shimun/ctap
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Compare commits

base: shimun:builder
Branches Tags
shimun:master
shimun:tolerate_unknown
shimun:serde_cbor
shimun:2.1
shimun:instant_timeout
shimun:assert_multiple
shimun:ctap_hmac
shimun:builder
shimun:assert_mul
shimun:hmac_ext
shimun:0.4.1
shimun:0.4.0
shimun:0.3.0
..
compare: shimun:master
Branches Tags
shimun:master
shimun:tolerate_unknown
shimun:serde_cbor
shimun:2.1
shimun:instant_timeout
shimun:assert_multiple
shimun:ctap_hmac
shimun:builder
shimun:assert_mul
shimun:hmac_ext
shimun:0.4.1
shimun:0.4.0
shimun:0.3.0

13 Commits
builder ... master

Author SHA1 Message Date
shimun
718c9c93e6
fix: tolerate newer versions 2021-07-24 14:31:20 +02:00
shimun
3a6dd90ec4
expose needs_pin 2020-10-18 20:10:54 +02:00
shimun
f5d52ee8b5
parse error codes at compile time 2020-09-05 23:14:54 +02:00
shimun
e6166f7cbd
bump version 2020-04-26 18:48:37 +02:00
shimun
d6b20d0ba4
provide username 2020-04-24 18:52:55 +02:00
shimun
857c3cd955
handle map keys in text form 2020-04-24 18:46:05 +02:00
shimun
80c175077f
fix timeout = None causing an instant timeout err 2020-04-05 22:42:29 +02:00
shimun
addc251418
added readme 2020-04-05 19:27:02 +02:00
shimun
a00f8fbe3b
added timeout option 2020-04-05 19:26:52 +02:00
shimun
cc48719cfa
support sending requests to multiple devices 2020-04-03 23:05:38 +02:00
shimun
09d6484535
use builder pattern for MakeCredentail and GetAssertion 2020-03-31 21:30:59 +02:00
shimun
238c4ba791
discard any addional options which an fido 2.1 device might send 2020-03-31 20:36:26 +02:00
shimun
d93b86b9f0 use builder pattern to expose all possible options 2020-03-30 18:30:30 +02:00
10 changed files with 297 additions and 177 deletions
Show Stats Expand all files Collapse all files

13
Cargo.toml
View File

@ -1,12 +1,13 @@
[package]
name = "ctap_hmac"
description = "A Rust implementation of the FIDO2 CTAP protocol, including the HMAC extension"
version = "0.3.0"
version = "0.4.5"
license = "Apache-2.0/MIT"
homepage = "https://github.com/ArdaXi/ctap/pull/2"
homepage = "https://github.com/shimunn/ctap"
repository = "https://github.com/shimunn/ctap"
authors = ["Arda Xi <arda@ardaxi.com>", "shimun <shimun@shimun.net>"]
edition = "2018"
readme = "README.md"
[dependencies]
rand = "0.6"
@ -19,12 +20,16 @@ cbor-codec = "0.7"
ring = "0.13"
untrusted = "0.6"
rust-crypto = "0.2"
csv-core = "0.1.6"
derive_builder = "0.9.0"
crossbeam = { version = "0.7.3", optional = true }
[dev-dependencies]
crossbeam = "0.7.3"
hex = "0.4.0"
[build-dependencies]
csv = "1.1.3"
serde = "1.0.106"
serde_derive = "1.0.106"
[features]
assert_devices = ["crossbeam"]
request_multiple = ["crossbeam"]

