Hybrid transport: Add state-assisted transactions (WiP)

AlfioEmanueleFresta · AlfioEmanueleFresta · commit 640a344a609b · 2025-05-11T18:03:03.000+01:00
diff --git a/libwebauthn/examples/webauthn_cable.rs b/libwebauthn/examples/webauthn_cable.rs
@@ -1,5 +1,6 @@
 use std::error::Error;
 use std::io::{self, Write};
+use std::sync::Arc;
 use std::time::Duration;
 
 use libwebauthn::pin::PinRequestReason;
@@ -78,12 +79,14 @@ async fn handle_updates(mut state_recv: Receiver<UxUpdate>) {
 pub async fn main() -> Result<(), Box<dyn Error>> {
     setup_logging();
 
-    let _device_info_store: Box<dyn CableKnownDeviceInfoStore> =
-        Box::new(EphemeralDeviceInfoStore::default());
+    let device_info_store: Arc<dyn CableKnownDeviceInfoStore> =
+        Arc::new(EphemeralDeviceInfoStore::default());
 
     // Create QR code
-    let mut device: CableQrCodeDevice<'_> =
-        CableQrCodeDevice::new_transient(QrCodeOperationHint::MakeCredential);
+    let mut device: CableQrCodeDevice = CableQrCodeDevice::new_persistent(
+        QrCodeOperationHint::MakeCredential,
+        device_info_store.clone(),
+    );
 
     println!("Created QR code, awaiting for advertisement.");
     let qr_code = QrCode::new(device.qr_code.to_string()).unwrap();
@@ -148,8 +151,10 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
     };
 
     // Create QR code
-    let mut device: CableQrCodeDevice<'_> =
-        CableQrCodeDevice::new_transient(QrCodeOperationHint::GetAssertionRequest);
+    let mut device: CableQrCodeDevice = CableQrCodeDevice::new_persistent(
+        QrCodeOperationHint::GetAssertionRequest,
+        device_info_store.clone(),
+    );
 
     println!("Created QR code, awaiting for advertisement.");
     let qr_code = QrCode::new(device.qr_code.to_string()).unwrap();
diff --git a/libwebauthn/src/transport/cable/channel.rs b/libwebauthn/src/transport/cable/channel.rs
@@ -22,8 +22,8 @@ use super::qr_code_device::CableQrCodeDevice;
 
 #[derive(Debug)]
 pub enum CableChannelDevice<'d> {
-    QrCode(&'d CableQrCodeDevice<'d>),
-    Known(&'d CableKnownDevice<'d>),
+    QrCode(&'d CableQrCodeDevice),
+    Known(&'d CableKnownDevice),
 }
 
 #[derive(Debug)]
diff --git a/libwebauthn/src/transport/cable/known_devices.rs b/libwebauthn/src/transport/cable/known_devices.rs
@@ -1,77 +1,131 @@
+use std::collections::HashMap;
 use std::fmt::{Debug, Display};
+use std::sync::Arc;
 
 use crate::transport::error::Error;
 use crate::transport::Device;
+use crate::webauthn::TransportError;
 use crate::UxUpdate;
 
 use async_trait::async_trait;
+use futures::lock::Mutex;
 use tokio::sync::mpsc;
+use tracing::{debug, trace};
 
 use super::channel::CableChannel;
+use super::tunnel::CableLinkingInfo;
 use super::Cable;
 
 #[async_trait]
-pub trait CableKnownDeviceInfoStore: Debug + Send {
-    /// Called whenever a known device should be added.
-    async fn put_known_device(&mut self, device: &CableKnownDeviceInfo);
+pub trait CableKnownDeviceInfoStore: Debug + Send + Sync {
+    /// Called whenever a known device should be added or updated.
+    async fn put_known_device(&self, device_id: &CableKnownDeviceId, device: &CableKnownDeviceInfo);
     /// Called whenever a known device becomes permanently unavailable.
-    async fn delete_known_device(&mut self, device_id: String);
+    async fn delete_known_device(&self, device_id: &CableKnownDeviceId);
 }
 
