Fix ClientPayload serialization; Add ClientPayloadHint

Author: AlfioEmanueleFresta

libwebauthn/examples/webauthn_cable.rs

@@ -5,7 +5,7 @@ use std::time::Duration;
 
 use libwebauthn::pin::PinRequestReason;
 use libwebauthn::transport::cable::known_devices::{
-    self, CableKnownDevice, CableKnownDeviceId, CableKnownDeviceInfoStore, EphemeralDeviceInfoStore,
+    CableKnownDevice, ClientPayloadHint, EphemeralDeviceInfoStore,
 };
 use libwebauthn::transport::cable::qr_code_device::{CableQrCodeDevice, QrCodeOperationHint};
 use libwebauthn::UxUpdate;
@@ -142,8 +142,8 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
         (&response.authenticator_data).try_into().unwrap()
     };
 
-    println!("Waiting for 10 seconds before contacting the device...");
-    sleep(Duration::from_secs(30)).await;
+    println!("Waiting for 5 seconds before contacting the device...");
+    sleep(Duration::from_secs(5)).await;
 
     let get_assertion = GetAssertionRequest {
         relying_party_id: "example.org".to_owned(),
@@ -158,10 +158,13 @@ pub async fn main() -> Result<(), Box<dyn Error>> {
     let (_known_device_id, known_device_info) =
         all_devices.first().expect("No known devices found");
 
-    let mut known_device: CableKnownDevice =
-        CableKnownDevice::new(known_device_info, device_info_store.clone())
-            .await
-            .unwrap();
+    let mut known_device: CableKnownDevice = CableKnownDevice::new(
+        ClientPayloadHint::GetAssertion,
+        known_device_info,
+        device_info_store.clone(),
+    )
+    .await
+    .unwrap();
 
     // Connect to a known device
     let (mut channel, state_recv) = known_device.channel().await.unwrap();

libwebauthn/src/transport/cable/known_devices.rs

@@ -12,6 +12,7 @@ use crate::UxUpdate;
 use async_trait::async_trait;
 use futures::lock::Mutex;
 use serde::Serialize;
+use serde_bytes::ByteBuf;
 use serde_indexed::SerializeIndexed;
 use tokio::sync::mpsc;
 use tracing::{debug, trace};
@@ -119,6 +120,7 @@ impl CableKnownDeviceInfo {
 
 #[derive(Debug)]
 pub struct CableKnownDevice {
+    pub hint: ClientPayloadHint,
     pub device_info: CableKnownDeviceInfo,
     pub(crate) store: Arc<dyn CableKnownDeviceInfoStore>,
 }
@@ -139,10 +141,12 @@ unsafe impl Sync for CableKnownDevice {}
 
 impl CableKnownDevice {
     pub async fn new(
+        hint: ClientPayloadHint,
         device_info: &CableKnownDeviceInfo,
         store: Arc<dyn CableKnownDeviceInfoStore>,
     ) -> Result<CableKnownDevice, Error> {
         let device = CableKnownDevice {
+            hint,
             device_info: device_info.clone(),
             store: store,
         };
@@ -155,7 +159,8 @@ impl<'d> Device<'d, Cable, CableChannel> for CableKnownDevice {
     async fn channel(&'d mut self) -> Result<(CableChannel, mpsc::Receiver<UxUpdate>), Error> {
         debug!(?self.device_info.tunnel_domain, "Creating channel to tunnel server");
 
