaction the latter does.
|
|
||||||
|
|
||||||
Note:
|
|
||||||
* The tests require python 3.6+.
|
|
||||||
* The tests require [swig](http://www.swig.org/) to be installed on your host computer.
|
|
||||||
* Running the tests for the first time will setup a virtual python environment (venv) and install python dependencies of the tests. To check the dependencies please refer to the `requirements.txt` of the [fido2-tests repository](https://github.com/solokeys/fido2-tests).
|
|
||||||
* The unit tests will require you to reboot the authenticator multiple times. Be patient before continuing as it takes a few seconds for the connection between OS and authenticator to be re-established.
|
|
||||||
* If you keep getting errors while trying to run the tests try changing to another git branch and back e.g. `git checkout branch1 && git checkout -` in order to remove build artifacts. Then re-flash the device with `make flash term` and try to run the tests again with `make fido2-test` or `make fido2-test-up`.
|
|
||||||
|
|
||||||
fido2-test
|
|
||||||
|
|
||||||
1. To make benchmarking faster disable user presence tests by enabling the CFLAG
|
|
||||||
`CONFIG_FIDO2_CTAP_DISABLE_UP` in the Makefile or through KConfig.
|
|
||||||
2. Flash the device with `make flash`.
|
|
||||||
3. Run the unit tests by running `make fido2-test`.
|
|
||||||
|
|
||||||
fido2-test-up
|
|
||||||
|
|
||||||
1. Make sure that the CFLAG `CONFIG_FIDO2_CTAP_DISABLE_UP` is disabled as this test target
|
|
||||||
requires user interaction.
|
|
||||||
2. Flash the device with `make flash`.
|
|
||||||
3. Run the unit tests by running `make fido2-test-up` and follow the instructions. E.g. when `.ACTIVATE UP ONCE` is displayed, press the configured UP button (default button 1) once.
|
|
92
tests/sys/fido2_ctap/gen_test_case.py
Normal file
92
tests/sys/fido2_ctap/gen_test_case.py
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
from fido2.ctap2 import CTAP2
|
||||||
|
from fido2 import cbor
|
||||||
|
from fido2.client import Fido2Client
|
||||||
|
from fido2.server import Fido2Server
|
||||||
|
from unittest import mock
|
||||||
|
|
||||||
|
|
||||||
|
def mock_device():
|
||||||
|
device = mock.MagicMock()
|
||||||
|
return CTAP2(device)
|
||||||
|
|
||||||
|
|
||||||
|
def get_cbor(data):
|
||||||
|
request = b""
|
||||||
|
if data is not None:
|
||||||
|
request += cbor.encode(data)
|
||||||
|
|
||||||
|
return request
|
||||||
|
|
||||||
|
|
||||||
|
def args(*params):
|
||||||
|
"""Constructs a dict from a list of arguments for sending a CBOR command.
|
||||||
|
None elements will be omitted.
|
||||||
|
"""
|
||||||
|
return dict((i, v) for i, v in enumerate(params, 1) if v is not None)
|
||||||
|
|
||||||
|
|
||||||
|
def print_req(req, prefix):
|
||||||
|
print(f"static uint8_t {prefix}_data[] = {{", end='')
|
||||||
|
print("".join(f"{hex(x)}, " for x in req), end='')
|
||||||
|
print("};")
|
||||||
|
|
||||||
|
|
||||||
|
def gen_mc_req():
|
||||||
|
dev = mock_device()
|
||||||
|
dev.capabilities = 0
|
||||||
|
user = {"id": b"user_id", "name": "A. User"}
|
||||||
|
client = Fido2Client(dev, "https://example.com")
|
||||||
|
