Make finalize_result take a FidoDevice as input

jschanck · jschanck · commit c9a6692cfa10 · 2023-09-27T09:59:59.000-07:00
diff --git a/src/ctap2/commands/get_assertion.rs b/src/ctap2/commands/get_assertion.rs
@@ -191,7 +191,7 @@ impl GetAssertion {
         }
     }
 
-    pub fn finalize_result(&self, result: &mut GetAssertionResult) {
+    pub fn finalize_result<Dev: FidoDevice>(&self, _dev: &Dev, result: &mut GetAssertionResult) {
         // Handle extensions whose outputs are not encoded in the authenticator data.
         // 1. appId
         if let Some(app_id) = &self.extensions.app_id {
@@ -325,8 +325,9 @@ impl RequestCtap1 for GetAssertion {
         Ok((apdu, key_handle.clone()))
     }
 
-    fn handle_response_ctap1(
+    fn handle_response_ctap1<Dev: FidoDevice>(
         &self,
+        dev: &mut Dev,
         status: Result<(), ApduErrorStatus>,
         input: &[u8],
         add_info: &PublicKeyCredentialDescriptor,
@@ -340,7 +341,7 @@ impl RequestCtap1 for GetAssertion {
 
         let mut result = GetAssertionResult::from_ctap1(input, &self.rp.hash(), add_info)
             .map_err(|e| Retryable::Error(HIDError::Command(e)))?;
-        self.finalize_result(&mut result);
+        self.finalize_result(dev, &mut result);
         // Although there's only one result, we return a vector for consistency with CTAP2.
         Ok(vec![result])
     }
@@ -351,7 +352,7 @@ impl RequestCtap1 for GetAssertion {
     ) -> Result<Self::Output, HIDError> {
         let mut results = dev.get_assertion(self)?;
         for result in results.iter_mut() {
-            self.finalize_result(result);
+            self.finalize_result(dev, result);
         }
         Ok(results)
     }
@@ -412,7 +413,7 @@ impl RequestCtap2 for GetAssertion {
             }
 
             for result in results.iter_mut() {
-                self.finalize_result(result);
+                self.finalize_result(dev, result);
             }
             Ok(results)
         } else {
@@ -427,7 +428,7 @@ impl RequestCtap2 for GetAssertion {
     ) -> Result<Self::Output, HIDError> {
         let mut results = dev.get_assertion(self)?;
         for result in results.iter_mut() {
-            self.finalize_result(result);
+            self.finalize_result(dev, result);
         }
         Ok(results)
     }
diff --git a/src/ctap2/commands/get_version.rs b/src/ctap2/commands/get_version.rs
@@ -1,7 +1,7 @@
 use super::{CommandError, RequestCtap1, Retryable};
 use crate::consts::U2F_VERSION;
 use crate::transport::errors::{ApduErrorStatus, HIDError};
-use crate::transport::VirtualFidoDevice;
+use crate::transport::{FidoDevice, VirtualFidoDevice};
 use crate::u2ftypes::CTAP1RequestAPDU;
 
 #[allow(non_camel_case_types)]
@@ -18,8 +18,9 @@ impl RequestCtap1 for GetVersion {
     type Output = U2FInfo;
     type AdditionalInfo = ();
 
-    fn handle_response_ctap1(
+    fn handle_response_ctap1<Dev: FidoDevice>(
         &self,
+        _dev: &mut Dev,
         _status: Result<(), ApduErrorStatus>,
         input: &[u8],
         _add_info: &(),
diff --git a/src/ctap2/commands/make_credentials.rs b/src/ctap2/commands/make_credentials.rs
@@ -300,7 +300,7 @@ impl MakeCredentials {
         }
     }
 
-    pub fn finalize_result(&self, result: &mut MakeCredentialsResult) {
+    pub fn finalize_result<Dev: FidoDevice>(&self, _dev: &Dev, result: &mut MakeCredentialsResult) {
         // Handle extensions whose outputs are not encoded in the authenticator data.
         // 1. credProps
         //      "set clientExtensionResults["credProps"]["rk"] to the value of the
@@ -451,8 +451,9 @@ impl RequestCtap1 for MakeCredentials {
         Ok((apdu, ()))
     }
 
