sys/fido2: Fix bug in user presence test

The authenticator did not wait for user presence when user presence tests were enabled, but LED animations were disabled.
2025-12-20 12:03:52 +01:00 · 2025-02-17 22:40:03 +01:00 · 2025-02-17 22:40:03 +01:00 · 3e3ad836a1
commit 3e3ad836a1
parent 2e02363eef
3 changed files with 36 additions and 34 deletions
--- a/sys/fido2/ctap/ctap_utils.c
+++ b/sys/fido2/ctap/ctap_utils.c
@ -15,8 +15,6 @@
 * @}
 */

-#include <string.h>
-
 #include "ztimer.h"

 #include "fido2/ctap.h"
@ -61,9 +59,7 @@ ctap_status_code_t fido2_ctap_utils_user_presence_test(void)

    gpio_irq_enable(_pin);

-    if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_LED)) {
-        fido2_ctap_utils_led_animation();
-    }
+    fido2_ctap_utils_wait_for_user_presence();

    ret = _user_present ? CTAP2_OK : CTAP2_ERR_ACTION_TIMEOUT;

@ -79,39 +75,43 @@ static void _gpio_cb(void *arg)
    _user_present = true;
 }

-void fido2_ctap_utils_led_animation(void)
+void fido2_ctap_utils_wait_for_user_presence(void)
 {
    uint32_t start = ztimer_now(ZTIMER_MSEC);
    uint32_t diff = 0;
    uint32_t delay = 500;

    while (!_user_present && diff < CTAP_UP_TIMEOUT) {
-#ifdef LED0_TOGGLE
-        LED0_TOGGLE;
-#endif
-#ifdef LED1_TOGGLE
-        LED1_TOGGLE;
-#endif
-#ifdef LED3_TOGGLE
-        LED3_TOGGLE;
-#endif
-#ifdef LED2_TOGGLE
-        LED2_TOGGLE;
-#endif
+        if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_LED)) {
+    #ifdef LED0_TOGGLE
+            LED0_TOGGLE;
+    #endif
+    #ifdef LED1_TOGGLE
+            LED1_TOGGLE;
+    #endif
+    #ifdef LED2_TOGGLE
+            LED2_TOGGLE;
+    #endif
+    #ifdef LED3_TOGGLE
+            LED3_TOGGLE;
+    #endif
+        }
        ztimer_sleep(ZTIMER_MSEC, delay);
        diff = ztimer_now(ZTIMER_MSEC) - start;
    }

-#ifdef LED0_TOGGLE
-    LED0_OFF;
-#endif
-#ifdef LED1_TOGGLE
-    LED1_OFF;
-#endif
-#ifdef LED3_TOGGLE
-    LED3_OFF;
-#endif
-#ifdef LED2_TOGGLE
-    LED2_OFF;
-#endif
+    if (!IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_LED)) {
+    #ifdef LED0_TOGGLE
+        LED0_OFF;
+    #endif
+    #ifdef LED1_TOGGLE
+        LED1_OFF;
+    #endif
+    #ifdef LED2_TOGGLE
+        LED2_OFF;
+    #endif
+    #ifdef LED3_TOGGLE
+        LED3_OFF;
+    #endif
+    }
 }
--- a/sys/include/fido2/ctap/ctap_utils.h
+++ b/sys/include/fido2/ctap/ctap_utils.h
@ -33,7 +33,7 @@ extern "C" {
 /**
 * @brief LED animation to indicate that user action is required
 */
-void fido2_ctap_utils_led_animation(void);
+void fido2_ctap_utils_wait_for_user_presence(void);

 /**
 * @brief Initialize button to be used for user presence test
--- a/tests/sys/fido2_ctap_hid/Makefile
+++ b/tests/sys/fido2_ctap_hid/Makefile
@ -26,16 +26,18 @@ CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_LED=1
 # compiled natively (x86-64). Therefore we need to clear the flags set by e.g.
 # BOARD = nrf52840dk
 fido2-test:
-	env -i PATH=$(PATH) $(MAKE) -C $(RIOTBASE)/build/pkg/fido2_tests standard-tests
+	env -i PATH=$(PATH) $(MAKE) -C $(PKGDIRBASE)/fido2_tests standard-tests

 # FIDO2 user presence tests.
 #
-# Make sure to enable user presence tests by uncommenting CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_UP=1
+# Make sure to enable user presence tests by setting CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_UP=0.
+# It is also recommended to set CFLAGS += -DCONFIG_FIDO2_CTAP_DISABLE_LED=0 to have
+# an indicator that signals when to press the button.
 #
 # Use env -i because fido2-test has a depedency (pyscard) that needs to be
 # compiled natively (x86-64). Therefore we need to clear the flags set by e.g.
 # BOARD = nrf52840dk
 fido2-test-up:
-	env -i PATH=$(PATH) $(MAKE) -C $(RIOTBASE)/build/pkg/fido2_tests up-tests
+	env -i PATH=$(PATH) $(MAKE) -C $(PKGDIRBASE)/fido2_tests up-tests

 include $(RIOTBASE)/Makefile.include