mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-01-18 10:12:45 +01:00
8512db60a6
There are boards that select the STDIO backend used depending on whether `usbus` is enabled. Usually the `fido2_ctap_transport_hid` module pulls in `usbus_hid` and thus `usbus`, but since this dependency resolution is done after reading the `Makefile.dep` of the board, it may happen that the wrong STDIO backend is selected. Therefore `usbus` is selected directly in the `Makefile`. |
||
---|---|---|
.. | ||
app.config.test | ||
main.c | ||
Makefile | ||
Makefile.ci | ||
README.md | ||
reset.py |
Test Application for FIDO2 CTAP
This test aims to test the FIDO2 CTAP implementation by creating a FIDO2 authenticator which uses CTAPHID as communication protocol.
Note:
- This test application has only been tested on an nrf52840 DK.
The test application requires at least 16536 bytes of stack memory which are divided as follows:
- 512 bytes isr_stack
- 1024 usbus
- 15000 bytes FIDO2 CTAP
Usage
The FIDO2 authenticator can be tested in two ways:
Functional testing
- Flash the device with
make flash
. - Test the authenticator on a website like Webauthn.io.
Note:
- Due to limited support of FIDO2 CTAP in browsers as of now, make sure to use the Chromium or Google Chrome browser when testing on Webauthn.io.
- When registering and authenticating on Webauthn.io you will need to push button 1 on your device in order to show user presence.
Resetting the authenticator
- To reset the authenticator, meaning that all credentials and state information
will be deleted, execute the
reset.py
file located in this directory.- This requires you to install the python fido2 package. To install run:
pip install fido2==0.8.1
.
- This requires you to install the python fido2 package. To install run:
Unit testing
Unit testing is based on the fido2_tests
package.
There are two test targets (fido2-test, fido2-test-up). The former requires no user interaction the latter does.
Note:
- The tests require python 3.6+.
- The tests require swig to be installed on your host computer.
- Running the tests for the first time will setup a virtual python environment (venv) and install python dependencies of the tests. To check the dependencies please refer to the
requirements.txt
of the fido2-tests repository. - The unit tests will require you to reboot the authenticator multiple times. Be patient before continuing as it takes a few seconds for the connection between OS and authenticator to be re-established.
- If you keep getting errors while trying to run the tests try changing to another git branch and back e.g.
git checkout branch1 && git checkout -
in order to remove build artifacts. Then re-flash the device withmake flash term
and try to run the tests again withmake fido2-test
ormake fido2-test-up
.
fido2-test
- To make benchmarking faster disable user presence tests by enabling the CFLAG
CONFIG_FIDO2_CTAP_DISABLE_UP
in the Makefile or through KConfig. - Flash the device with
make flash
. - Run the unit tests by running
make fido2-test
.
fido2-test-up
- Make sure that the CFLAG
CONFIG_FIDO2_CTAP_DISABLE_UP
is disabled as this test target requires user interaction. - Flash the device with
make flash
. - Run the unit tests by running
make fido2-test-up
and follow the instructions. E.g. when.ACTIVATE UP ONCE
is displayed, press the configured UP button (default button 1) once.