-    fn handle_response_ctap1(
+    fn handle_response_ctap1<Dev: FidoDevice>(
         &self,
+        dev: &mut Dev,
         status: Result<(), ApduErrorStatus>,
         input: &[u8],
         _add_info: &(),
@@ -466,7 +467,7 @@ impl RequestCtap1 for MakeCredentials {
 
         let mut output = MakeCredentialsResult::from_ctap1(input, &self.rp.hash())
             .map_err(|e| Retryable::Error(HIDError::Command(e)))?;
-        self.finalize_result(&mut output);
+        self.finalize_result(dev, &mut output);
         Ok(output)
     }
 
@@ -475,7 +476,7 @@ impl RequestCtap1 for MakeCredentials {
         dev: &mut Dev,
     ) -> Result<Self::Output, HIDError> {
         let mut output = dev.make_credentials(self)?;
-        self.finalize_result(&mut output);
+        self.finalize_result(dev, &mut output);
         Ok(output)
     }
 }
@@ -493,7 +494,7 @@ impl RequestCtap2 for MakeCredentials {
 
     fn handle_response_ctap2<Dev: FidoDevice>(
         &self,
-        _dev: &mut Dev,
+        dev: &mut Dev,
         input: &[u8],
     ) -> Result<Self::Output, HIDError> {
         if input.is_empty() {
@@ -512,7 +513,7 @@ impl RequestCtap2 for MakeCredentials {
         if status.is_ok() {
             let mut output: MakeCredentialsResult =
                 from_slice(&input[1..]).map_err(CommandError::Deserializing)?;
-            self.finalize_result(&mut output);
+            self.finalize_result(dev, &mut output);
             Ok(output)
         } else {
             let data: Value = from_slice(&input[1..]).map_err(CommandError::Deserializing)?;
@@ -528,7 +529,7 @@ impl RequestCtap2 for MakeCredentials {
         dev: &mut Dev,
     ) -> Result<Self::Output, HIDError> {
         let mut output = dev.make_credentials(self)?;
-        self.finalize_result(&mut output);
+        self.finalize_result(dev, &mut output);
         Ok(output)
     }
 }
@@ -688,8 +689,14 @@ pub mod test {
             req_serialized, MAKE_CREDENTIALS_SAMPLE_REQUEST_CTAP1,
             "\nGot:      {req_serialized:X?}\nExpected: {MAKE_CREDENTIALS_SAMPLE_REQUEST_CTAP1:X?}"
         );
+        let mut device = Device::new("commands/make_credentials").unwrap(); // not really used
         let make_cred_result = req
-            .handle_response_ctap1(Ok(()), &MAKE_CREDENTIALS_SAMPLE_RESPONSE_CTAP1, &())
+            .handle_response_ctap1(
+                &mut device,
+                Ok(()),
+                &MAKE_CREDENTIALS_SAMPLE_RESPONSE_CTAP1,
+                &(),
+            )
             .expect("Failed to handle CTAP1 response");
 
         let att_obj = AttestationObject {
diff --git a/src/ctap2/commands/mod.rs b/src/ctap2/commands/mod.rs
@@ -60,8 +60,9 @@ pub trait RequestCtap1: fmt::Debug {
     fn ctap1_format(&self) -> Result<(Vec<u8>, Self::AdditionalInfo), HIDError>;
 
     /// Deserializes a response from FIDO v1.x / CTAP1 / U2Fv2 format.
-    fn handle_response_ctap1(
+    fn handle_response_ctap1<Dev: FidoDevice>(
         &self,
+        dev: &mut Dev,
         status: Result<(), ApduErrorStatus>,
         input: &[u8],
         add_info: &Self::AdditionalInfo,
diff --git a/src/ctap2/preflight.rs b/src/ctap2/preflight.rs
@@ -44,8 +44,9 @@ impl<'assertion> RequestCtap1 for CheckKeyHandle<'assertion> {
         Ok((apdu, ()))
     }
 