server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
|
||||||
|
|
||||||
|
create_options, _ = server.register_begin(user)
|
||||||
|
create_options = create_options['publicKey']
|
||||||
|
client_data = client._build_client_data("webauthn.create", create_options['challenge'])
|
||||||
|
|
||||||
|
options = {}
|
||||||
|
options["rk"] = True
|
||||||
|
|
||||||
|
return get_cbor(
|
||||||
|
args(
|
||||||
|
client_data.hash,
|
||||||
|
create_options["rp"],
|
||||||
|
create_options["user"],
|
||||||
|
create_options["pubKeyCredParams"],
|
||||||
|
None, # exclude list
|
||||||
|
None, # extensions
|
||||||
|
options,
|
||||||
|
None, # pin_auth
|
||||||
|
None, # pin protocol version
|
||||||
|
))
|
||||||
|
|
||||||
|
|
||||||
|
def gen_ga_req():
|
||||||
|
dev = mock_device()
|
||||||
|
dev.capabilities = 0
|
||||||
|
# user = {"id": b"user_id", "name": "A. User"}
|
||||||
|
client = Fido2Client(dev, "https://example.com")
|
||||||
|
server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
|
||||||
|
|
||||||
|
request_options, _ = server.authenticate_begin()
|
||||||
|
request_options = request_options['publicKey']
|
||||||
|
client_data = client._build_client_data("webauthn.get", request_options['challenge'])
|
||||||
|
|
||||||
|
return get_cbor(
|
||||||
|
args(
|
||||||
|
request_options["rpId"],
|
||||||
|
client_data.hash,
|
||||||
|
None, # allow list
|
||||||
|
None, # extensions
|
||||||
|
None, # options
|
||||||
|
None, # pin_uv_param
|
||||||
|
None # pin_uv_protocol
|
||||||
|
))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
req = gen_mc_req()
|
||||||
|
print_req(req, "mc")
|
||||||
|
|
||||||
|
print("")
|
||||||
|
|
||||||
|
req = gen_ga_req()
|
||||||
|
print_req(req, "ga")
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (C) 2021 Freie Universität Berlin
|
* Copyright (C) 2022 Freie Universität Berlin
|
||||||
*
|
*
|
||||||
* This file is subject to the terms and conditions of the GNU Lesser
|
* This file is subject to the terms and conditions of the GNU Lesser
|
||||||
* General Public License v2.1. See the file LICENSE in the top level
|
* General Public License v2.1. See the file LICENSE in the top level
|
||||||
@ -10,27 +10,91 @@
|
|||||||
* @ingroup tests
|
* @ingroup tests
|
||||||
* @{
|
* @{
|
||||||
* @file
|
* @file
|
||||||
* @brief FIDO2 CTAP test application that creates an authenticator
|
* @brief FIDO2 CTAP test application that tests CTAP functionality
|
||||||
* which uses CTAPHID as underlying communication protocol
|
* without transport layer.
|
||||||
*
|
*
|
||||||
* @author Nils Ollrogge <nils-ollrogge@outlook.de>
|
* @author Nils Ollrogge <nils.ollrogge@mailbox.tu-dresden.de>
|
||||||
* @}
|
* @}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
#define ENABLE_DEBUG 0
|
#include "embUnit.h"
|
||||||
#include "debug.h"
|
|
||||||
|
|
||||||
#include "ztimer.h"
|
|
||||||
|
|
||||||
#include "fido2/ctap.h"
|
#include "fido2/ctap.h"
|
||||||
#include "fido2/ctap/transport/ctap_transport.h"
|
|
||||||
|
/**
|
||||||
|
* To generate a new arrays simply run the gen_test_case.py script
|
||||||
|
*/
|
||||||
|
static uint8_t mc_data[] =
|
||||||
