Support configure via the Vendor interface (#524)

* Support configure via the Vendor interface

* Adjust tests now that GetInfo is supported on vendor_hid

* Add test for vendor_hid not supporting FIDO command

deploy.py

@@ -755,6 +755,7 @@ class OpenSKInstaller:
             certificate=self.args.config_cert,
             priv_key=self.args.config_pkey,
             lock=self.args.lock_device,
+            use_vendor_hid="vendor_hid" in self.args.features,
         ))
     if not configure_response:
       return None
@@ -875,11 +876,6 @@ class OpenSKInstaller:
               "configured yet.")
       return 0
 
-    if "vendor_hid" in self.args.features:
-      # vendor_hid as a work in progress and is not compatible with configure
-      # mode.
-      return 0
-
     # Perform checks if OpenSK was flashed.
     if self.args.application != "ctap2":
       return 0

src/ctap/mod.rs

@@ -714,6 +714,7 @@ impl CtapState {
             }
             Command::AuthenticatorVendorUpgrade(params) => self.process_vendor_upgrade(env, params),
             Command::AuthenticatorVendorUpgradeInfo => self.process_vendor_upgrade_info(env),
+            Command::AuthenticatorGetInfo => self.process_get_info(env),
             _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND),
         }
     }
@@ -3865,8 +3866,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "vendor_hid")]
+    fn test_get_info_command() {
-    fn test_main_hid() {
         let mut env = TestEnv::new();
         let mut ctap_state = CtapState::new(&mut env, CtapInstant::new(0));
 
@@ -3880,12 +3880,32 @@ mod test {
             response,
             Ok(ResponseData::AuthenticatorGetInfo(_))
         ));
+        #[cfg(feature = "vendor_hid")]
+        {
             let response = ctap_state.process_parsed_command(
                 &mut env,
                 Command::AuthenticatorGetInfo,
                 VENDOR_CHANNEL,
                 CtapInstant::new(0),
             );
+            assert!(matches!(
+                response,
+                Ok(ResponseData::AuthenticatorGetInfo(_))
+            ));
+        }
+    }
+
+    #[test]
+    #[cfg(feature = "vendor_hid")]
+    fn test_vendor_hid_does_not_support_fido_command() {
+        let mut env = TestEnv::new();
+        let mut ctap_state = CtapState::new(&mut env, CtapInstant::new(0));
+        let response = ctap_state.process_parsed_command(
+            &mut env,
+            Command::AuthenticatorGetNextAssertion,
+            VENDOR_CHANNEL,
+            CtapInstant::new(0),
+        );
         assert_eq!(response, Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND));
     }
 

tools/configure.py

@@ -23,6 +23,7 @@ import argparse
 import getpass
 import datetime
 import sys
+from unittest.mock import patch
 import uuid
 
 import colorama
@@ -125,7 +126,15 @@ def main(args):
                 length=32, byteorder="big", signed=False)
     }
 
+  patcher = None
+  if args.use_vendor_hid:
+    patcher = patch.object(hid.base, "FIDO_USAGE_PAGE", 0xFF00)
+    patcher.start()
+    info("Using the Vendor HID interface")
+
   devices = get_opensk_devices(args.batch)
+  if patcher:
+    patcher.stop()
   responses = []
   if not devices:
     fatal("No devices found.")
@@ -202,4 +211,11 @@ if __name__ == "__main__":
             "This command can fail if the certificate or the private key "
             "haven't been both programmed yet."),
   )
+  parser.add_argument(
+      "--use-vendor-hid",
+      default=False,
+      action="store_true",
+      dest="use_vendor_hid",
+      help=("Whether to configure the device using the Vendor HID interface"),
+  )
   main(parser.parse_args())