Add Error to CableUxUpdate

AlfioEmanueleFresta · AlfioEmanueleFresta · commit 6ddcd3f09546 · 2025-07-20T02:06:58.000+01:00
diff --git a/libwebauthn/examples/webauthn_cable.rs b/libwebauthn/examples/webauthn_cable.rs
@@ -80,7 +80,7 @@ async fn handle_updates(mut state_recv: Receiver<CableUxUpdate>) {
                 CableUpdate::Connecting => println!("Connecting to the device..."),
                 CableUpdate::Authenticating => println!("Authenticating with the device..."),
                 CableUpdate::Connected => println!("Tunnel established successfully!"),
-                CableUpdate::Failed => println!("Failed to establish tunnel."),
+                CableUpdate::Error(err) => println!("Error during connection: {}", err),
             },
         }
     }
diff --git a/libwebauthn/src/transport/cable/advertisement.rs b/libwebauthn/src/transport/cable/advertisement.rs
@@ -7,7 +7,6 @@ use uuid::Uuid;
 use crate::transport::ble::btleplug::{self, FidoDevice};
 use crate::transport::cable::crypto::trial_decrypt_advert;
 use crate::transport::error::TransportError;
-use crate::webauthn::error::Error;
 
 const CABLE_UUID_FIDO: &str = "0000fff9-0000-1000-8000-00805f9b34fb";
 const CABLE_UUID_GOOGLE: &str = "0000fde2-0000-1000-8000-00805f9b34fb";
@@ -41,22 +40,22 @@ impl From<[u8; 16]> for DecryptedAdvert {
 #[instrument(skip_all, err)]
 pub(crate) async fn await_advertisement(
     eid_key: &[u8],
-) -> Result<(FidoDevice, DecryptedAdvert), Error> {
+) -> Result<(FidoDevice, DecryptedAdvert), TransportError> {
     let uuids = &[
         Uuid::parse_str(CABLE_UUID_FIDO).unwrap(),
         Uuid::parse_str(CABLE_UUID_GOOGLE).unwrap(), // Deprecated, but may still be in use.
     ];
     let stream = btleplug::manager::start_discovery_for_service_data(uuids)
         .await
-        .or(Err(Error::Transport(TransportError::TransportUnavailable)))?;
+        .or(Err(TransportError::TransportUnavailable))?;
 
     let mut stream = pin!(stream);
     while let Some((adapter, peripheral, data)) = stream.as_mut().next().await {
         debug!({ ?peripheral, ?data }, "Found device with service data");
 
         let Some(device) = btleplug::manager::get_device(peripheral.clone())
             .await
-            .or(Err(Error::Transport(TransportError::TransportUnavailable)))?
+            .or(Err(TransportError::TransportUnavailable))?
         else {
             warn!(
                 ?peripheral,
@@ -82,11 +81,11 @@ pub(crate) async fn await_advertisement(
         adapter
             .stop_scan()
             .await
-            .or(Err(Error::Transport(TransportError::TransportUnavailable)))?;
+            .or(Err(TransportError::TransportUnavailable))?;
 
         return Ok((device, advert));
     }
 
     warn!("BLE advertisement discovery stream terminated");
-    Err(Error::Transport(TransportError::TransportUnavailable))
+    Err(TransportError::TransportUnavailable)
 }
diff --git a/libwebauthn/src/transport/cable/channel.rs b/libwebauthn/src/transport/cable/channel.rs
@@ -57,7 +57,7 @@ impl CableChannel {
 
         // If already terminated, return error immediately
         if *rx.borrow() == ConnectionState::Terminated {
-            return Err(Error::Transport(TransportError::ConnectionFailed));
+            return Err(Error::Transport(TransportError::ConnectionLost));
         }
 
         // Wait for state change
@@ -72,7 +72,7 @@ impl CableChannel {
         }
 
         // If the sender was dropped, consider it a failure
-        Err(Error::Transport(TransportError::ConnectionFailed))
+        Err(Error::Transport(TransportError::ConnectionLost))
     }
 }
 