41
build.rs Normal file
View File

@ -0,0 +1,41 @@
use csv::{Reader, StringRecord};
use serde_derive::Deserialize;
use std::env;
use std::fs::File;
use std::io::{Result, Write};
use std::iter::FromIterator;
use std::string::String;
fn main() {
parse_error_codes().expect("Failed to parse error codes")
}
fn parse_error_codes() -> Result<()> {
println!("cargo:rerun-if-changed=ctap_error_codes.csv");
let mut out_file = File::create(format!(
"{}/ctap_error_codes.rs",
env::var("OUT_DIR").unwrap()
))?;
out_file.write_all(b"static CTAP_ERROR_CODES: &[(usize, &str, &str)] = &[")?;
let mut rdr = Reader::from_path("ctap_error_codes.csv")?;
rdr.set_headers(StringRecord::from_iter(&["code", "name", "desc"]));
#[derive(Debug, Deserialize)]
struct ErrorCode {
code: String,
name: String,
desc: String,
}
for result in rdr.deserialize() {
let record: ErrorCode = result.unwrap();
out_file.write_all(
format!(
"({}, \"{}\", \"{}\"),\n",
i64::from_str_radix(&record.code[2..], 16).unwrap(),
record.name,
record.desc
)
.as_bytes(),
)?;
}
out_file.write_all(b"];")
}

0
src/ctap_error_codes.csv → ctap_error_codes.csv
View File

27
examples/hmac.rs
View File

@ -3,7 +3,7 @@ extern crate ctap_hmac as ctap;
use crypto::digest::Digest;
use crypto::sha2::Sha256;
use ctap::extensions::hmac::HmacExtension;
use ctap::{FidoCredential, FidoCredentialRequestBuilder, AuthenticatorOptions};
use ctap::{FidoAssertionRequestBuilder, FidoCredential, FidoCredentialRequestBuilder};
use hex;
use std::env::args;
use std::io::prelude::*;
@ -17,23 +17,30 @@ fn main() -> ctap::FidoResult<()> {
let device_info = &mut devices.next().expect("No authenticator found");
let mut device = ctap::FidoDevice::new(device_info)?;
let mut credential = match args().skip(1).next().map(|h| FidoCredential {
let credential = match args().skip(1).next().map(|h| FidoCredential {
id: hex::decode(&h).expect("Invalid credential"),
public_key: None,
}) {
Some(cred) => cred,
_ => {
let req = FidoCredentialRequestBuilder::default().rp_id(RP_ID).rp_name("ctap_hmac crate").user_name("example").uv(false).build().unwrap();
let req = FidoCredentialRequestBuilder::default()
.rp_id(RP_ID)
.rp_name("ctap_hmac crate")
.user_name("example")
.uv(false)
.build()
.unwrap();
println!("Authorize using your device");
let cred = device.make_hmac_credential(req).expect("Failed to request credential");
let cred = device
.make_hmac_credential(&req)
.expect("Failed to request credential");
println!("Credential: {}\nNote: You can pass this credential as first argument in order to reproduce results", hex::encode(&cred.id));
cred
}
};
let credential = credential;
print!("Type in your message: ");
stdout().flush();
stdout().flush().unwrap();
let mut message = String::new();
stdin()
.read_line(&mut message)
@ -44,7 +51,13 @@ fn main() -> ctap::FidoResult<()> {
let mut digest = Sha256::new();
digest.input(&message.as_bytes());
digest.result(&mut salt);
let (cred, (hash1, _hash2)) = device.get_hmac_assertion(RP_ID, &[&credential], &salt, None, None)?;
let credential = &&credential;
let request = FidoAssertionRequestBuilder::default()
.rp_id(RP_ID)
.credential(credential)
.build()
.unwrap();
let (_cred, (hash1, _hash2)) = device.get_hmac_assertion(&request, &salt, None)?;
println!("Hash: {}", hex::encode(&hash1));
Ok(())
}

