From 6b636d0bf4f6e28d9e52d3ed033b398c5cff7763 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Thu, 11 Sep 2025 12:13:44 +0200
Subject: [PATCH] Fix CMD_CONFIG with VendorCmd.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fido/cbor_config.c  | 84 ++++++++++++++++++++---------------------
 src/fido/cbor_vendor.c  | 11 ------
 tools/pico-fido-tool.py | 17 ++++-----
 3 files changed, 50 insertions(+), 62 deletions(-)

diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c
index 0661846..1d145fa 100644
--- a/src/fido/cbor_config.c
+++ b/src/fido/cbor_config.c
@@ -68,7 +68,7 @@ int cbor_config(const uint8_t *data, size_t len) {
             raw_subpara = (uint8_t *) cbor_value_get_next_byte(&_f1);
             CBOR_PARSE_MAP_START(_f1, 2)
             {
-                if (subcommand == 0x7f) { // Config Aut
+                if (subcommand == 0xFF) { // Vendor
                     CBOR_FIELD_GET_UINT(subpara, 2);
                     if (subpara == 0x01) {
                         CBOR_FIELD_GET_UINT(vendorCommandId, 2);
@@ -76,6 +76,9 @@ int cbor_config(const uint8_t *data, size_t len) {
                     else if (subpara == 0x02) {
                         CBOR_FIELD_GET_BYTES(vendorAutCt, 2);
                     }
+                    else if (subpara == 0x03) {
+                        CBOR_FIELD_GET_UINT(vendorParam, 2);
+                    }
                 }
                 else if (subcommand == 0x03) { // Extensions
                     CBOR_FIELD_GET_UINT(subpara, 2);
@@ -97,15 +100,6 @@ int cbor_config(const uint8_t *data, size_t len) {
                         CBOR_FIELD_GET_BOOL(forceChangePin, 2);
                     }
                 }
-                else  if (subcommand == 0x1B) { // PHY
-                    CBOR_FIELD_GET_UINT(subpara, 2);
-                    if (subpara == 0x01) {
-                        CBOR_FIELD_GET_UINT(vendorCommandId, 2);
-                    }
-                    else if (subpara == 0x02) {
-                        CBOR_FIELD_GET_UINT(vendorParam, 2);
-                    }
-                }
             }
             CBOR_PARSE_MAP_END(_f1, 2);
             raw_subpara_len = cbor_value_get_next_byte(&_f1) - raw_subpara;
@@ -124,9 +118,12 @@ int cbor_config(const uint8_t *data, size_t len) {
     if (pinUvAuthParam.present == false) {
         CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED);
     }
-    if (pinUvAuthProtocol  == 0) {
+    if (pinUvAuthProtocol == 0) {
         CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
     }
+    if (pinUvAuthProtocol != 1 && pinUvAuthProtocol != 2) {
+        CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
+    }
 
     uint8_t *verify_payload = (uint8_t *) calloc(1, 32 + 1 + 1 + raw_subpara_len);
     memset(verify_payload, 0xff, 32);
@@ -143,8 +140,15 @@ int cbor_config(const uint8_t *data, size_t len) {
         CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
     }
 
-    if (subcommand == 0x7f) {
-        if (vendorCommandId == CTAP_CONFIG_AUT_DISABLE) {
+    if (subcommand == 0xFF) {
+#ifndef ENABLE_EMULATION
+        const bool is_phy = (vendorCommandId == CTAP_CONFIG_PHY_VIDPID ||
+            vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO ||
+            vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS ||
+            vendorCommandId == CTAP_CONFIG_PHY_OPTS);
+#endif
+        if (vendorCommandId == CTAP_CONFIG_AUT_DISABLE)
+        {
             if (!file_has_data(ef_keydev_enc)) {
                 CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED);
             }
@@ -186,6 +190,31 @@ int cbor_config(const uint8_t *data, size_t len) {
             file_put_data(ef_keydev, NULL, 0); // Set ef to 0 bytes
             low_flash_available();
         }
+
+#ifndef ENABLE_EMULATION
+        else if (vendorCommandId == CTAP_CONFIG_PHY_VIDPID) {
+            phy_data.vid = (vendorParam >> 16) & 0xFFFF;
+            phy_data.pid = vendorParam & 0xFFFF;
+            phy_data.vidpid_present = true;
+        }
+        else if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO) {
+            phy_data.led_gpio = (uint8_t)vendorParam;
+            phy_data.led_gpio_present = true;
+        }
+        else if (vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) {
+            phy_data.led_brightness = (uint8_t)vendorParam;
+            phy_data.led_brightness_present = true;
+        }
+        else if (vendorCommandId == CTAP_CONFIG_PHY_OPTS) {
+            phy_data.opts = (uint16_t)vendorParam;
+        }
+        else {
+            CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION);
+        }
+        if (is_phy && phy_save() != PICOKEY_OK) {
+            CBOR_ERROR(CTAP2_ERR_PROCESSING);
+        }
+#endif
         else {
             CBOR_ERROR(CTAP2_ERR_INVALID_SUBCOMMAND);
         }
@@ -228,35 +257,6 @@ int cbor_config(const uint8_t *data, size_t len) {
         set_opts(get_opts() | FIDO2_OPT_EA);
         goto err;
     }
-#ifndef ENABLE_EMULATION
-    else if (subcommand == 0x1B) {
-        if (vendorParam == 0) {
-            CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
-        }
-        if (vendorCommandId == CTAP_CONFIG_PHY_VIDPID) {
-            phy_data.vid = (vendorParam >> 16) & 0xFFFF;
-            phy_data.pid = vendorParam & 0xFFFF;
-            phy_data.vidpid_present = true;
-        }
-        else if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO) {
-            phy_data.led_gpio = (uint8_t)vendorParam;
-            phy_data.led_gpio_present = true;
-        }
-        else if (vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) {
-            phy_data.led_brightness = (uint8_t)vendorParam;
-            phy_data.led_brightness_present = true;
-        }
-        else if (vendorCommandId == CTAP_CONFIG_PHY_OPTS) {
-            phy_data.opts = (uint16_t)vendorParam;
-        }
-        else {
-            CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION);
-        }
-        if (phy_save() != PICOKEY_OK) {
-            CBOR_ERROR(CTAP2_ERR_PROCESSING);
-        }
-    }
-#endif
     else {
         CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION);
     }
diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c
index e8ff439..042140c 100644
--- a/src/fido/cbor_vendor.c
+++ b/src/fido/cbor_vendor.c
@@ -237,17 +237,6 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) {
             CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
             CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, buffer + sizeof(buffer) - ret, ret));
         }
-        else if (vendorCmd == 0x02) {
-            if (vendorParam.present == false) {
-                CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
-            }
-            file_t *ef_ee_ea = search_by_fid(EF_EE_DEV_EA, NULL, SPECIFY_EF);
-            if (ef_ee_ea) {
-                file_put_data(ef_ee_ea, vendorParam.data, (uint16_t)vendorParam.len);
-            }
-            low_flash_available();
-            goto err;
-        }
     }
 #ifndef ENABLE_EMULATION
     else if (cmd == CTAP_VENDOR_PHY_OPTS) {
diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py
index 963e70f..8b8ab57 100644
--- a/tools/pico-fido-tool.py
+++ b/tools/pico-fido-tool.py
@@ -74,16 +74,15 @@ def get_pki_data(url, data=None, method='GET'):
 