@@ -105,7 +105,7 @@ pub enum CableUpdate {
     /// Connected to the authenticator device via the tunnel server.
     Connected,
     /// The connection to the authenticator device has failed.
-    Failed,
+    Error(TransportError),
 }
 
 impl From<UvUpdate> for CableUxUpdate {
diff --git a/libwebauthn/src/transport/cable/connection_stages.rs b/libwebauthn/src/transport/cable/connection_stages.rs
@@ -12,7 +12,6 @@ use super::tunnel::{self, CableTunnelConnectionType, TunnelNoiseState};
 use crate::proto::ctap2::cbor::{CborRequest, CborResponse};
 use crate::transport::ble::btleplug::FidoDevice;
 use crate::transport::error::TransportError;
-use crate::webauthn::error::Error;
 use std::sync::Arc;
 
 #[derive(Debug)]
@@ -60,7 +59,7 @@ impl ConnectionInput {
     pub fn new_for_qr_code(
         qr_device: &CableQrCodeDevice,
         proximity_output: &ProximityCheckOutput,
-    ) -> Result<Self, Error> {
+    ) -> Result<Self, TransportError> {
         let tunnel_domain = decode_tunnel_domain_from_advert(&proximity_output.advert)?;
 
         let routing_id_str = hex::encode(&proximity_output.advert.routing_id);
@@ -194,7 +193,7 @@ impl TunnelConnectionInput {
 #[async_trait]
 pub(crate) trait UxUpdateSender: Send + Sync {
     async fn send_update(&self, update: CableUxUpdate);
-    async fn send_error(&self);
+    async fn send_error(&self, error: TransportError);
     async fn set_connection_state(&self, state: ConnectionState);
 }
 
@@ -221,10 +220,10 @@ impl UxUpdateSender for MpscUxUpdateSender {
         let _ = self.sender.send(update);
     }
 
-    async fn send_error(&self) {
+    async fn send_error(&self, error: TransportError) {
         let _ = self
             .sender
-            .send(CableUxUpdate::CableUpdate(CableUpdate::Failed));
+            .send(CableUxUpdate::CableUpdate(CableUpdate::Error(error)));
         let _ = self.connection_state_tx.send(ConnectionState::Terminated);
     }
 
@@ -237,7 +236,7 @@ impl UxUpdateSender for MpscUxUpdateSender {
 pub(crate) async fn proximity_check_stage(
     input: ProximityCheckInput,
     ux_sender: &dyn UxUpdateSender,
-) -> Result<ProximityCheckOutput, Error> {
+) -> Result<ProximityCheckOutput, TransportError> {
     debug!("Starting proximity check stage");
 
     ux_sender
@@ -257,7 +256,7 @@ pub(crate) async fn proximity_check_stage(
 pub(crate) async fn connection_stage(
     input: ConnectionInput,
     ux_sender: &dyn UxUpdateSender,
-) -> Result<ConnectionOutput, Error> {
+) -> Result<ConnectionOutput, TransportError> {
     debug!(?input.tunnel_domain, "Starting connection stage");
 
     ux_sender
@@ -278,7 +277,7 @@ pub(crate) async fn connection_stage(
 pub(crate) async fn handshake_stage(
     input: HandshakeInput,
     ux_sender: &dyn UxUpdateSender,
-) -> Result<HandshakeOutput, Error> {
+) -> Result<HandshakeOutput, TransportError> {
     debug!("Starting handshake stage");
 
     ux_sender
@@ -312,10 +311,12 @@ fn derive_psk(secret: &[u8], advert_plaintext: &[u8]) -> [u8; 32] {
     psk
 }
 