|
{ 0xa5, 0x1, 0x58, 0x20, 0xe0, 0xa1, 0xec, 0x5a, 0xa, 0x12, 0xa1, 0x4, 0xc8, 0xcb, 0x93, 0x54, 0x31,
|
||||||
|
0xbf, 0x5c, 0x39, 0x7a, 0xee, 0x1b, 0x9f, 0xd0, 0x97, 0x97, 0x7d, 0x7b, 0xfb, 0x1, 0xa1, 0x20,
|
||||||
|
0x2a, 0xad, 0x5c, 0x2, 0xa2, 0x62, 0x69, 0x64, 0x6b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
|
||||||
|
0x2e, 0x63, 0x6f, 0x6d, 0x64, 0x6e, 0x61, 0x6d, 0x65, 0x6a, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c,
|
||||||
|
0x65, 0x20, 0x52, 0x50, 0x3, 0xa2, 0x62, 0x69, 0x64, 0x47, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69,
|
||||||
|
0x64, 0x64, 0x6e, 0x61, 0x6d, 0x65, 0x67, 0x41, 0x2e, 0x20, 0x55, 0x73, 0x65, 0x72, 0x4, 0x84,
|
||||||
|
0xa2, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c,
|
||||||
|
0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c, 0x67, 0x27, 0x64, 0x74, 0x79, 0x70,
|
||||||
|
0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c,
|
||||||
|
0x67, 0x38, 0x24, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d,
|
||||||
|
0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c, 0x67, 0x39, 0x1, 0x0, 0x64, 0x74, 0x79, 0x70, 0x65,
|
||||||
|
0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x7, 0xa1, 0x62, 0x72, 0x6b,
|
||||||
|
0xf5, };
|
||||||
|
|
||||||
|
static uint8_t ga_data[] =
|
||||||
|
{ 0xa2, 0x1, 0x6b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2, 0x58,
|
||||||
|
0x20, 0x7d, 0xf3, 0x9a, 0x49, 0xa9, 0x8c, 0xa2, 0xd8, 0x3e, 0x50, 0x36, 0x42, 0xd9, 0xc6, 0xfa,
|
||||||
|
0x39, 0xf5, 0xa7, 0xe9, 0x35, 0x41, 0xb0, 0x1c, 0x59, 0xfa, 0xc2, 0x35, 0x3a, 0xb0, 0xbc, 0xcc,
|
||||||
|
0x70, };
|
||||||
|
|
||||||
|
static void test_ctap(void)
|
||||||
|
{
|
||||||
|
fido2_ctap_init();
|
||||||
|
ctap_req_t req = { 0 };
|
||||||
|
ctap_resp_t resp = { 0 };
|
||||||
|
|
||||||
|
/* reset authenticator */
|
||||||
|
req.method = CTAP_RESET;
|
||||||
|
req.buf = NULL;
|
||||||
|
req.len = 0x0;
|
||||||
|
fido2_ctap_handle_request(&req, &resp);
|
||||||
|
|
||||||
|
TEST_ASSERT(resp.status == CTAP2_OK);
|
||||||
|
|
||||||
|
/* create new credential */
|
||||||
|
req.method = CTAP_MAKE_CREDENTIAL;
|
||||||
|
req.buf = mc_data;
|
||||||
|
req.len = sizeof(mc_data);
|
||||||
|
fido2_ctap_handle_request(&req, &resp);
|
||||||
|
|
||||||
|
TEST_ASSERT(resp.status == CTAP2_OK);
|
||||||
|
|
||||||
|
/* create assertion using credential */
|
||||||
|
req.method = CTAP_GET_ASSERTION;
|
||||||
|
req.buf = ga_data;
|
||||||
|
req.len = sizeof(ga_data);
|
||||||
|
fido2_ctap_handle_request(&req, &resp);
|
||||||
|
|
||||||
|
TEST_ASSERT(resp.status == CTAP2_OK);
|
||||||
|
}
|
||||||
|
|
||||||
|
Test *ctap_tests(void)
|
||||||
|
{
|
||||||
|
EMB_UNIT_TESTFIXTURES(fixtures) {
|
||||||
|
new_TestFixture(test_ctap),
|
||||||
|
};
|
||||||
|
|
||||||
|
EMB_UNIT_TESTCALLER(ctap_tests, NULL, NULL, fixtures);
|
||||||
|
|
||||||
|
return (Test *)&ctap_tests;
|
||||||
|
}
|
||||||
|
|
||||||
int main(void)
|
int main(void)
|
||||||
{
|
{
|
||||||
/* sleep in order to see early DEBUG outputs */
|
TESTS_START();
|
||||||
ztimer_sleep(ZTIMER_SEC, 3);
|
TESTS_RUN(ctap_tests());
|
||||||
fido2_ctap_transport_init();
|
TESTS_END();
