* Move to latest compiler and package versions
We also add cargo audit to the desktop tests.
* Install cargo audit differently in workflow
* Removes leftover nightly references
* Removes install check from deploy.py
The toolchain should be correctly setup after setup.sh.
* Removes rust component install from workflow
Now that the nightly version is fixed, this should work ootb.
* Moves cargo audit install to setup.sh
* Updates cargo bloat workflow to default features
* Reworks some workflows to run a script instead
Advantages are:
- Only one set of tests needs maintenance.
- Local results match workflows, no surprises.
- Reduced reliance on GitHub actions.
Fixes#50, #168, #169, #171, #507
* Adds macos to the test matrix
* Adds a compile flag for AuthenticatorConfig
The command can be disabled for authenticators that don't want users to
change their configuration.
* adds tool for calling Config
* std now implies config_command
* removes obsolete comment
* Fixes CBOR message passing through Vendor HID
I did all my tests on hardware with this fix, and now I'm surprised that
it didn't end up on develop. So should have been part of a former PR.
* vendor channel test
* forward vendor HID correctly for upgrades
* fixes cargo fmt
* removes script and updates documentation to match
* new metadata format is used
* Update bootloader/src/main.rs
Co-authored-by: ztoked <zhalvorsen@google.com>
* splits the metadata signed and unsigned parts evenly
* fixes pylint
Co-authored-by: ztoked <zhalvorsen@google.com>
* Duplicate the credential management command as a vendor command
This permits to work with libfido2 and thus ssh-add. Fix#526.
* fix deploy_partition script
* Support configure via the Vendor interface
* Adjust tests now that GetInfo is supported on vendor_hid
* Add test for vendor_hid not supporting FIDO command
* Interleave sending and receiving of packets to reduce latency in receiving of packets
* Add patch to CtapUsbSyscallDriver
* Minor tweaks from review
* Log when overwritting an existing reply
* Only log when 'debug_ctap' is enabled
* Make ctap mod public, as per review
* Rename send_or_recv to send_and_maybe_recv
* fix typo
* Don't process packets on other transport while doing keepalive
* Don't process packets on other transport while doing keepalive
* More accurately determine if reply has finished
* Move comment closer to appropriate location
* Add tests for canceling keepalive packets
* Added a TODO for kaczmarczyck re ctap module being public
* remove the unnecessary sleep()s
* undo messed up commit
* address pylint warnings
* Fix merge mess up, and patch fido2 Usage Page
* Fix up completely borked merge
* Remove patch to FIDO usage, after #523.
* remove obsolete aspects to diff
Co-authored-by: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
* Fix user presence by not overwriting error with OK()
* revert debugging change to TOUCH_TIMEOUT_MS
* fix up incomplete merge
* rename variable to more understandable name
* Add tests to test user_presence
* Add test script to verify Vendor HID interface
* fix formatting
* fix formatting
* fix formatting
* fix formatting
* duplicate tests to test both interfaces first and second
* simplifiy using unique byte val
* more tests
* fix up tings from review
* reset rx packets after reading.
* fix formatting.
* Fix fido2 API update.
Since fido2 0.8.1 the device descriptor moved to NamedTuple, breaking
our configuration tool.
Code is now updated accordingly and the setup script ensure we're
using the correct version for fido2 package.
* Make Yapf happy
* Fix missing update for fido2 0.9.1
Also split the comment into 2 lines so that the touch is not hidden
at the end of the screen.
Updated the shell script that generates the certificates and the
documentation accordingly.
Caveat: now installation is a 2-step procedure, installing OS and
application are split into 2 commands.
OpenSSL seems to serialize bigints as signed value, which means the ECC
key may end up being 33 bytes instead of the 32 bytes we're expecting,
causing build to fail.
The shell script extraction is now replaced by a build.rs script that
uses OpenSSL to extract the content and do sanity checks.
Forcing generating cryptographic materials now always generate a key and
a certificate (useful to compile/flash multiple keys without them being
considered as clones). The self-signed CA is left untouched.
