linux-credentials
diff --git a/‎Cargo.lock‎
Lines changed: 167 additions & 85 deletions b/‎Cargo.lock‎
Lines changed: 167 additions & 85 deletions
diff --git a/‎libwebauthn/examples/webauthn_cable.rs‎
Lines changed: 8 additions & 1 deletion b/‎libwebauthn/examples/webauthn_cable.rs‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎libwebauthn/src/transport/cable/advertisement.rs‎
Lines changed: 4 additions & 3 deletions b/‎libwebauthn/src/transport/cable/advertisement.rs‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎libwebauthn/src/transport/cable/channel.rs‎
Lines changed: 66 additions & 3 deletions b/‎libwebauthn/src/transport/cable/channel.rs‎
Lines changed: 66 additions & 3 deletions
@@ -4,7 +4,7 @@ use std::sync::Arc;
 use std::time::Duration;
 
 use libwebauthn::pin::PinRequestReason;
-use libwebauthn::transport::cable::channel::CableUxUpdate;
+use libwebauthn::transport::cable::channel::{CableUpdate, CableUxUpdate};
 use libwebauthn::transport::cable::known_devices::{
     CableKnownDevice, ClientPayloadHint, EphemeralDeviceInfoStore,
 };
@@ -75,6 +75,13 @@ async fn handle_updates(mut state_recv: Receiver<CableUxUpdate>) {
                     }
                 }
             },
+            CableUxUpdate::CableUpdate(cable_update) => match cable_update {
+                CableUpdate::ProximityCheck => println!("Proximity check in progress..."),
+                CableUpdate::Connecting => println!("Connecting to the device..."),
+                CableUpdate::Authenticating => println!("Authenticating with the device..."),
+                CableUpdate::Connected => println!("Tunnel established successfully!"),
+                CableUpdate::Failed => println!("Failed to establish tunnel."),
+            },
         }
     }
 }
 
@@ -1,7 +1,7 @@
 use ::btleplug::api::Central;
 use futures::StreamExt;
 use std::pin::pin;
-use tracing::{debug, trace, warn};
+use tracing::{debug, instrument, trace, warn};
 use uuid::Uuid;
 
 use crate::transport::ble::btleplug::{self, FidoDevice};
@@ -15,7 +15,7 @@ const CABLE_UUID_GOOGLE: &str = "0000fde2-0000-1000-8000-00805f9b34fb";
 #[derive(Debug)]
 pub(crate) struct DecryptedAdvert {
     pub plaintext: [u8; 16],
-    pub nonce: [u8; 10],
+    pub _nonce: [u8; 10],
     pub routing_id: [u8; 3],
     pub encoded_tunnel_server_domain: u16,
 }
@@ -31,13 +31,14 @@ impl From<[u8; 16]> for DecryptedAdvert {
         plaintext_fixed.copy_from_slice(&plaintext[..16]);
         Self {
             plaintext: plaintext_fixed,
-            nonce,
+            _nonce: nonce,
             routing_id,
             encoded_tunnel_server_domain,
         }
     }
 }
 
+#[instrument(skip_all, err)]
 pub(crate) async fn await_advertisement(
     eid_key: &[u8],
 ) -> Result<(FidoDevice, DecryptedAdvert), Error> {
 
@@ -2,7 +2,7 @@ use std::fmt::{Display, Formatter};
 use std::time::Duration;
 
 use async_trait::async_trait;
-use tokio::sync::mpsc;
+use tokio::sync::{mpsc, watch};
 use tokio::{task, time};
 use tracing::error;
 
@@ -21,6 +21,16 @@ use crate::UvUpdate;
 use super::known_devices::CableKnownDevice;
 use super::qr_code_device::CableQrCodeDevice;
 
+#[derive(Debug, Clone, PartialEq)]
+pub enum ConnectionState {
+    /// Connection is being established (proximity check, connecting, authenticating)
+    Connecting,
+    /// Connection is fully established and ready for operations
+    Connected,
+    /// Connection has terminated
+    Terminated,
+}
+
 #[derive(Debug)]
 pub enum CableChannelDevice<'d> {
     QrCode(&'d CableQrCodeDevice),
@@ -34,12 +44,42 @@ pub struct CableChannel {
 