-pub(crate) fn decode_tunnel_domain_from_advert(advert: &DecryptedAdvert) -> Result<String, Error> {
+pub(crate) fn decode_tunnel_domain_from_advert(
+    advert: &DecryptedAdvert,
+) -> Result<String, TransportError> {
     tunnel::decode_tunnel_server_domain(advert.encoded_tunnel_server_domain)
         .ok_or_else(|| {
             error!({ encoded = %advert.encoded_tunnel_server_domain }, "Failed to decode tunnel server domain");
-            Error::Transport(TransportError::InvalidFraming)
+            TransportError::InvalidFraming
         })
 }
diff --git a/libwebauthn/src/transport/cable/known_devices.rs b/libwebauthn/src/transport/cable/known_devices.rs
@@ -162,7 +162,7 @@ impl CableKnownDevice {
     async fn connection(
         known_device: &CableKnownDevice,
         ux_sender: &super::connection_stages::MpscUxUpdateSender,
-    ) -> Result<HandshakeOutput, Error> {
+    ) -> Result<HandshakeOutput, TransportError> {
         let client_nonce = rand::random::<ClientNonce>();
 
         // Stage 1: Connection (no proximity check needed for known devices)
@@ -201,9 +201,12 @@ impl<'d> Device<'d, Cable, CableChannel> for CableKnownDevice {
             let ux_sender =
                 MpscUxUpdateSender::new(ux_update_sender_clone, connection_state_sender);
 
-            let Ok(handshake_output) = Self::connection(&known_device, &ux_sender).await else {
-                ux_sender.send_error().await;
-                return;
+            let handshake_output = match Self::connection(&known_device, &ux_sender).await {
+                Ok(handshake_output) => handshake_output,
+                Err(e) => {
+                    ux_sender.send_error(e).await;
+                    return;
+                }
             };
 
             let tunnel_input = TunnelConnectionInput::from_handshake_output(
diff --git a/libwebauthn/src/transport/cable/qr_code_device.rs b/libwebauthn/src/transport/cable/qr_code_device.rs
@@ -25,6 +25,7 @@ use crate::proto::ctap2::cbor;
 use crate::transport::cable::digit_encode;
 use crate::transport::Device;
 use crate::webauthn::error::Error;
+use crate::webauthn::TransportError;
 
 #[derive(Debug, Clone, Copy, Serialize, PartialEq)]
 pub enum QrCodeOperationHint {
@@ -162,7 +163,7 @@ impl CableQrCodeDevice {
     async fn connection(
         qr_device: &CableQrCodeDevice,
         ux_sender: &MpscUxUpdateSender,
-    ) -> Result<super::connection_stages::HandshakeOutput, Error> {
+    ) -> Result<super::connection_stages::HandshakeOutput, TransportError> {
         // Stage 1: Proximity check
         let proximity_input = ProximityCheckInput::new_for_qr_code(qr_device);
         let proximity_output = proximity_check_stage(proximity_input, ux_sender).await?;
@@ -206,9 +207,12 @@ impl<'d> Device<'d, Cable, CableChannel> for CableQrCodeDevice {
             let ux_sender =
                 MpscUxUpdateSender::new(ux_update_sender_clone.clone(), connection_state_sender);
 
-            let Ok(handshake_output) = Self::connection(&qr_device, &ux_sender).await else {
-                ux_sender.send_error().await;
-                return;
+            let handshake_output = match Self::connection(&qr_device, &ux_sender).await {
+                Ok(handshake_output) => handshake_output,
+                Err(e) => {
+                    ux_sender.send_error(e).await;
+                    return;
+                }
             };
 
             let tunnel_input = TunnelConnectionInput::from_handshake_output(
diff --git a/libwebauthn/src/transport/cable/tunnel.rs b/libwebauthn/src/transport/cable/tunnel.rs
@@ -202,7 +202,7 @@ impl std::fmt::Debug for CableTunnelConnectionType {
 pub(crate) async fn connect<'d>(
     tunnel_domain: &str,
     connection_type: &CableTunnelConnectionType,
-) -> Result<WebSocketStream<MaybeTlsStream<TcpStream>>, Error> {
+) -> Result<WebSocketStream<MaybeTlsStream<TcpStream>>, TransportError> {
     ensure_rustls_crypto_provider();
 
