RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity
698abbaa04
RIOT/tests/sys_fido2_ctap
History
Gunar Schorcht 8512db60a6 tests/sys_fido2_ctap: enable usbus in Makefile 
There are boards that select the STDIO backend used depending on whether `usbus` is enabled. Usually the `fido2_ctap_transport_hid` module pulls in `usbus_hid` and thus `usbus`, but since this dependency resolution is done after reading the `Makefile.dep` of the board, it may happen that the wrong STDIO backend is selected. Therefore `usbus` is selected directly in the `Makefile`.
2023-02-08 11:56:18 +01:00
..
app.config.test sys/random/kconfig: remove HWRNG default in backend choice 2022-04-27 15:41:23 +02:00
main.c FIDO2 support in RIOT 2021-09-08 15:22:40 +02:00
Makefile tests/sys_fido2_ctap: enable usbus in Makefile 2023-02-08 11:56:18 +01:00
Makefile.ci boards/{bluepill*,blackpill*}: rename and improve doc 2023-01-02 16:23:10 +01:00
README.md tests/sys_fido2_ctap: add script to reset authenticator 2022-04-11 13:04:53 +02:00
reset.py tests/sys_fido2_ctap: add script to reset authenticator 2022-04-11 13:04:53 +02:00

README.md

Test Application for FIDO2 CTAP

This test aims to test the FIDO2 CTAP implementation by creating a FIDO2 authenticator which uses CTAPHID as communication protocol.

Note:

  • This test application has only been tested on an nrf52840 DK.

The test application requires at least 16536 bytes of stack memory which are divided as follows:

  • 512 bytes isr_stack
  • 1024 usbus
  • 15000 bytes FIDO2 CTAP

Usage

The FIDO2 authenticator can be tested in two ways:

Functional testing

  1. Flash the device with make flash.
  2. Test the authenticator on a website like Webauthn.io.

Note:

  • Due to limited support of FIDO2 CTAP in browsers as of now, make sure to use the Chromium or Google Chrome browser when testing on Webauthn.io.
  • When registering and authenticating on Webauthn.io you will need to push button 1 on your device in order to show user presence.

Resetting the authenticator

  • To reset the authenticator, meaning that all credentials and state information will be deleted, execute the reset.py file located in this directory.
    • This requires you to install the python fido2 package. To install run: pip install fido2==0.8.1.

Unit testing

Unit testing is based on the fido2_tests package.

There are two test targets (fido2-test, fido2-test-up). The former requires no user interaction the latter does.

Note:

  • The tests require python 3.6+.
  • The tests require swig to be installed on your host computer.
  • Running the tests for the first time will setup a virtual python environment (venv) and install python dependencies of the tests. To check the dependencies please refer to the requirements.txt of the fido2-tests repository.
  • The unit tests will require you to reboot the authenticator multiple times. Be patient before continuing as it takes a few seconds for the connection between OS and authenticator to be re-established.
  • If you keep getting errors while trying to run the tests try changing to another git branch and back e.g. git checkout branch1 && git checkout - in order to remove build artifacts. Then re-flash the device with make flash term and try to run the tests again with make fido2-test or make fido2-test-up.

fido2-test

  1. To make benchmarking faster disable user presence tests by enabling the CFLAG CONFIG_FIDO2_CTAP_DISABLE_UP in the Makefile or through KConfig.
  2. Flash the device with make flash.
  3. Run the unit tests by running make fido2-test.

fido2-test-up

  1. Make sure that the CFLAG CONFIG_FIDO2_CTAP_DISABLE_UP is disabled as this test target requires user interaction.
  2. Flash the device with make flash.
  3. Run the unit tests by running make fido2-test-up and follow the instructions. E.g. when .ACTIVATE UP ONCE is displayed, press the configured UP button (default button 1) once.