 class VendorConfig(Config):
 
+    CONFIG_VENDOR_PROTOTYPE = 0xFF
     class PARAM(IntEnum):
         VENDOR_COMMAND_ID         = 0x01
         VENDOR_AUT_CT             = 0x02
-        VENDOR_PARAM              = 0x02
+        VENDOR_PARAM              = 0x03
 
     class CMD(IntEnum):
         CONFIG_AUT_ENABLE       = 0x03e43f56b34285e2
         CONFIG_AUT_DISABLE      = 0x1831a40f04a25ed9
-        CONFIG_VENDOR_PROTOTYPE = 0x7f
-        CONFIG_VENDOR_PHY       = 0x1b
         CONFIG_PHY_VIDPID       = 0x6fcb19b0cbe3acfa
         CONFIG_PHY_OPTS         = 0x969f3b09eceb805f
         CONFIG_PHY_LED_GPIO     = 0x7b392a394de9f948
@@ -97,7 +96,7 @@ class VendorConfig(Config):
 
     def enable_device_aut(self, ct):
         self._call(
-            VendorConfig.CMD.CONFIG_VENDOR_PROTOTYPE,
+            VendorConfig.CONFIG_VENDOR_PROTOTYPE,
             {
                 VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT_ENABLE,
                 VendorConfig.PARAM.VENDOR_AUT_CT: ct
@@ -106,7 +105,7 @@ class VendorConfig(Config):
 
     def disable_device_aut(self):
         self._call(
-            VendorConfig.CMD.CONFIG_VENDOR_PROTOTYPE,
+            VendorConfig.CONFIG_VENDOR_PROTOTYPE,
             {
                 VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT_DISABLE
             },
@@ -114,7 +113,7 @@ class VendorConfig(Config):
 
     def vidpid(self, vid, pid):
         self._call(
-            VendorConfig.CMD.CONFIG_VENDOR_PHY,
+            VendorConfig.CONFIG_VENDOR_PROTOTYPE,
             {
                 VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_PHY_VIDPID,
                 VendorConfig.PARAM.VENDOR_PARAM: (vid & 0xFFFF) << 16 | pid
@@ -123,7 +122,7 @@ class VendorConfig(Config):
 
     def led_gpio(self, gpio):
         self._call(
-            VendorConfig.CMD.CONFIG_VENDOR_PHY,
+            VendorConfig.CONFIG_VENDOR_PROTOTYPE,
             {
                 VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_PHY_LED_GPIO,
                 VendorConfig.PARAM.VENDOR_PARAM: gpio
@@ -132,7 +131,7 @@ class VendorConfig(Config):
 
     def led_brightness(self, brightness):
         self._call(
-            VendorConfig.CMD.CONFIG_VENDOR_PHY,
+            VendorConfig.CONFIG_VENDOR_PROTOTYPE,
             {
                 VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_PHY_LED_BTNESS,
                 VendorConfig.PARAM.VENDOR_PARAM: brightness
@@ -141,7 +140,7 @@ class VendorConfig(Config):
 
     def phy_opts(self, opts):
         self._call(
-            VendorConfig.CMD.CONFIG_VENDOR_PHY,
+            VendorConfig.CONFIG_VENDOR_PROTOTYPE,
             {
                 VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_PHY_OPTS,
                 VendorConfig.PARAM.VENDOR_PARAM: opts