Until we implemented fingerprint supported, only commands that check for user presence had a long enough runtime to need keepalives and accept cancellation in practise. Our Env therefore had USB packets in its user presence API:

Now that we start supporting fingerprints, waiting for the user here needs to be reactive the same way. There are two ways to implement this:

A) Add it the same way we did for user presence.
B) Make OpenSK's API more async, and the calls to various parts of the hardware more independent.

The first solution is a direct fix for the problem, and the second one a bigger refactoring of the whole repository. While more work, it has some advantages:

We can correctly implement the CTAPHID_CANCEL not only to cancel commands that wait for user input, but also any that have a longer processing time. The specification requests this [1], our other commands never needed it because they were fast enough. Some software cryptography implementations or PQC might make it a necessity though.

It is a requirement for fix #685. In general, this decision can have implications on what hardware we support.

It makes our implementation cleaner, and it should be easier for users to implement Env in the future.

It simplifies some other work that is outstanding:

• We can move the main loop inside the library. This can help with making OpenSK a crate.
• It makes it easier to multiplex between USB and NFC packets, if we get to support that fully in the future.

[1] https://fidoalliance.org/specs/fido-v2.2-ps-20250714/fido-client-to-authenticator-protocol-v2.2-ps-20250714.html#usb-hid-cancel