Merge pull request #55 from canokeys/feature/fido2.1

Feature/fido2.1
canokeys · Sep 30, 2023 · 1df49e7 · 1df49e7
2 parents f2d12f1 + 20de9c0
commit 1df49e7
Show file tree

Hide file tree

Showing 26 changed files with 3,709 additions and 1,122 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -9,7 +9,7 @@ jobs:
       run: |
         sudo apt-add-repository ppa:yubico/stable
         sudo apt-get update
-        sudo apt-get install -q -y git gcc g++ cmake swig psmisc procps pcscd pcsc-tools yubico-piv-tool libhidapi-dev libassuan-dev libgcrypt20-dev libksba-dev libnpth0-dev opensc openssl openssh-server libpcsclite-dev libudev-dev libcmocka-dev python3-pip python3-setuptools python3-wheel lcov yubikey-manager
+        sudo apt-get install -q -y git gcc g++ cmake swig psmisc procps pcscd pcsc-tools yubico-piv-tool libhidapi-dev libassuan-dev libgcrypt20-dev libksba-dev libnpth0-dev opensc openssl openssh-server libpcsclite-dev libudev-dev libcmocka-dev python3-pip python3-setuptools python3-wheel lcov yubikey-manager libcbor-dev
         pip3 install --upgrade pip
 
     - name: Set up Go 1.13
@@ -24,28 +24,42 @@ jobs:
         submodules: recursive
 
     - name: Cache GO Modules
-      uses: actions/cache@v1
+      uses: actions/cache@v3
       env:
         cache-name: go_mod
       with:
         path: ~/go/pkg/mod
         key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('./go.mod') }}
 
     - name: Cache Patched GPG
-      uses: actions/cache@v1
+      uses: actions/cache@v3
       env:
         cache-name: cache_gpg_binary
       with:
         path: gnupg
         key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('./test-via-pcsc/build_gpg.sh') }}
 
+    - name: Cache FIDO Tools
+      uses: actions/cache@v3
+      env:
+        cache-name: cache_fido_tools
+      with:
+        path: |
+          u2f-ref-code
+          libfido2
+        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('./test-via-pcsc/build_fido_tests.sh') }}
+
     - name: Build Patched GPG
       run: |
         ./test-via-pcsc/build_gpg.sh
         gpg --version
 
     - name: Build FIDO Tests
-      run: ./test-via-pcsc/build_fido_tests.sh
+      run: |
+        ./test-via-pcsc/build_fido_tests.sh
+        sudo ldconfig
+        which fido2-token
+        ldd $(which fido2-token)
 
     - name: Build for Test
       run: |
@@ -92,10 +106,14 @@ jobs:
 
     - name: Test the FIDO2
       run: |
-        echo 1 >/tmp/canokey-test-nfc # Emulate the NFC mode
+        #echo 1 >/tmp/canokey-test-nfc # Emulate the NFC mode
+        #pushd test-real && ./test-libfido2.sh && popd
         cd fido2-tests
-        ~/.local/bin/pytest --color=yes --nfc tests/standard/
-        ~/.local/bin/pytest --color=yes --nfc tests/vendor/canokeys/ --capture=no
+        #../build/fido-hid-over-udp &
+        git pull
+        ~/.local/bin/pytest --color=yes --vendor canokeys --nfc tests/standard/
+        ~/.local/bin/pytest --color=yes --vendor canokeys --nfc tests/vendor/canokeys/
+        #kill %1
 
     - name: Test the U2F
       run: |

diff --git a/applets/ctap/ctap-errors.h b/applets/ctap/ctap-errors.h
@@ -15,7 +15,8 @@
 #define CTAP2_ERR_INVALID_CBOR              0x12
 #define CTAP2_ERR_MISSING_PARAMETER         0x14
 #define CTAP2_ERR_LIMIT_EXCEEDED            0x15
-#define CTAP2_ERR_UNSUPPORTED_EXTENSION     0x16
+#define CTAP2_ERR_FP_DATABASE_FULL          0x17
+#define CTAP2_ERR_LARGE_BLOB_STORAGE_FULL   0x18
 #define CTAP2_ERR_CREDENTIAL_EXCLUDED       0x19
 #define CTAP2_ERR_PROCESSING                0x21
 #define CTAP2_ERR_INVALID_CREDENTIAL        0x22
@@ -25,7 +26,6 @@
 #define CTAP2_ERR_UNSUPPORTED_ALGORITHM     0x26
 #define CTAP2_ERR_OPERATION_DENIED          0x27
 #define CTAP2_ERR_KEY_STORE_FULL            0x28
-#define CTAP2_ERR_NO_OPERATION_PENDING      0x2A
 #define CTAP2_ERR_UNSUPPORTED_OPTION        0x2B
 #define CTAP2_ERR_INVALID_OPTION            0x2C
 #define CTAP2_ERR_KEEPALIVE_CANCEL          0x2D
@@ -37,12 +37,16 @@
 #define CTAP2_ERR_PIN_AUTH_INVALID          0x33
 #define CTAP2_ERR_PIN_AUTH_BLOCKED          0x34
 #define CTAP2_ERR_PIN_NOT_SET               0x35
-#define CTAP2_ERR_PIN_REQUIRED              0x36
+#define CTAP2_ERR_PUAT_REQUIRED             0x36
 #define CTAP2_ERR_PIN_POLICY_VIOLATION      0x37
-#define CTAP2_ERR_PIN_TOKEN_EXPIRED         0x38
 #define CTAP2_ERR_REQUEST_TOO_LARGE         0x39
 #define CTAP2_ERR_ACTION_TIMEOUT            0x3A
 #define CTAP2_ERR_UP_REQUIRED               0x3B
+#define CTAP2_ERR_UV_BLOCKED                0x3C
+#define CTAP2_ERR_INTEGRITY_FAILURE         0x3D
+#define CTAP2_ERR_INVALID_SUBCOMMAND        0x3E
+#define CTAP2_ERR_UV_INVALID                0x3F
+#define CTAP2_ERR_UNAUTHORIZED_PERMISSION   0x40
 #define CTAP1_ERR_OTHER                     0x7F
 #define CTAP2_ERR_SPEC_LAST                 0xDF
 #define CTAP2_ERR_EXTENSION_FIRST           0xE0