# Copyright (C) 2021 Freie Universität Berlin
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.

menuconfig MODULE_FIDO2_CTAP
    bool "FIDO2 CTAP"
    depends on HAS_PERIPH_FLASHPAGE
    depends on HAS_PERIPH_FLASHPAGE_IN_ADDRESS_SPACE
    depends on HAS_PERIPH_GPIO
    depends on HAS_PERIPH_GPIO_IRQ
    depends on MODULE_FIDO2
    depends on TEST_KCONFIG
    select PACKAGE_TINYCBOR
    select PACKAGE_MICRO-ECC
    select PACKAGE_TINY-ASN1
    select MODULE_PERIPH_GPIO
    select MODULE_PERIPH_GPIO_IRQ
    select MODULE_EVENT
    select MODULE_EVENT_TIMEOUT_ZTIMER
    select MODULE_ZTIMER
    select MODULE_ZTIMER_MSEC
    select MODULE_MTD
    select MODULE_MTD_FLASHPAGE
    select MODULE_MTD_WRITE_PAGE
    select MODULE_RANDOM
    select MODULE_CRYPTO_AES_256
    select MODULE_CIPHER_MODES
    select MODULE_HASHES
    select MODULE_PERIPH_FLASHPAGE_IN_ADDRESS_SPACE
    help
        Y to enable CTAP protocol support. The Client-to-Authenticator
        Protocol (CTAP) is an application layer protocol for the communication
        between an authenticator and a host. CTAP is part of the FIDO2 Project.
        For more information visit https://fidoalliance.org/fido2.


if MODULE_FIDO2_CTAP

config FIDO2_CTAP_STACK_SIZE
    int "CTAP thread stack size"
    default 15000

config FIDO2_CTAP_DEVICE_AAGUID
    string "AAGUID of the CTAP authenticator"
    default "9c295865fa2c36b705a42320af9c8f16"
    help
        The AAGUID is identifying the type of the authenticator (e.g manufacturer
        and model). The AAGUID needs to be 128 bits long. The default value here
        is a fallback value that was randomly generated.

config FIDO2_CTAP_DISABLE_UP
    bool "Disable user presence tests"
    help
        When set, the authenticator will not ask for permission before creating
        a new credential pair or authenticating.

config FIDO2_CTAP_DISABLE_LED
    bool "Disable LED animations"
    help
        When set, the authenticator will not use LED's.

config FIDO2_CTAP_UP_TIMEOUT
    int "Seconds until user presence test times out"
    default 15

config FIDO2_CTAP_UP_BUTTON_PORT
    int "Port of user presence button"
    depends on !FIDO2_CTAP_DISABLE_UP
    default -1

config FIDO2_CTAP_UP_BUTTON_PIN
    int "Pin of user presence button"
    depends on !FIDO2_CTAP_DISABLE_UP
    default -1

choice
    bool "User presence button mode"
    depends on !FIDO2_CTAP_DISABLE_UP
    default FIDO2_CTAP_UP_BUTTON_MODE_IN_PU

config FIDO2_CTAP_UP_BUTTON_MODE_IN_PU
    bool "GPIO_IN_PU"
    help
        Configure as input with pull-up resistor

config FIDO2_CTAP_UP_BUTTON_MODE_IN_PD
    bool "GPIO_IN_PD"
    help
        Configure as input with pull-down resistor

config FIDO2_CTAP_UP_BUTTON_MODE_IN
    bool "GPIO_IN"
    help
        Configure as input without pull resistor

endchoice

choice
    bool "User presence button pin flank"
    depends on !FIDO2_CTAP_DISABLE_UP
    default FIDO2_CTAP_UP_BUTTON_FLANK_FALLING

config FIDO2_CTAP_UP_BUTTON_FLANK_FALLING
    bool "GPIO_FALLING"

config FIDO2_CTAP_UP_BUTTON_FLANK_RISING
    bool "GPIO_RISING"

endchoice

config FIDO2_CTAP_NUM_FLASHPAGES
    int "Amount of flashpages to use"
    range 2 256
    default 4
    help
        Configure how many flashpages are used to store FIDO2 CTAP data.

        To save a credential (rk) in flash memory, roughly 156 bytes are needed. This
        number might change slightly depending on the flash block size.
        Therefore, if one wants to e.g. save 40 credentials and the flashpage
        size is 4096 bytes roughly 156 * 40 / 4096 (2) flashpages are needed.
        To save authenticator state data one additional flashpage is needed.
        So in total one has to configure 3 to save 40 credentials.

rsource "transport/Kconfig"

endif # MODULE_FIDO2_CTAP