     let connect_url = match connection_type {
@@ -221,22 +221,22 @@ pub(crate) async fn connect<'d>(
     debug!(?connect_url, "Connecting to tunnel server");
     let mut request = connect_url
         .into_client_request()
-        .or(Err(Error::Transport(TransportError::InvalidEndpoint)))?;
+        .or(Err(TransportError::InvalidEndpoint))?;
     request.headers_mut().insert(
         "Sec-WebSocket-Protocol",
         "fido.cable"
             .parse()
-            .or(Err(Error::Transport(TransportError::InvalidEndpoint)))?,
+            .or(Err(TransportError::InvalidEndpoint))?,
     );
 
     if let CableTunnelConnectionType::KnownDevice { client_payload, .. } = connection_type {
-        let client_payload = cbor::to_vec(client_payload)
-            .or(Err(Error::Transport(TransportError::InvalidEndpoint)))?;
+        let client_payload =
+            cbor::to_vec(client_payload).or(Err(TransportError::InvalidEndpoint))?;
         request.headers_mut().insert(
             "X-caBLE-Client-Payload",
             hex::encode(&client_payload)
                 .parse()
-                .or(Err(Error::Transport(TransportError::InvalidEndpoint)))?,
+                .or(Err(TransportError::InvalidEndpoint))?,
         );
     }
     trace!(?request);
@@ -245,14 +245,14 @@ pub(crate) async fn connect<'d>(
         Ok((ws_stream, response)) => (ws_stream, response),
         Err(e) => {
             error!(?e, "Failed to connect to tunnel server");
-            return Err(Error::Transport(TransportError::ConnectionFailed));
+            return Err(TransportError::ConnectionFailed);
         }
     };
     debug!(?response, "Connected to tunnel server");
 
     if response.status() != StatusCode::SWITCHING_PROTOCOLS {
         error!(?response, "Failed to switch to websocket protocol");
-        return Err(Error::Transport(TransportError::ConnectionFailed));
+        return Err(TransportError::ConnectionFailed);
     }
     debug!("Tunnel server returned success");
 
@@ -269,7 +269,7 @@ pub(crate) async fn do_handshake(
     ws_stream: &mut WebSocketStream<MaybeTlsStream<TcpStream>>,
     psk: [u8; 32],
     connection_type: &CableTunnelConnectionType,
-) -> Result<TunnelNoiseState, Error> {
+) -> Result<TunnelNoiseState, TransportError> {
     let noise_handshake = match connection_type {
         CableTunnelConnectionType::QrCode { private_key, .. } => {
             let local_private_key = private_key.to_owned().to_bytes();
@@ -294,7 +294,7 @@ pub(crate) async fn do_handshake(
         Ok(handshake) => handshake,
         Err(e) => {
             error!(?e, "Failed to build Noise handshake");
-            return Err(Error::Transport(TransportError::ConnectionFailed));
+            return Err(TransportError::ConnectionFailed);
         }
     };
 
@@ -303,7 +303,7 @@ pub(crate) async fn do_handshake(
         Ok(msg_len) => msg_len,
         Err(e) => {
             error!(?e, "Failed to write initial handshake message");
-            return Err(Error::Transport(TransportError::ConnectionFailed));
+            return Err(TransportError::ConnectionFailed);
         }
     };
 
@@ -315,7 +315,7 @@ pub(crate) async fn do_handshake(
 
     if let Err(e) = ws_stream.send(Message::Binary(initial_msg.into())).await {
         error!(?e, "Failed to send initial handshake message");
-        return Err(Error::Transport(TransportError::ConnectionFailed));
+        return Err(TransportError::ConnectionFailed);
     }
     debug!("Sent initial handshake message");
 
@@ -329,15 +329,15 @@ pub(crate) async fn do_handshake(
 
         Some(Ok(msg)) => {
             error!(?msg, "Unexpected message type received");
-            return Err(Error::Transport(TransportError::ConnectionFailed));
+            return Err(TransportError::ConnectionFailed);
         }
         Some(Err(e)) => {
             error!(?e, "Failed to read handshake response");
-            return Err(Error::Transport(TransportError::ConnectionFailed));
+            return Err(TransportError::ConnectionFailed);
         }
         None => {
             error!("Connection was closed before handshake was complete");
-            return Err(Error::Transport(TransportError::ConnectionFailed));
+            return Err(TransportError::ConnectionFailed);
         }
     };
 