-        let (client_nonce, client_payload) = construct_client_payload(self.device_info.link_id);
+        let (client_nonce, client_payload) =
+            construct_client_payload(self.hint, self.device_info.link_id);
         let contact_id = base64_url::encode(&self.device_info.contact_id);
 
         let connection_type = tunnel::CableTunnelConnectionType::KnownDevice {
@@ -193,11 +198,6 @@ impl<'d> Device<'d, Cable, CableChannel> for CableKnownDevice {
         )
         .await
     }
-
-    // #[instrument(skip_all)]
-    // async fn supported_protocols(&mut self) -> Result<SupportedProtocols, Error> {
-    //     todo!()
-    // }
 }
 
 type ClientNonce = [u8; 16];
@@ -206,27 +206,29 @@ type ClientNonce = [u8; 16];
 #[derive(Debug, SerializeIndexed)]
 #[serde(offset = 1)]
 pub struct ClientPayload {
-    pub link_id: [u8; 8],
-    pub client_nonce: ClientNonce,
+    pub link_id: ByteBuf,
+    pub client_nonce: ByteBuf,
     pub hint: ClientPayloadHint,
 }
 
-#[derive(Debug, Serialize, PartialEq)]
+#[derive(Debug, Copy, Clone, Serialize, PartialEq)]
 pub enum ClientPayloadHint {
     #[serde(rename = "ga")]
     GetAssertion,
     #[serde(rename = "mc")]
     MakeCredential,
 }
 
-fn construct_client_payload(link_id: [u8; 8]) -> (ClientNonce, ClientPayload) {
+fn construct_client_payload(
+    hint: ClientPayloadHint,
+    link_id: [u8; 8],
+) -> (ClientNonce, ClientPayload) {
     let client_nonce = rand::random::<ClientNonce>();
     let client_payload = {
         ClientPayload {
-            link_id,
-            client_nonce,
-            // TODO: add hint
-            hint: ClientPayloadHint::MakeCredential,
+            link_id: ByteBuf::from(link_id),
+            client_nonce: ByteBuf::from(client_nonce),
+            hint,
         }
     };
     (client_nonce, client_payload)

libwebauthn/src/transport/cable/qr_code_device.rs

@@ -24,24 +24,14 @@ use crate::transport::Device;
 use crate::webauthn::TransportError;
 use crate::UxUpdate;
 
-#[derive(Debug, Clone, Copy)]
+#[derive(Debug, Clone, Copy, Serialize, PartialEq)]
 pub enum QrCodeOperationHint {
+    #[serde(rename = "ga")]
     GetAssertionRequest,
+    #[serde(rename = "mc")]
     MakeCredential,
 }
 
-impl Serialize for QrCodeOperationHint {
-    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: serde::Serializer,
-    {
-        match self {
-            QrCodeOperationHint::GetAssertionRequest => serializer.serialize_str("ga"),
-            QrCodeOperationHint::MakeCredential => serializer.serialize_str("mc"),
-        }
-    }
-}
-
 #[derive(Debug, SerializeIndexed)]
 pub struct CableQrCode {
     // Key 0: a 33-byte, P-256, X9.62, compressed public key.

libwebauthn/src/transport/cable/tunnel.rs

@@ -2,7 +2,6 @@ use std::collections::BTreeMap;
 use std::sync::Arc;
 
 use ctap_types::serde::cbor_deserialize;
-use ctap_types::serde::cbor_serialize;
 use futures::{SinkExt, StreamExt};
 use p256::NonZeroScalar;
 use serde::Deserialize;
@@ -13,7 +12,7 @@ use sha2::{Digest, Sha256};
 use snow::{Builder, TransportState};
 use tokio::net::TcpStream;
 use tokio::sync::mpsc::{self, Receiver, Sender};
-use tokio::task::{self, JoinHandle};
+use tokio::task;
 use tokio_tungstenite::tungstenite::http::StatusCode;
 use tokio_tungstenite::tungstenite::Message;
 use tokio_tungstenite::{connect_async, MaybeTlsStream, WebSocketStream};
@@ -202,7 +201,9 @@ pub(crate) async fn connect<'d>(
                 .or(Err(Error::Transport(TransportError::InvalidEndpoint)))?,
         );
     }
-    let (mut ws_stream, response) = match connect_async(request).await {
+    trace!(?request);
+
+    let (ws_stream, response) = match connect_async(request).await {
         Ok((ws_stream, response)) => (ws_stream, response),
         Err(e) => {
             error!(?e, "Failed to connect to tunnel server");