1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-18 12:52:44 +01:00
RIOT/sys/fido2/ctap/Kconfig

130 lines
3.8 KiB
Plaintext

# Copyright (C) 2021 Freie Universität Berlin
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
menuconfig MODULE_FIDO2_CTAP
bool "FIDO2 CTAP"
depends on HAS_PERIPH_FLASHPAGE
depends on HAS_PERIPH_FLASHPAGE_IN_ADDRESS_SPACE
depends on HAS_PERIPH_GPIO
depends on HAS_PERIPH_GPIO_IRQ
depends on MODULE_FIDO2
depends on TEST_KCONFIG
select PACKAGE_TINYCBOR
select PACKAGE_MICRO-ECC
select PACKAGE_TINY-ASN1
select MODULE_PERIPH_GPIO
select MODULE_PERIPH_GPIO_IRQ
select MODULE_EVENT
select MODULE_EVENT_TIMEOUT_ZTIMER
select MODULE_ZTIMER
select MODULE_ZTIMER_MSEC
select MODULE_MTD
select MODULE_MTD_FLASHPAGE
select MODULE_MTD_WRITE_PAGE
select MODULE_RANDOM
select MODULE_CRYPTO_AES_256
select MODULE_CIPHER_MODES
select MODULE_HASHES
select MODULE_PERIPH_FLASHPAGE_IN_ADDRESS_SPACE
help
Y to enable CTAP protocol support. The Client-to-Authenticator
Protocol (CTAP) is an application layer protocol for the communication
between an authenticator and a host. CTAP is part of the FIDO2 Project.
For more information visit https://fidoalliance.org/fido2.
if MODULE_FIDO2_CTAP
config FIDO2_CTAP_STACK_SIZE
int "CTAP thread stack size"
default 15000
config FIDO2_CTAP_DEVICE_AAGUID
string "AAGUID of the CTAP authenticator"
default "9c295865fa2c36b705a42320af9c8f16"
help
The AAGUID is identifying the type of the authenticator (e.g manufacturer
and model). The AAGUID needs to be 128 bits long. The default value here
is a fallback value that was randomly generated.
config FIDO2_CTAP_DISABLE_UP
bool "Disable user presence tests"
help
When set, the authenticator will not ask for permission before creating
a new credential pair or authenticating.
config FIDO2_CTAP_DISABLE_LED
bool "Disable LED animations"
help
When set, the authenticator will not use LED's.
config FIDO2_CTAP_UP_TIMEOUT
int "Seconds until user presence test times out"
default 15
config FIDO2_CTAP_UP_BUTTON_PORT
int "Port of user presence button"
depends on !FIDO2_CTAP_DISABLE_UP
default -1
config FIDO2_CTAP_UP_BUTTON_PIN
int "Pin of user presence button"
depends on !FIDO2_CTAP_DISABLE_UP
default -1
choice
bool "User presence button mode"
depends on !FIDO2_CTAP_DISABLE_UP
default FIDO2_CTAP_UP_BUTTON_MODE_IN_PU
config FIDO2_CTAP_UP_BUTTON_MODE_IN_PU
bool "GPIO_IN_PU"
help
Configure as input with pull-up resistor
config FIDO2_CTAP_UP_BUTTON_MODE_IN_PD
bool "GPIO_IN_PD"
help
Configure as input with pull-down resistor
config FIDO2_CTAP_UP_BUTTON_MODE_IN
bool "GPIO_IN"
help
Configure as input without pull resistor
endchoice
choice
bool "User presence button pin flank"
depends on !FIDO2_CTAP_DISABLE_UP
default FIDO2_CTAP_UP_BUTTON_FLANK_FALLING
config FIDO2_CTAP_UP_BUTTON_FLANK_FALLING
bool "GPIO_FALLING"
config FIDO2_CTAP_UP_BUTTON_FLANK_RISING
bool "GPIO_RISING"
endchoice
config FIDO2_CTAP_NUM_FLASHPAGES
int "Amount of flashpages to use"
range 2 256
default 4
help
Configure how many flashpages are used to store FIDO2 CTAP data.
To save a credential (rk) in flash memory, roughly 156 bytes are needed. This
number might change slightly depending on the flash block size.
Therefore, if one wants to e.g. save 40 credentials and the flashpage
size is 4096 bytes roughly 156 * 40 / 4096 (2) flashpages are needed.
To save authenticator state data one additional flashpage is needed.
So in total one has to configure 3 to save 40 credentials.
rsource "transport/Kconfig"
endif # MODULE_FIDO2_CTAP