GithubHelp home page GithubHelp logo

isabella232 / ctap2-test-tool Goto Github PK

View Code? Open in Web Editor NEW

This project forked from google/ctap2-test-tool

0.0 0.0 0.0 697 KB

Test tool for CTAP2 authenticators

License: Apache License 2.0

Starlark 3.43% C++ 94.30% Shell 1.22% Batchfile 0.16% Python 0.89%

ctap2-test-tool's Introduction

Test Tool logo

CTAP2 test tool

The test suite intents to make it easier for developers to find bugs in their CTAP2 implementation.

Disclaimer

Those tests reflect the author's interpretation of the specification. It is not to be confused with certification by the FIDO Alliance. Please check the FIDO Alliance web page for more information.

How to install

The build system is bazel. Please make sure you have all dependencies installed. Example command for Ubuntu:

apt-get install bazel libudev-dev autotools-dev autoconf automake libtool

On your first run, the build system will fetch all other necessary libraries using git. The tool is tested on Linux and MacOS with GCC 9 and higher.

How to run

⚠️ This tool will irreversibly delete all credentials on your device.

Running the tool without comments lists all avaiable devices. Select the device you want to test by passing --token_path. For Unix, if only one CTAP2 compatible device is plugged in, you can simply run:

./run.sh

For more control, try i.e.:

bazel run //:fido2_conformance
bazel run //:fido2_conformance -- --token_path=/dev/hidraw0

⚠️ Please do not plug in other security keys with the same product ID, or the tool might contact the wrong device during testing.

While running the test tool, you will be prompted to touch or replug your security key multiple times, to test various features.

Supported features

At the moment, we only support USB HID as a transport. We test the commands from CTAP 2.0, but plan to add tests for supported extensions and CTAP 2.1. The security key must support resident keys and user presence. Also, security keys with displays are untested so far.

Fuzzing

In addition to the CTAP2 specification conformance test, we provide a proof-of-concept fuzzing tool. Please check fuzzing.md for a detailed guide.

Results

For more information on checking or contributing test results, please check results.md.

Contributing

If we didn't already test your security key or you have an updated version, please create a pull request with your result file!

If you want to contribute code, please check contributing.md.

ctap2-test-tool's People

Contributors

ebursztein avatar jaroban avatar kaczmarczyck avatar mingxguo27 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.