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
/** @} */
|
||||||
|
14
tests/sys/fido2_ctap/tests/01-run.py
Executable file
14
tests/sys/fido2_ctap/tests/01-run.py
Executable file
@ -0,0 +1,14 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
# Copyright (C) 2022 Freie Universität Berlin
|
||||||
|
#
|
||||||
|
# This file is subject to the terms and conditions of the GNU Lesser
|
||||||
|
# General Public License v2.1. See the file LICENSE in the top level
|
||||||
|
# directory for more details.
|
||||||
|
|
||||||
|
import sys
|
||||||
|
from testrunner import run_check_unittests
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
sys.exit(run_check_unittests())
|
37
tests/sys/fido2_ctap_hid/Makefile
Normal file
37
tests/sys/fido2_ctap_hid/Makefile
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
BOARD ?= nrf52840dk
|
||||||
|
#BOARD ?= nrf52840dongle
|
||||||
|
|
||||||
|
include ../Makefile.tests_common
|
||||||
|
|
||||||
|
USEMODULE += fido2_ctap_transport_hid
|
||||||
|
USEPKG += fido2_tests
|
||||||
|
|
||||||
|
USB_VID ?= $(USB_VID_TESTING)
|
||||||
|
USB_PID ?= $(USB_PID_TESTING)
|
||||||
|
|
||||||
|
# Disable user presence tests
|
||||||
|
# Should be used when running fido2-test to make them run quicker
|
||||||
|
CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_UP=1
|
||||||
|
|
||||||
|
# Disable user LED animation
|
||||||
|
CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_LED=1
|
||||||
|
|
||||||
|
# FIDO2 tests except for the ones requiring user presence
|
||||||
|
#
|
||||||
|
# Use env -i because fido2-test has a depedency (pyscard) that needs to be
|
||||||
|
# compiled natively (x86-64). Therefore we need to clear the flags set by e.g.
|
||||||
|
# BOARD = nrf52840dk
|
||||||
|
fido2-test:
|
||||||
|
env -i PATH=$(PATH) $(MAKE) -C $(RIOTBASE)/build/pkg/fido2_tests
|
||||||
|
|
||||||
|
# FIDO2 user presence tests.
|
||||||
|
#
|
||||||
|
# Make sure to enable user presence tests by uncommenting CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_UP=1
|
||||||
|
#
|
||||||
|
# Use env -i because fido2-test has a depedency (pyscard) that needs to be
|
||||||
|
# compiled natively (x86-64). Therefore we need to clear the flags set by e.g.
|
||||||
|
# BOARD = nrf52840dk
|
||||||
|
fido2-test-up:
|
||||||
|
env -i PATH=$(PATH) $(MAKE) -C $(RIOTBASE)/build/pkg/fido2_tests up-tests
|
||||||
|
|
||||||
|
include $(RIOTBASE)/Makefile.include
|
59
tests/sys/fido2_ctap_hid/README.md
Normal file
59
tests/sys/fido2_ctap_hid/README.md
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
# Test Application for FIDO2 CTAP using USB HID transport binding
|
||||||
|
|
||||||
|
This test aims to test the FIDO2 CTAP implementation by creating a FIDO2
|
||||||
|
authenticator which uses CTAPHID as communication protocol.
|
||||||
|
|
||||||
|
Note:
|
||||||
|
* This test application has only been tested on an nrf52840 DK.
|
||||||
|
|
||||||
|
The test application requires at least 16536 bytes of stack memory which are
|
||||||
|
divided as follows:
|
||||||
|
* 512 bytes isr_stack
|
||||||
|
* 1024 usbus
|
||||||
|
* 15000 bytes FIDO2 CTAP
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
The FIDO2 authenticator can be tested in two ways:
|
||||||
|
|
||||||
|
### Functional testing
|
||||||
|
1. Flash the device with `make flash`.
|
||||||
|
2. Test the authenticator on a website like [Webauthn.io](https://webauthn.io/).
|
||||||
|
|
||||||
|
Note:
|
||||||
|
* Due to limited support of FIDO2 CTAP in browsers as of now, make sure to use the
|
||||||
|
Chromium or Google Chrome browser when testing on [Webauthn.io](https://webauthn.io/).
|
||||||
|
* When registering and authenticating on [Webauthn.io](https://webauthn.io/) you
|
||||||
|
will need to push button 1 on your device in order to show user presence.
|
||||||
|
|
||||||
|
**Resetting the authenticator**
|
||||||
|
* To reset the authenticator, meaning that all credentials and state information
|
||||||
|
will be deleted, execute the `reset.py` file located in this directory.
|
||||||
|
* This requires you to install the python fido2 package. To install run:
|
||||||
|
`pip install fido2==0.8.1`.
|
||||||
|
|
||||||
|
### Unit testing
|
||||||
|
Unit testing is based on the `fido2_tests` package.
|
||||||
|
|
||||||
|
There are two test targets (fido2-test, fido2-test-up). The former requires no user
|
||||||
|
interaction the latter does.
|
||||||
|
|
||||||
|
Note:
|
||||||
|
* The tests require python 3.6+.
|
||||||
|
* The tests require [swig](http://www.swig.org/) to be installed on your host computer.
|
||||||
|
* Running the tests for the first time will setup a virtual python environment (venv) and install python dependencies of the tests. To check the dependencies please refer to the `requirements.txt` of the [fido2-tests repository](https://github.com/solokeys/fido2-tests).
