Support configure via the Vendor interface (#524)

* Support configure via the Vendor interface * Adjust tests now that GetInfo is supported on vendor_hid * Add test for vendor_hid not supporting FIDO command
2022-08-08 21:54:46 +10:00
parent 4a2217f025
commit 262e505ef7
3 changed files with 40 additions and 8 deletions
--- a/deploy.py
+++ b/deploy.py
@@ -755,6 +755,7 @@ class OpenSKInstaller:
            certificate=self.args.config_cert,
            priv_key=self.args.config_pkey,
            lock=self.args.lock_device,
+            use_vendor_hid="vendor_hid" in self.args.features,
        ))
    if not configure_response:
      return None
@@ -875,11 +876,6 @@ class OpenSKInstaller:
              "configured yet.")
      return 0

-    if "vendor_hid" in self.args.features:
-      # vendor_hid as a work in progress and is not compatible with configure
-      # mode.
-      return 0
-
    # Perform checks if OpenSK was flashed.
    if self.args.application != "ctap2":
      return 0
--- a/src/ctap/mod.rs
+++ b/src/ctap/mod.rs
@@ -714,6 +714,7 @@ impl CtapState {
            }
            Command::AuthenticatorVendorUpgrade(params) => self.process_vendor_upgrade(env, params),
            Command::AuthenticatorVendorUpgradeInfo => self.process_vendor_upgrade_info(env),
+            Command::AuthenticatorGetInfo => self.process_get_info(env),
            _ => Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND),
        }
    }
@@ -3865,8 +3866,7 @@ mod test {
    }

    #[test]
-    #[cfg(feature = "vendor_hid")]
-    fn test_main_hid() {
+    fn test_get_info_command() {
        let mut env = TestEnv::new();
        let mut ctap_state = CtapState::new(&mut env, CtapInstant::new(0));

@@ -3880,12 +3880,32 @@ mod test {
            response,
            Ok(ResponseData::AuthenticatorGetInfo(_))
        ));
+        #[cfg(feature = "vendor_hid")]
+        {
            let response = ctap_state.process_parsed_command(
                &mut env,
                Command::AuthenticatorGetInfo,
                VENDOR_CHANNEL,
                CtapInstant::new(0),
            );
+            assert!(matches!(
+                response,
+                Ok(ResponseData::AuthenticatorGetInfo(_))
+            ));
+        }
+    }
+
+    #[test]
+    #[cfg(feature = "vendor_hid")]
+    fn test_vendor_hid_does_not_support_fido_command() {
+        let mut env = TestEnv::new();
+        let mut ctap_state = CtapState::new(&mut env, CtapInstant::new(0));
+        let response = ctap_state.process_parsed_command(
+            &mut env,
+            Command::AuthenticatorGetNextAssertion,
+            VENDOR_CHANNEL,
+            CtapInstant::new(0),
+        );
        assert_eq!(response, Err(Ctap2StatusCode::CTAP1_ERR_INVALID_COMMAND));
    }

--- a/tools/configure.py
+++ b/tools/configure.py
@@ -23,6 +23,7 @@ import argparse
 import getpass
 import datetime
 import sys
+from unittest.mock import patch
 import uuid

 import colorama
@@ -125,7 +126,15 @@ def main(args):
                length=32, byteorder="big", signed=False)
    }

+  patcher = None
+  if args.use_vendor_hid:
+    patcher = patch.object(hid.base, "FIDO_USAGE_PAGE", 0xFF00)
+    patcher.start()
+    info("Using the Vendor HID interface")
+
  devices = get_opensk_devices(args.batch)
+  if patcher:
+    patcher.stop()
  responses = []
  if not devices:
    fatal("No devices found.")
@@ -202,4 +211,11 @@ if __name__ == "__main__":
            "This command can fail if the certificate or the private key "
            "haven't been both programmed yet."),
  )
+  parser.add_argument(
+      "--use-vendor-hid",
+      default=False,
+      action="store_true",
+      dest="use_vendor_hid",
+      help=("Whether to configure the device using the Vendor HID interface"),
+  )
  main(parser.parse_args())