The test suite intents to make it easier for developers to find bugs in their CTAP2 implementation. It supports CTAP 2.0 only, see supported features.
Those tests reflect the author's interpretation of the specification. It is not to be confused with certification by the FIDO Alliance. Please check the FIDO Alliance web page for more information.
The build system is bazel. Please make sure you have all dependencies installed. Example command for Ubuntu:
apt-get install bazel libudev-dev autotools-dev autoconf automake libtoolOn your first run, the build system will fetch all other necessary libraries using git. The tool is tested on Linux and MacOS with GCC 9 and higher.
Running the tool without comments lists all avaiable devices. Select the device
you want to test by passing --token_path. For Unix, if only one CTAP2
compatible device is plugged in, you can simply run:
./run.shFor more control, try i.e.:
bazel run //:fido2_conformance
bazel run //:fido2_conformance -- --token_path=/dev/hidraw0While running the test tool, you will be prompted to touch or replug your security key multiple times, to test various features.
At the moment, we only support USB HID as a transport. We test the commands from CTAP 2.0. The security key must support resident keys and user presence. Also, security keys with displays are untested so far.
In addition to the CTAP2 specification conformance test, we provide a proof-of-concept fuzzing tool. Please check fuzzing.md for a detailed guide.
For more information on checking or contributing test results, please check results.md.
If we didn't already test your security key or you have an updated version, please create a pull request with your result file!
If you want to contribute code, please check contributing.md.