|
||||||
|
* The unit tests will require you to reboot the authenticator multiple times. Be patient before continuing as it takes a few seconds for the connection between OS and authenticator to be re-established.
|
||||||
|
* If you keep getting errors while trying to run the tests try changing to another git branch and back e.g. `git checkout branch1 && git checkout -` in order to remove build artifacts. Then re-flash the device with `make flash term` and try to run the tests again with `make fido2-test` or `make fido2-test-up`.
|
||||||
|
|
||||||
|
fido2-test
|
||||||
|
|
||||||
|
1. To make benchmarking faster disable user presence tests by enabling the CFLAG
|
||||||
|
`CONFIG_FIDO2_CTAP_DISABLE_UP` in the Makefile or through KConfig.
|
||||||
|
2. Flash the device with `make flash`.
|
||||||
|
3. Run the unit tests by running `make fido2-test`.
|
||||||
|
|
||||||
|
fido2-test-up
|
||||||
|
|
||||||
|
1. Make sure that the CFLAG `CONFIG_FIDO2_CTAP_DISABLE_UP` is disabled as this test target
|
||||||
|
requires user interaction.
|
||||||
|
2. Flash the device with `make flash`.
|
||||||
|
3. Run the unit tests by running `make fido2-test-up` and follow the instructions. E.g. when `.ACTIVATE UP ONCE` is displayed, press the configured UP button (default button 1) once.
|
8
tests/sys/fido2_ctap_hid/app.config.test
Normal file
8
tests/sys/fido2_ctap_hid/app.config.test
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
CONFIG_MODULE_AUTO_INIT_USBUS=n
|
||||||
|
CONFIG_MODULE_USBUS=y
|
||||||
|
CONFIG_MODULE_FIDO2=y
|
||||||
|
CONFIG_MODULE_FIDO2_CTAP=y
|
||||||
|
CONFIG_MODULE_FIDO2_CTAP_TRANSPORT=y
|
||||||
|
CONFIG_MODULE_FIDO2_CTAP_TRANSPORT_HID=y
|
||||||
|
|
||||||
|
CONFIG_PACKAGE_FIDO2_TESTS=y
|
31
tests/sys/fido2_ctap_hid/main.c
Normal file
31
tests/sys/fido2_ctap_hid/main.c
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C) 2022 Freie Universität Berlin
|
||||||
|
*
|
||||||
|
* This file is subject to the terms and conditions of the GNU Lesser
|
||||||
|
* General Public License v2.1. See the file LICENSE in the top level
|
||||||
|
* directory for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @ingroup tests
|
||||||
|
* @{
|
||||||
|
* @file
|
||||||
|
* @brief FIDO2 CTAP test application that creates an authenticator
|
||||||
|
* which uses CTAPHID as underlying communication protocol
|
||||||
|
*
|
||||||
|
* @author Nils Ollrogge <nils.ollrogge@mailbox.tu-dresden.de>
|
||||||
|
* @}
|
||||||
|
*/
|
||||||
|
#define ENABLE_DEBUG (0)
|
||||||
|
#include "debug.h"
|
||||||
|
|
||||||
|
#include "xtimer.h"
|
||||||
|
|
||||||
|
#include "fido2/ctap/transport/ctap_transport.h"
|
||||||
|
|
||||||
|
int main(void)
|
||||||
|
{
|
||||||
|
/* sleep in order to see early DEBUG outputs */
|
||||||
|
xtimer_sleep(3);
|
||||||
|
fido2_ctap_transport_init();
|
||||||
|
}
|
23
tests/sys/fido2_ctap_hid/reset.py
Normal file
23
tests/sys/fido2_ctap_hid/reset.py
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
from fido2.hid import CtapHidDevice
|
||||||
|
from fido2.ctap2 import CTAP2
|
||||||
|
|
||||||
|
|
||||||
|
def get_device():
|
||||||
|
devs = list(CtapHidDevice.list_devices())
|
||||||
|
assert len(devs) == 1
|
||||||
|
return devs[0]
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
try:
|
||||||
|
dev = get_device()
|
||||||
|
except Exception:
|
||||||
|
print("Unable to find authenticator")
|
||||||
|
exit(-1)
|
||||||
|
|
||||||
|
ctap = CTAP2(dev)
|
||||||
|
try:
|
||||||
|
ctap.reset()
|
||||||
|
print("Device successfully reset")
|
||||||
|
except Exception as e:
|
||||||
|
print(e)
|
Loading…
Reference in New Issue
Block a user