From 07a28fe6112e7fbec3bb0fb76730990919aa0594 Mon Sep 17 00:00:00 2001
From: Julien Cretin <cretin@google.com>
Date: Thu, 14 Jul 2022 12:46:01 +0200
Subject: [PATCH] Inline Helper

---
 src/api/attestation_store.rs | 24 ------------------------
 src/ctap/mod.rs              |  3 ---
 src/ctap/storage.rs          |  1 -
 src/env/test/mod.rs          | 25 +++++++++++++++----------
 src/env/tock/mod.rs          | 24 +++++++++++++++++++++---
 src/test_helpers/mod.rs      | 27 +++++++++++++++++----------
 6 files changed, 53 insertions(+), 51 deletions(-)

diff --git a/src/api/attestation_store.rs b/src/api/attestation_store.rs
index 111f5ea..74024a4 100644
--- a/src/api/attestation_store.rs
+++ b/src/api/attestation_store.rs
@@ -43,30 +43,6 @@ pub enum Error {
 /// Keys of the environment store reserved for the attestation store.
 pub const STORAGE_KEYS: &[usize] = &[1, 2];
 
-/// Implements a default attestation store using the environment store.
-///
-/// Supports only one attestation at a time.
-pub trait Helper: Env {
-    /// Returns the current attestation id.
-    fn attestation_id(&self) -> Id;
-}
-
-impl<T: Helper> AttestationStore for T {
-    fn get(&mut self, id: &Id) -> Result<Option<Attestation>, Error> {
-        if id != &self.attestation_id() {
-            return Err(Error::NoSupport);
-        }
-        helper_get(self)
-    }
-
-    fn set(&mut self, id: &Id, attestation: Option<&Attestation>) -> Result<(), Error> {
-        if id != &self.attestation_id() {
-            return Err(Error::NoSupport);
-        }
-        helper_set(self, attestation)
-    }
-}
-
 pub fn helper_get(env: &mut impl Env) -> Result<Option<Attestation>, Error> {
     let private_key = env.store().find(PRIVATE_KEY_STORAGE_KEY)?;
     let certificate = env.store().find(CERTIFICATE_STORAGE_KEY)?;
diff --git a/src/ctap/mod.rs b/src/ctap/mod.rs
index 9ee17de..c8e8925 100644
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -2126,7 +2126,6 @@ mod test {
     #[test]
     fn test_process_make_credential_with_enterprise_attestation_vendor_facilitated() {
         let mut env = TestEnv::new();
-        env.set_attestation_id(attestation_store::Id::Enterprise);
         env.customization_mut().setup_enterprise_attestation(
             Some(EnterpriseAttestationMode::VendorFacilitated),
             Some(vec!["example.com".to_string()]),
@@ -2173,7 +2172,6 @@ mod test {
     #[test]
     fn test_process_make_credential_with_enterprise_attestation_platform_managed() {
         let mut env = TestEnv::new();
-        env.set_attestation_id(attestation_store::Id::Enterprise);
         env.customization_mut().setup_enterprise_attestation(
             Some(EnterpriseAttestationMode::PlatformManaged),
             Some(vec!["example.com".to_string()]),
@@ -2210,7 +2208,6 @@ mod test {
     #[test]
     fn test_process_make_credential_with_enterprise_attestation_invalid() {
         let mut env = TestEnv::new();
-        env.set_attestation_id(attestation_store::Id::Enterprise);
         env.customization_mut()
             .setup_enterprise_attestation(Some(EnterpriseAttestationMode::PlatformManaged), None);
 
diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index 59db1d5..ff932d0 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -1141,7 +1141,6 @@ mod test {
     #[test]
     fn test_enterprise_attestation() {
         let mut env = TestEnv::new();
-        env.set_attestation_id(attestation_store::Id::Enterprise);
 
         let dummy_attestation = Attestation {
             private_key: [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
diff --git a/src/env/test/mod.rs b/src/env/test/mod.rs
index 4fe25e2..e5bac84 100644
--- a/src/env/test/mod.rs
+++ b/src/env/test/mod.rs
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 use self::upgrade_storage::BufferUpgradeStorage;
+use crate::api::attestation_store::AttestationStore;
 use crate::api::connection::{HidConnection, SendOrRecvResult, SendOrRecvStatus};
 use crate::api::customization::DEFAULT_CUSTOMIZATION;
 use crate::api::firmware_protection::FirmwareProtection;
@@ -36,7 +37,6 @@ pub struct TestEnv {
     store: Store<BufferStorage>,
     upgrade_storage: Option<BufferUpgradeStorage>,
     customization: TestCustomization,
-    attestation_id: attestation_store::Id,
 }
 
 pub struct TestRng256 {
@@ -107,14 +107,12 @@ impl TestEnv {
         let store = Store::new(storage).ok().unwrap();
         let upgrade_storage = Some(BufferUpgradeStorage::new().unwrap());
         let customization = DEFAULT_CUSTOMIZATION.into();
-        let attestation_id = attestation_store::Id::Batch;
         TestEnv {
             rng,
             user_presence,
             store,
             upgrade_storage,
             customization,
-            attestation_id,
         }
     }
 
