Vendor Command + HID fix (#618)

* Fixes CBOR message passing through Vendor HID

I did all my tests on hardware with this fix, and now I'm surprised that
it didn't end up on develop. So should have been part of a former PR.

* vendor channel test

* forward vendor HID correctly for upgrades

* fixes cargo fmt

* removes script and updates documentation to match

docs/boards/nrf52840dk.md

@@ -62,19 +62,24 @@ firmware. You can bootstrap an upgradable board using one of the two commands:
 Afterwards, you can upgrade the other partition with
 
 ```shell
-./tools/perform_upgrade.sh nrf52840dk_opensk_b --version=1
-./tools/perform_upgrade.sh nrf52840dk_opensk_a --version=1
+# Board A -> B
+./deploy.py --board=nrf52840dk_opensk_b --opensk --programmer=none --version=1
+python3 -m tools.deploy_partition --board=nrf52840dk_opensk_b --version=1
+# Board B -> A
+./deploy.py --board=nrf52840dk_opensk_a --opensk --programmer=none --version=1
+python3 -m tools.deploy_partition --board=nrf52840dk_opensk_a --version=1
 ```
 
 respectively. You can only upgrade the partition that is not currently running,
-so always alternate your calls to `perform_upgrade.sh`. Otherwise, this script
-works like `deploy.py`. You can call it even after you locked down your device,
-to deploy changes to your development board.
+otherwise your deploy attempts will fail. You can call `deploy_partition` after
+you locked down your device, to deploy changes to your development board.
+Upgrades only apply after a reboot.
 
-If you deploy with `--vendor-hid`, also add this flag to `perform_upgrade.sh`,
+If you want to use Vendor HID, add the `--vendor-hid` flag to all calls,
 for example:
 
 ```shell
 ./deploy.py --board=nrf52840dk_opensk_a --opensk --version=0 --vendor-hid
-./tools/perform_upgrade.sh nrf52840dk_opensk_b --version=1 --vendor-hid
+./deploy.py --board=nrf52840dk_opensk_b --opensk --programmer=none --version=1 --vendor-hid
+python3 -m tools.deploy_partition --board=nrf52840dk_opensk_b --version=1 --vendor-hid
 ```

run_desktop_tests.sh

@@ -105,23 +105,23 @@ if [ -z "${TRAVIS_OS_NAME}" -o "${TRAVIS_OS_NAME}" = "linux" ]
 then
   echo "Running unit tests on the desktop (release mode)..."
   cargo test --release --features std
+  cargo test --release --all-features
   cd libraries/cbor
   cargo test --release
   cd ../..
   cd libraries/persistent_store
   cargo test --release --features std
   cd ../..
-  cargo test --release --features std
 
   echo "Running unit tests on the desktop (debug mode)..."
   cargo test --features std
+  cargo test --release --all-features
   cd libraries/cbor
   cargo test
   cd ../..
   cd libraries/persistent_store
   cargo test --features std
   cd ../..
-  cargo test --features std
 
   cd libraries/opensk
   echo "Running CTAP library unit tests (release mode)..."

src/env/tock/commands.rs

@@ -44,7 +44,7 @@ pub fn process_vendor_command(
     channel: Channel,
 ) -> Option<Vec<u8>> {
     #[cfg(feature = "vendor_hid")]
-    if matches!(channel, Channel::VendorHid(_)) {
+    if matches!(channel, Channel::MainHid(_)) {
         return None;
     }
     process_cbor(env, bytes, channel).unwrap_or_else(|e| Some(vec![e as u8]))
@@ -290,6 +290,8 @@ mod test {
     use cbor::cbor_map;
 
     const DUMMY_CHANNEL: Channel = Channel::MainHid([0x12, 0x34, 0x56, 0x78]);
+    #[cfg(feature = "vendor_hid")]
+    const VENDOR_CHANNEL: Channel = Channel::VendorHid([0x12, 0x34, 0x56, 0x78]);
 
     #[test]
     fn test_process_cbor_unrelated_input() {
@@ -317,6 +319,17 @@ mod test {
             .is_some());
     }
 
+    #[test]
+    #[cfg(feature = "vendor_hid")]
+    fn test_process_command_valid_vendor_hid() {
+        let mut env = TockEnv::default();
+        let cbor_bytes = vec![VENDOR_COMMAND_UPGRADE_INFO];
+        assert!(process_cbor(&mut env, &cbor_bytes, VENDOR_CHANNEL)
+            .unwrap()
+            .is_some());
+        assert!(process_vendor_command(&mut env, &cbor_bytes, VENDOR_CHANNEL).is_some());
+    }
+
     #[test]
     fn test_vendor_configure_parameters() {
         let dummy_cert = [0xddu8; 20];

tools/perform_upgrade.sh

@@ -1,31 +0,0 @@
-#!/bin/bash
-# Copyright 2021 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Creates a signature key and configures the public key.
-# The device will not be locked down for testing purposes.
-# Generates the binary and upgrades OpenSK.
-# To be run from the OpenSK base path.
-
-set -e
-
-BOARD="$1"
-
-./deploy.py --board="${BOARD}" --opensk --programmer=none $2
-python3 -m tools.deploy_partition --board="${BOARD}" $2
-if nrfjprog --reset --family NRF52 ; then
-  echo "Upgrade finished!"
-else
-  echo "Please replug OpenSK to reboot"
-fi