Closed GregDomzalski closed 1 month ago
2 files 2 suites 2s :stopwatch: 3 616 tests 3 616 :white_check_mark: 0 :zzz: 0 :x: 3 618 runs 3 618 :white_check_mark: 0 :zzz: 0 :x:
Results for commit b5a115cf.
:recycle: This comment has been updated with latest results.
2 files 2 suites 5s :stopwatch: 3 608 tests 3 608 :white_check_mark: 0 :zzz: 0 :x: 3 610 runs 3 610 :white_check_mark: 0 :zzz: 0 :x:
Results for commit b5a115cf.
:recycle: This comment has been updated with latest results.
2 files 2 suites 2s :stopwatch: 3 608 tests 3 608 :white_check_mark: 0 :zzz: 0 :x: 3 610 runs 3 610 :white_check_mark: 0 :zzz: 0 :x:
Results for commit b5a115cf.
:recycle: This comment has been updated with latest results.
Package | Line Rate | Branch Rate | Complexity | Health |
---|---|---|---|---|
Yubico.Core | 42% | 31% | 4257 | ➖ |
Yubico.YubiKey | 51% | 47% | 18516 | ➖ |
Summary | 49% (31633 / 64422) | 45% (8038 / 18060) | 22773 | ➖ |
Minimum allowed line rate is 40%
Description
The reclaim timeout was introduced in the YubiKey NEO. Because the NEO used a separate chip for USB communication from the secure element, there was a delay that was needed for stability reasons whenever the host (computer) wanted to switch USB interfaces. This interface "reclaim" timeout was a whopping 3 seconds - meaning if you wanted to switch from talking to OTP to FIDO, you needed to wait 3 seconds prior to issuing the first FIDO command.
Even though it was no longer needed in the YubiKey 4/5 hardware platform, this reclaim timeout behavior was ported over. After some discussions with the firmware team, they agreed that this timeout was no longer needed and could be removed. This "fast reclaim" was merged into FW 5.6.0 and is available in all subsequent versions.
This PR adds a feature flag and check and will default to no longer waiting for the 3 seconds if we detect a key with this ability. The behavior can be overridden by an app compat switch in case anyone was depending on this old timing.
Although we were already taking shortcuts during enumeration to avoid talking to the same YubiKey more than once, this will speed up the degenerate cases where those shortcuts are not possible.
This also drastically improves performance on configuration and provisioning style applications that need to switch between OTP, SmartCard, and FIDO interfaces quickly.
Type of change
Please delete options that are not relevant.
How has this been tested?
Existing integration test was updated to always force the old behavior. The test was run using both a 5.4.3 YubiKey and a 5.7.x YubiKey. The reclaim timeout behavior remained. Since we don't yet have a
StandardTestDevice
filter for very new keys like5.7
I did not add any additional test cases. However I did modify the test locally to verify that fast reclaim worked by default on 5.7, that slow reclaim worked by default on 5.4.3, that slow reclaim worked when overridden for both 5.7 and 5.4.3 when the app compat flag is set.Test configuration:
Checklist:
dotnet format
to format my code