Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fido2 update tests #20876

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fido2 update tests #20876

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7788c0d
pkg/fido2_tests: Update to latest version
Ollrogge Sep 28, 2024
f68f19a
sys/fido2: Fix allowlist behavior during assertion
Ollrogge Sep 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions pkg/fido2_tests/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
PKG_NAME=fido2_tests
PKG_URL=https://github.com/solokeys/fido2-tests
PKG_VERSION=3f7893d8d1a39b009cddad7913d3808ca664d3b7
PKG_URL=https://github.com/trussed-dev/fido2-tests
PKG_VERSION=591d3d2279949e08de0766897f24bcfd39af1339
PKG_LICENSE=Apache-2.0 OR MIT

include $(RIOTBASE)/pkg/pkg.mk
Expand Down
33 changes: 5 additions & 28 deletions pkg/fido2_tests/patches/0001-Adaptions-for-RIOT-FIDO2-CTAP.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,16 @@
From 445c1fe93f6d0edbd1c59f318703b070c8ee445f Mon Sep 17 00:00:00 2001
From 21f07dc85160512086c5836214f396f2e334d7df Mon Sep 17 00:00:00 2001
From: Ollrogge <[email protected]>
Date: Tue, 7 Sep 2021 19:12:31 +0200
Subject: [PATCH] Adaptions for RIOT FIDO2 CTAP
Date: Fri, 27 Sep 2024 18:16:53 +0200
Subject: [PATCH] [PATCH] Adaptions for RIOT FIDO2 CTAP

---
Makefile | 15 ++++++------
tests/conftest.py | 2 +-
tests/standard/fido2/pin/test_pin.py | 24 ++++++++++++++++---
tests/standard/fido2/test_reset.py | 5 ++++
tests/standard/fido2/test_resident_key.py | 4 ++--
.../fido2/user_presence/test_user_presence.py | 10 +++++++-
tests/standard/transport/test_hid.py | 11 +++++++++
7 files changed, 57 insertions(+), 14 deletions(-)
6 files changed, 55 insertions(+), 12 deletions(-)

diff --git a/Makefile b/Makefile
index 85aa451..c101826 100644
Expand Down Expand Up @@ -137,28 +136,6 @@ index 508d755..adb2818 100644
assert e.value.code == CtapError.ERR.NOT_ALLOWED
+'''
\ No newline at end of file
diff --git a/tests/standard/fido2/test_resident_key.py b/tests/standard/fido2/test_resident_key.py
index 2c5bece..32fe534 100644
--- a/tests/standard/fido2/test_resident_key.py
+++ b/tests/standard/fido2/test_resident_key.py
@@ -45,7 +45,7 @@ class TestResidentKeyPersistance(object):
@pytest.mark.parametrize("do_reboot", [False, True])
def test_user_info_returned_when_using_allowlist(self, device, MC_RK_Res, GA_RK_Res, do_reboot):
assert "id" in GA_RK_Res.user.keys()
-
+
allow_list = [
{
"id": MC_RK_Res.auth_data.credential_data.credential_id[:],
@@ -66,7 +66,7 @@ class TestResidentKeyPersistance(object):
class TestResidentKeyAfterReset(object):
def test_with_allow_list_after_reset(self, device, MC_RK_Res, GA_RK_Res):
assert "id" in GA_RK_Res.user.keys()
-
+
allow_list = [
{
"id": MC_RK_Res.auth_data.credential_data.credential_id[:],
diff --git a/tests/standard/fido2/user_presence/test_user_presence.py b/tests/standard/fido2/user_presence/test_user_presence.py
index c9904b2..0b74d24 100644
--- a/tests/standard/fido2/user_presence/test_user_presence.py
Expand Down Expand Up @@ -222,5 +199,5 @@ index c79c933..6203a00 100644
def test_timeout(self, device):
device.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
--
2.33.0
2.46.1

14 changes: 12 additions & 2 deletions sys/fido2/ctap/ctap.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,17 @@
#define ENABLE_DEBUG (0)
#include "debug.h"

/**

Check warning on line 41 in sys/fido2/ctap/ctap.c

View workflow job for this annotation

GitHub Actions / static-tests 

Coccinelle proposes the following patch:

--- sys/fido2/ctap/ctap.c
+++ sys/fido2/ctap/ctap.c
@@ -35,7 +35,7 @@
 #include "fido2/ctap/transport/hid/ctap_hid.h"
 #endif
 
-#define ENABLE_DEBUG    (0)
+#define ENABLE_DEBUG 0
 #include "debug.h"
 
 /**
* @brief CTAP get_assertion state
*/
typedef struct {
ctap_resident_key_t rks[CTAP_MAX_EXCLUDE_LIST_SIZE]; /**< eligible resident keys found */
uint8_t count; /**< number of rks found */
uint8_t cred_counter; /**< amount of creds sent to host */
uint32_t timer; /**< time gap between get_next_assertion calls in milliseconds */

Check warning on line 48 in sys/fido2/ctap/ctap.c

View workflow job for this annotation

GitHub Actions / static-tests 

line is longer than 100 characters
bool uv; /**< indicate if user verified */
bool up; /**< indicate if user present */
uint8_t client_data_hash[SHA256_DIGEST_LENGTH]; /**< SHA-256 hash of JSON serialized client data */

Check warning on line 51 in sys/fido2/ctap/ctap.c

View workflow job for this annotation

GitHub Actions / static-tests 

line is longer than 100 characters
} ctap_get_assertion_state_t;

/*** CTAP methods ***/
Expand Down Expand Up @@ -690,6 +690,11 @@
goto done;
}

/* CTAP specification (version 20190130) section 5.2, step 9 */
if (req.allow_list_len > 0 && _assert_state.count > 1) {
_assert_state.count = 1;
}

memcpy(_assert_state.client_data_hash, req.client_data_hash,
SHA256_DIGEST_LENGTH);

Expand Down Expand Up @@ -732,8 +737,13 @@
}
}

/* save current time for get_next_assertion timeout */
_assert_state.timer = ztimer_now(ZTIMER_MSEC);
/**
if more than 1 eligible credential found and no allow list, save current time for
get_next_assertion timeout
*/
if (_assert_state.count > 1 && req.allow_list_len == 0) {
_assert_state.timer = ztimer_now(ZTIMER_MSEC);
}

ret = CTAP2_OK;

Expand Down Expand Up @@ -904,7 +914,7 @@
int ret;
ctap_public_key_cose_t key = { 0 };


Check warning on line 917 in sys/fido2/ctap/ctap.c

View workflow job for this annotation

GitHub Actions / static-tests 

too many consecutive empty lines
/* generate key agreement key */
ret =
fido2_ctap_crypto_gen_keypair(&_state.ag_key.pub, _state.ag_key.priv,
Expand Down
2 changes: 1 addition & 1 deletion tests/sys/fido2_ctap/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ USB_PID ?= $(USB_PID_TESTING)
# compiled natively (x86-64). Therefore we need to clear the flags set by e.g.
# BOARD = nrf52840dk
fido2-test:
env -i PATH=$(PATH) $(MAKE) -C $(PKGDIRBASE)/fido2_tests
env -i PATH=$(PATH) $(MAKE) -C $(PKGDIRBASE)/fido2_tests standard-tests

# FIDO2 user presence tests.
#
Expand Down
Loading