@@ -129,10 +127,6 @@ impl TestEnv {
     pub fn rng(&mut self) -> &mut TestRng256 {
         &mut self.rng
     }
-
-    pub fn set_attestation_id(&mut self, id: attestation_store::Id) {
-        self.attestation_id = id;
-    }
 }
 
 impl TestUserPresence {
@@ -157,9 +151,20 @@ impl FirmwareProtection for TestEnv {
 
 impl key_store::Helper for TestEnv {}
 
-impl attestation_store::Helper for TestEnv {
-    fn attestation_id(&self) -> attestation_store::Id {
-        self.attestation_id.clone()
+impl AttestationStore for TestEnv {
+    fn get(
+        &mut self,
+        _id: &attestation_store::Id,
+    ) -> Result<Option<attestation_store::Attestation>, attestation_store::Error> {
+        attestation_store::helper_get(self)
+    }
+
+    fn set(
+        &mut self,
+        _id: &attestation_store::Id,
+        attestation: Option<&attestation_store::Attestation>,
+    ) -> Result<(), attestation_store::Error> {
+        attestation_store::helper_set(self, attestation)
     }
 }
 
diff --git a/src/env/tock/mod.rs b/src/env/tock/mod.rs
index 7c7f987..891883d 100644
--- a/src/env/tock/mod.rs
+++ b/src/env/tock/mod.rs
@@ -13,6 +13,7 @@
 // limitations under the License.
 
 pub use self::storage::{TockStorage, TockUpgradeStorage};
+use crate::api::attestation_store::AttestationStore;
 use crate::api::connection::{HidConnection, SendOrRecvError, SendOrRecvResult, SendOrRecvStatus};
 use crate::api::customization::{CustomizationImpl, DEFAULT_CUSTOMIZATION};
 use crate::api::firmware_protection::FirmwareProtection;
@@ -196,9 +197,26 @@ impl FirmwareProtection for TockEnv {
 
 impl key_store::Helper for TockEnv {}
 
-impl attestation_store::Helper for TockEnv {
-    fn attestation_id(&self) -> attestation_store::Id {
-        attestation_store::Id::Batch
+impl AttestationStore for TockEnv {
+    fn get(
+        &mut self,
+        id: &attestation_store::Id,
+    ) -> Result<Option<attestation_store::Attestation>, attestation_store::Error> {
+        if !matches!(id, attestation_store::Id::Batch) {
+            return Err(attestation_store::Error::NoSupport);
+        }
+        attestation_store::helper_get(self)
+    }
+
+    fn set(
+        &mut self,
+        id: &attestation_store::Id,
+        attestation: Option<&attestation_store::Attestation>,
+    ) -> Result<(), attestation_store::Error> {
+        if !matches!(id, attestation_store::Id::Batch) {
+            return Err(attestation_store::Error::NoSupport);
+        }
+        attestation_store::helper_set(self, attestation)
     }
 }
 
diff --git a/src/test_helpers/mod.rs b/src/test_helpers/mod.rs
index 4ed02b0..968e25a 100644
--- a/src/test_helpers/mod.rs
+++ b/src/test_helpers/mod.rs
@@ -12,10 +12,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use crate::api::attestation_store::{self, Attestation, AttestationStore};
 use crate::clock::CtapInstant;
 use crate::ctap::command::{
-    AuthenticatorAttestationMaterial, AuthenticatorConfigParameters, Command,
+    AuthenticatorAttestationMaterial, AuthenticatorConfigParameters,
+    AuthenticatorVendorConfigureParameters, Command,
 };
 use crate::ctap::data_formats::ConfigSubCommand;
 use crate::ctap::status_code::Ctap2StatusCode;
@@ -25,22 +25,29 @@ use crate::env::Env;
 // In tests where we define a dummy user-presence check that immediately returns, the channel
 // ID is irrelevant, so we pass this (dummy but valid) value.
 const DUMMY_CHANNEL: Channel = Channel::MainHid([0x12, 0x34, 0x56, 0x78]);
+#[cfg(feature = "vendor_hid")]
+const VENDOR_CHANNEL: Channel = Channel::VendorHid([0x12, 0x34, 0x56, 0x78]);
 
 pub fn enable_enterprise_attestation(
     state: &mut CtapState,
     env: &mut impl Env,
 ) -> Result<AuthenticatorAttestationMaterial, Ctap2StatusCode> {
+    let dummy_key = [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
+    let dummy_cert = vec![0xdd; 20];
     let attestation_material = AuthenticatorAttestationMaterial {
-        certificate: vec![0xdd; 20],
-        private_key: [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
+        certificate: dummy_cert,
+        private_key: dummy_key,
     };
-
-    let attestation = Attestation {
-        private_key: attestation_material.private_key,
-        certificate: attestation_material.certificate.clone(),
+    let configure_params = AuthenticatorVendorConfigureParameters {
+        lockdown: false,
+        attestation_material: Some(attestation_material.clone()),
     };
-    env.attestation_store()
-        .set(&attestation_store::Id::Enterprise, Some(&attestation))?;
+    #[cfg(feature = "vendor_hid")]
+    let vendor_channel = VENDOR_CHANNEL;
+    #[cfg(not(feature = "vendor_hid"))]
+    let vendor_channel = DUMMY_CHANNEL;
+    let vendor_command = Command::AuthenticatorVendorConfigure(configure_params);
+    state.process_parsed_command(env, vendor_command, vendor_channel, CtapInstant::new(0))?;
 
     let config_params = AuthenticatorConfigParameters {
         sub_command: ConfigSubCommand::EnableEnterpriseAttestation,