     /// The noise state used for encryption over the WebSocket stream.
     // pub(crate) noise_state: TransportState,
-
-    /// The device that this channel is connected to.
     pub(crate) handle_connection: task::JoinHandle<()>,
     pub(crate) cbor_sender: mpsc::Sender<CborRequest>,
     pub(crate) cbor_receiver: mpsc::Receiver<CborResponse>,
     pub(crate) tx: mpsc::Sender<CableUxUpdate>,
+    /// Watch receiver for connection state
+    pub(crate) connection_state_rx: watch::Receiver<ConnectionState>,
+}
+
+impl CableChannel {
+    async fn wait_for_connection(&self) -> Result<(), Error> {
+        let mut rx = self.connection_state_rx.clone();
+
+        // If already connected, return immediately
+        if *rx.borrow() == ConnectionState::Connected {
+            return Ok(());
+        }
+
+        // If already terminated, return error immediately
+        if *rx.borrow() == ConnectionState::Terminated {
+            return Err(Error::Transport(TransportError::ConnectionFailed));
+        }
+
+        // Wait for state change
+        while rx.changed().await.is_ok() {
+            match *rx.borrow() {
+                ConnectionState::Connected => return Ok(()),
+                ConnectionState::Terminated => {
+                    return Err(Error::Transport(TransportError::ConnectionFailed))
+                }
+                ConnectionState::Connecting => continue,
+            }
+        }
+
+        // If the sender was dropped, consider it a failure
+        Err(Error::Transport(TransportError::ConnectionFailed))
+    }
 }
 
 impl Display for CableChannel {
@@ -57,6 +97,21 @@ impl Drop for CableChannel {
 #[derive(Debug)]
 pub enum CableUxUpdate {
     UvUpdate(UvUpdate),
+    CableUpdate(CableUpdate),
+}
+
+#[derive(Debug)]
+pub enum CableUpdate {
+    /// Waiting for proximity check user interaction (eg. scan a QR code, or confirm on the device).
+    ProximityCheck,
+    /// Connecting to the tunnel server.
+    Connecting,
+    /// Connected to the tunnel server, authenticating the channel.
+    Authenticating,
+    /// Connected to the authenticator device via the tunnel server.
+    Connected,
+    /// The connection to the authenticator device has failed.
+    Failed,
 }
 
 impl From<UvUpdate> for CableUxUpdate {
@@ -95,6 +150,10 @@ impl<'d> Channel for CableChannel {
     }
 
     async fn cbor_send(&mut self, request: &CborRequest, timeout: Duration) -> Result<(), Error> {
+        // First, wait for connection to be established (no timeout for handshake)
+        self.wait_for_connection().await?;
+
+        // Now apply timeout only to the actual CBOR operation
         match time::timeout(timeout, self.cbor_sender.send(request.clone())).await {
             Ok(Ok(_)) => Ok(()),
             Ok(Err(error)) => {
@@ -109,6 +168,10 @@ impl<'d> Channel for CableChannel {
     }
 
     async fn cbor_recv(&mut self, timeout: Duration) -> Result<CborResponse, Error> {
+        // First, wait for connection to be established (no timeout for handshake)
+        self.wait_for_connection().await?;
+
+        // Now apply timeout only to the actual CBOR operation
         match time::timeout(timeout, self.cbor_receiver.recv()).await {
             Ok(Some(response)) => Ok(response),
             Ok(None) => Err(Error::Transport(TransportError::TransportUnavailable)),
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ use std::sync::Arc;`
`4`	`4`	`use std::time::Duration;`
`5`	`5`
`6`	`6`	`use libwebauthn::pin::PinRequestReason;`
`7`		`-use libwebauthn::transport::cable::channel::CableUxUpdate;`
	`7`	`+use libwebauthn::transport::cable::channel::{CableUpdate, CableUxUpdate};`
`8`	`8`	`use libwebauthn::transport::cable::known_devices::{`
`9`	`9`	`CableKnownDevice, ClientPayloadHint, EphemeralDeviceInfoStore,`
`10`	`10`	`};`
`@@ -75,6 +75,13 @@ async fn handle_updates(mut state_recv: Receiver<CableUxUpdate>) {`
`75`	`75`	`}`
`76`	`76`	`}`
`77`	`77`	`},`
	`78`	`+ CableUxUpdate::CableUpdate(cable_update) => match cable_update {`
	`79`	`+ CableUpdate::ProximityCheck => println!("Proximity check in progress..."),`
	`80`	`+ CableUpdate::Connecting => println!("Connecting to the device..."),`
	`81`	`+ CableUpdate::Authenticating => println!("Authenticating with the device..."),`
	`82`	`+ CableUpdate::Connected => println!("Tunnel established successfully!"),`
	`83`	`+ CableUpdate::Failed => println!("Failed to establish tunnel."),`
	`84`	`+ },`
`78`	`85`	`}`
`79`	`86`	`}`
`80`	`87`	`}`