-/// A no-op known-device store for ephemeral-only implementations.
+/// An in-memory store for testing purposes.
 #[derive(Debug, Default, Clone)]
 pub struct EphemeralDeviceInfoStore {
-    pub last_device_info: Option<CableKnownDeviceInfo>,
+    pub known_devices: Arc<Mutex<HashMap<CableKnownDeviceId, CableKnownDeviceInfo>>>,
+}
+
+impl EphemeralDeviceInfoStore {
+    pub fn new() -> Self {
+        Self {
+            known_devices: Arc::new(Mutex::new(HashMap::new())),
+        }
+    }
 }
 
 unsafe impl Send for EphemeralDeviceInfoStore {}
 
 #[async_trait]
 impl CableKnownDeviceInfoStore for EphemeralDeviceInfoStore {
-    async fn put_known_device(&mut self, device: &CableKnownDeviceInfo) {
-        self.last_device_info = Some(device.clone())
+    async fn put_known_device(
+        &self,
+        device_id: &CableKnownDeviceId,
+        device: &CableKnownDeviceInfo,
+    ) {
+        debug!(?device_id, "Inserting or updating known device");
+        trace!(?device);
+        let mut known_devices = self.known_devices.lock().await;
+        known_devices.insert(device_id.clone(), device.clone());
     }
 
-    async fn delete_known_device(&mut self, device_id: String) {
-        if let Some(last_device_info) = &self.last_device_info {
-            if last_device_info.device_id == device_id {
-                self.last_device_info = None
-            }
-        }
+    async fn delete_known_device(&self, device_id: &CableKnownDeviceId) {
+        debug!(?device_id, "Deleting known device");
+        let mut known_devices = self.known_devices.lock().await;
+        known_devices.remove(device_id);
     }
 }
 
+pub type CableKnownDeviceId = String;
+
 #[derive(Debug, Clone)]
 pub struct CableKnownDeviceInfo {
-    pub device_id: String,
     pub contact_id: Vec<u8>,
     pub link_id: [u8; 8],
     pub link_secret: [u8; 32],
     pub public_key: [u8; 65],
     pub name: String,
+    pub tunnel_domain: String,
+}
+
+impl From<&CableLinkingInfo> for CableKnownDeviceId {
+    fn from(linking_info: &CableLinkingInfo) -> Self {
+        hex::encode(&linking_info.authenticator_public_key)
+    }
+}
+
+impl CableKnownDeviceInfo {
+    pub(crate) fn new(tunnel_domain: &str, linking_info: &CableLinkingInfo) -> Result<Self, Error> {
+        let info = Self {
+            contact_id: linking_info.contact_id.to_vec(),
+            link_id: linking_info
+                .link_id
+                .clone()
+                .try_into()
+                .map_err(|_| Error::Transport(TransportError::InvalidFraming))?,
+            link_secret: linking_info
+                .link_secret
+                .clone()
+                .try_into()
+                .map_err(|_| Error::Transport(TransportError::InvalidFraming))?,
+            public_key: linking_info
+                .authenticator_public_key
+                .clone()
+                .try_into()
+                .map_err(|_| Error::Transport(TransportError::InvalidFraming))?,
+            name: linking_info.authenticator_name.clone(),
+            tunnel_domain: tunnel_domain.to_string(),
+        };
+        Ok(info)
+    }
 }
 
 #[derive(Debug)]
-pub struct CableKnownDevice<'d> {
+pub struct CableKnownDevice {
     pub device_info: CableKnownDeviceInfo,
-    _store: &'d mut Box<dyn CableKnownDeviceInfoStore>,
+    _store: Arc<dyn CableKnownDeviceInfoStore>,
 }
 
-impl<'d> Display for CableKnownDevice<'d> {
+impl Display for CableKnownDevice {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         write!(
             f,
             "{} ({})",
-            self.device_info.name, self.device_info.device_id
+            &self.device_info.name,
+            hex::encode(&self.device_info.public_key)
         )
     }
 }
 
-unsafe impl<'d> Send for CableKnownDevice<'d> {}
-unsafe impl<'d> Sync for CableKnownDevice<'d> {}
+unsafe impl Send for CableKnownDevice {}
+unsafe impl Sync for CableKnownDevice {}
 
 #[async_trait]
-impl<'d> Device<'d, Cable, CableChannel<'d>> for CableKnownDevice<'d> {
+impl<'d> Device<'d, Cable, CableChannel<'d>> for CableKnownDevice {
     async fn channel(&'d mut self) -> Result<(CableChannel, mpsc::Receiver<UxUpdate>), Error> {
         todo!()
     }
diff --git a/libwebauthn/src/transport/cable/qr_code_device.rs b/libwebauthn/src/transport/cable/qr_code_device.rs
@@ -1,5 +1,6 @@
 use std::fmt::{Debug, Display};
 use std::pin::pin;
+use std::sync::Arc;
 use std::time::SystemTime;
 
 use async_trait::async_trait;
@@ -81,16 +82,16 @@ impl ToString for CableQrCode {
 