@@ -350,7 +350,7 @@ pub(crate) async fn do_handshake(
             { len = response.len() },
             "Peer handshake message is too short"
         );
-        return Err(Error::Transport(TransportError::ConnectionFailed));
+        return Err(TransportError::ConnectionFailed);
     }
 
     let mut payload = [0u8; 1024];
@@ -365,7 +365,7 @@ pub(crate) async fn do_handshake(
 
     if !noise_handshake.is_handshake_finished() {
         error!("Handshake did not complete");
-        return Err(Error::Transport(TransportError::ConnectionFailed));
+        return Err(TransportError::ConnectionFailed);
     }
 
     Ok(TunnelNoiseState {
diff --git a/libwebauthn/src/transport/error.rs b/libwebauthn/src/transport/error.rs
@@ -1,4 +1,4 @@
-#[derive(thiserror::Error, Debug, PartialEq)]
+#[derive(thiserror::Error, Debug, PartialEq, Clone)]
 pub enum TransportError {
     #[error("connection failed")]
     ConnectionFailed,
@@ -23,3 +23,9 @@ pub enum TransportError {
     #[error("input/output error: {0}")]
     IoError(std::io::ErrorKind),
 }
+
+impl From<snow::Error> for TransportError {
+    fn from(_error: snow::Error) -> Self {
+        TransportError::NegotiationFailed
+    }
+}
diff --git a/libwebauthn/src/webauthn/error.rs b/libwebauthn/src/webauthn/error.rs
@@ -11,12 +11,6 @@ pub enum Error {
     Platform(#[from] PlatformError),
 }
 
-impl From<snow::Error> for Error {
-    fn from(_error: snow::Error) -> Self {
-        Error::Transport(TransportError::NegotiationFailed)
-    }
-}
-
 impl From<CborError> for Error {
     fn from(error: CborError) -> Self {
         Error::Platform(PlatformError::CborError(error))

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ async fn handle_updates(mut state_recv: Receiver<CableUxUpdate>) {`
`80`	`80`	`CableUpdate::Connecting => println!("Connecting to the device..."),`
`81`	`81`	`CableUpdate::Authenticating => println!("Authenticating with the device..."),`
`82`	`82`	`CableUpdate::Connected => println!("Tunnel established successfully!"),`
`83`		`- CableUpdate::Failed => println!("Failed to establish tunnel."),`
	`83`	`+ CableUpdate::Error(err) => println!("Error during connection: {}", err),`
`84`	`84`	`},`
`85`	`85`	`}`
`86`	`86`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ impl CableChannel {`
`57`	`57`
`58`	`58`	`// If already terminated, return error immediately`
`59`	`59`	`if *rx.borrow() == ConnectionState::Terminated {`
`60`		`- return Err(Error::Transport(TransportError::ConnectionFailed));`
	`60`	`+ return Err(Error::Transport(TransportError::ConnectionLost));`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`// Wait for state change`
`@@ -72,7 +72,7 @@ impl CableChannel {`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`// If the sender was dropped, consider it a failure`
`75`		`- Err(Error::Transport(TransportError::ConnectionFailed))`
	`75`	`+ Err(Error::Transport(TransportError::ConnectionLost))`
`76`	`76`	`}`
`77`	`77`	`}`
`78`	`78`
`@@ -105,7 +105,7 @@ pub enum CableUpdate {`
`105`	`105`	`/// Connected to the authenticator device via the tunnel server.`
`106`	`106`	`Connected,`
`107`	`107`	`/// The connection to the authenticator device has failed.`
`108`		`- Failed,`
	`108`	`+ Error(TransportError),`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`impl From<UvUpdate> for CableUxUpdate {`