-    fn handle_response_ctap1(
+    fn handle_response_ctap1<Dev: FidoDevice>(
         &self,
+        _dev: &mut Dev,
         status: Result<(), ApduErrorStatus>,
         _input: &[u8],
         _add_info: &Self::AdditionalInfo,
diff --git a/src/transport/hid.rs b/src/transport/hid.rs
@@ -215,7 +215,7 @@ impl<T: HIDDevice> FidoDeviceIO for T {
                 // This will bubble up error if status != no error
                 let status = ApduErrorStatus::from([status[0], status[1]]);
 
-                match msg.handle_response_ctap1(status, &data, &add_info) {
+                match msg.handle_response_ctap1(self, status, &data, &add_info) {
                     Ok(out) => return Ok(out),
                     Err(Retryable::Retry) => {
                         // sleep 100ms then loop again

Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,7 @@ impl GetAssertion {`
`191`	`191`	`}`
`192`	`192`	`}`
`193`	`193`
`194`		`- pub fn finalize_result(&self, result: &mut GetAssertionResult) {`
	`194`	`+ pub fn finalize_result<Dev: FidoDevice>(&self, _dev: &Dev, result: &mut GetAssertionResult) {`
`195`	`195`	`// Handle extensions whose outputs are not encoded in the authenticator data.`
`196`	`196`	`// 1. appId`
`197`	`197`	`if let Some(app_id) = &self.extensions.app_id {`
`@@ -325,8 +325,9 @@ impl RequestCtap1 for GetAssertion {`
`325`	`325`	`Ok((apdu, key_handle.clone()))`
`326`	`326`	`}`
`327`	`327`
`328`		`- fn handle_response_ctap1(`
	`328`	`+ fn handle_response_ctap1<Dev: FidoDevice>(`
`329`	`329`	`&self,`
	`330`	`+ dev: &mut Dev,`
`330`	`331`	`status: Result<(), ApduErrorStatus>,`
`331`	`332`	`input: &[u8],`
`332`	`333`	`add_info: &PublicKeyCredentialDescriptor,`
`@@ -340,7 +341,7 @@ impl RequestCtap1 for GetAssertion {`
`340`	`341`
`341`	`342`	`let mut result = GetAssertionResult::from_ctap1(input, &self.rp.hash(), add_info)`
`342`	`343`	`.map_err(\|e\| Retryable::Error(HIDError::Command(e)))?;`
`343`		`- self.finalize_result(&mut result);`
	`344`	`+ self.finalize_result(dev, &mut result);`
`344`	`345`	`// Although there's only one result, we return a vector for consistency with CTAP2.`
`345`	`346`	`Ok(vec![result])`
`346`	`347`	`}`
`@@ -351,7 +352,7 @@ impl RequestCtap1 for GetAssertion {`
`351`	`352`	`) -> Result<Self::Output, HIDError> {`
`352`	`353`	`let mut results = dev.get_assertion(self)?;`
`353`	`354`	`for result in results.iter_mut() {`
`354`		`- self.finalize_result(result);`
	`355`	`+ self.finalize_result(dev, result);`
`355`	`356`	`}`
`356`	`357`	`Ok(results)`
`357`	`358`	`}`
`@@ -412,7 +413,7 @@ impl RequestCtap2 for GetAssertion {`
`412`	`413`	`}`
`413`	`414`
`414`	`415`	`for result in results.iter_mut() {`
`415`		`- self.finalize_result(result);`
	`416`	`+ self.finalize_result(dev, result);`
`416`	`417`	`}`
`417`	`418`	`Ok(results)`
`418`	`419`	`} else {`
`@@ -427,7 +428,7 @@ impl RequestCtap2 for GetAssertion {`
`427`	`428`	`) -> Result<Self::Output, HIDError> {`
`428`	`429`	`let mut results = dev.get_assertion(self)?;`
`429`	`430`	`for result in results.iter_mut() {`
`430`		`- self.finalize_result(result);`
	`431`	`+ self.finalize_result(dev, result);`
`431`	`432`	`}`
`432`	`433`	`Ok(results)`
`433`	`434`	`}`