 /// Represents a new device which will connect by scanning a QR code.
 /// This could be a new device, or an ephmemeral device whose details were not stored.
-pub struct CableQrCodeDevice<'d> {
+pub struct CableQrCodeDevice {
     /// The QR code to be scanned by the new authenticator.
     pub qr_code: CableQrCode,
     /// An ephemeral private, corresponding to the public key within the QR code.
     pub private_key: NonZeroScalar,
     /// An optional reference to the store. This may be None, if no persistence is desired.
-    store: Option<&'d mut Box<dyn CableKnownDeviceInfoStore>>,
+    pub(crate) store: Option<Arc<dyn CableKnownDeviceInfoStore>>,
 }
 
-impl Debug for CableQrCodeDevice<'_> {
+impl Debug for CableQrCodeDevice {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.debug_struct("CableQrCodeDevice")
             .field("qr_code", &self.qr_code)
@@ -125,20 +126,20 @@ impl From<&[u8]> for DecryptedAdvert {
     }
 }
 
-impl<'d> CableQrCodeDevice<'d> {
+impl CableQrCodeDevice {
     /// Generates a QR code, linking the provided known-device store. A device scanning
     /// this QR code may be persisted to the store after a successful connection.
     pub fn new_persistent(
         hint: QrCodeOperationHint,
-        store: &'d mut Box<dyn CableKnownDeviceInfoStore>,
+        store: Arc<dyn CableKnownDeviceInfoStore>,
     ) -> Self {
         Self::new(hint, true, Some(store))
     }
 
     fn new(
         hint: QrCodeOperationHint,
         state_assisted: bool,
-        store: Option<&'d mut Box<dyn CableKnownDeviceInfoStore>>,
+        store: Option<Arc<dyn CableKnownDeviceInfoStore>>,
     ) -> Self {
         let private_key_scalar = NonZeroScalar::random(&mut OsRng);
         let private_key = SecretKey::from_bytes(&private_key_scalar.to_bytes()).unwrap();
@@ -176,7 +177,7 @@ impl<'d> CableQrCodeDevice<'d> {
     }
 }
 
-impl CableQrCodeDevice<'_> {
+impl CableQrCodeDevice {
     /// Generates a QR code, without any known-device store. A device scanning this QR code
     /// will not be persisted.
     pub fn new_transient(hint: QrCodeOperationHint) -> Self {
@@ -231,18 +232,18 @@ impl CableQrCodeDevice<'_> {
     }
 }
 
-unsafe impl Send for CableQrCodeDevice<'_> {}
+unsafe impl Send for CableQrCodeDevice {}
 
-unsafe impl Sync for CableQrCodeDevice<'_> {}
+unsafe impl Sync for CableQrCodeDevice {}
 
-impl Display for CableQrCodeDevice<'_> {
+impl Display for CableQrCodeDevice {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         write!(f, "CableQrCodeDevice")
     }
 }
 
 #[async_trait]
-impl<'d> Device<'d, Cable, CableChannel<'d>> for CableQrCodeDevice<'_> {
+impl<'d> Device<'d, Cable, CableChannel<'d>> for CableQrCodeDevice {
     async fn channel(&'d mut self) -> Result<(CableChannel<'d>, mpsc::Receiver<UxUpdate>), Error> {
         let (_device, advert) = self.await_advertisement().await?;
 
diff --git a/libwebauthn/src/transport/cable/tunnel.rs b/libwebauthn/src/transport/cable/tunnel.rs

Original file line number	Diff line number	Diff line change
`@@ -22,8 +22,8 @@ use super::qr_code_device::CableQrCodeDevice;`
`22`	`22`
`23`	`23`	`#[derive(Debug)]`
`24`	`24`	`pub enum CableChannelDevice<'d> {`
`25`		`- QrCode(&'d CableQrCodeDevice<'d>),`
`26`		`- Known(&'d CableKnownDevice<'d>),`
	`25`	`+ QrCode(&'d CableQrCodeDevice),`
	`26`	`+ Known(&'d CableKnownDevice),`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`#[derive(Debug)]`