25
examples/multiple.rs
View File

@ -1,24 +1,16 @@
extern crate ctap_hmac as ctap;
use crossbeam::thread;
use crypto::digest::Digest;
use crypto::sha2::Sha256;
use ctap::{
FidoAssertionRequestBuilder, FidoCredential, FidoCredentialRequestBuilder, FidoDevice,
FidoError, FidoResult,
FidoResult,
};
use failure::_core::time::Duration;
use hex;
use std::env::args;
use std::io::prelude::*;
use std::io::stdin;
use std::io::stdout;
use std::sync::mpsc::channel;
use std::sync::Mutex;
use std::time::Duration;
const RP_ID: &str = "ctap_demo";
fn run() -> ctap::FidoResult<()> {
fn main() -> ctap::FidoResult<()> {
let mut credentials = args()
.skip(1)
.map(|id| FidoCredential {
@ -32,6 +24,7 @@ fn run() -> ctap::FidoResult<()> {
FidoDevice::new(&h).and_then(|mut dev| {
FidoCredentialRequestBuilder::default()
.rp_id(RP_ID)
.user_name("test")
.build()
.unwrap()
.make_credential(&mut dev)
@ -48,11 +41,9 @@ fn run() -> ctap::FidoResult<()> {
let mut devices = ctap::get_devices()?
.map(|handle| FidoDevice::new(&handle))
.collect::<FidoResult<Vec<_>>>()?;
let (cred, _) = ctap::get_assertion_devices(&req, devices.iter_mut())?;
// run with --features request_multiple
let (cred, _) =
ctap::get_assertion_devices(&req, devices.iter_mut(), Some(Duration::from_secs(10)))?;
println!("Success, got assertion for: {}", hex::encode(&cred.id));
Ok(())
}
fn main() {
dbg!(run());
}

56
src/cbor.rs
View File

@ -7,6 +7,7 @@
use cbor_codec::value;
use cbor_codec::value::Value;
use cbor_codec::{Config, Decoder, Encoder, GenericDecoder, GenericEncoder};
use cbor::skip::Skip;
use byteorder::{BigEndian, ByteOrder, ReadBytesExt, WriteBytesExt};
use failure::ResultExt;
@ -38,7 +39,7 @@ impl<'a> Request<'a> {
}
}
pub fn decode<R: ReadBytesExt>(&self, reader: R) -> FidoResult<Response> {
pub fn decode<R: ReadBytesExt + Skip>(&self, reader: R) -> FidoResult<Response> {
Ok(match self {
Request::MakeCredential(_) => {
Response::MakeCredential(MakeCredentialResponse::decode(reader)?)
@ -277,7 +278,7 @@ pub struct GetInfoResponse {
}
impl GetInfoResponse {
pub fn decode<R: ReadBytesExt>(mut reader: R) -> FidoResult<Self> {
pub fn decode<R: ReadBytesExt + Skip>(mut reader: R) -> FidoResult<Self> {
let status = reader.read_u8().context(FidoErrorKind::CborDecode)?;
if status != 0 {
Err(FidoErrorKind::CborError(CborErrorCode::from(status)))?
@ -304,7 +305,7 @@ impl GetInfoResponse {
response.pin_protocols.push(decoder.u8()?);
}
}
_ => continue,
_ => decoder.skip()?,
}
}
Ok(response)
@ -423,7 +424,9 @@ impl OptionsInfo {
"clientPin" => options.client_pin = Some(decoder.bool()?),
"up" => options.up = decoder.bool()?,
"uv" => options.uv = Some(decoder.bool()?),
_ => continue,
_ => {
decoder.bool()?;
}
}
}
Ok(options)
@ -595,14 +598,45 @@ impl CoseKey {
let mut cose_key = CoseKey::default();
cose_key.algorithm = -7;
for _ in 0..items {
match generic.borrow_mut().i16()? {
0x01 => cose_key.key_type = generic.borrow_mut().u16()?,
0x02 => cose_key.algorithm = generic.borrow_mut().i32()?,
key if key < 0 => {
cose_key.parameters.insert(key, generic.value()?);
match generic.value()? {
Value::Text(value::Text::Text(text)) => match &text[..] {
"type" => {
cose_key.key_type = match generic.value()? {
Value::Text(value::Text::Text(type_)) if &type_ == "public-key" => 0u16,
Value::U16(i) => i,
Value::U8(i) => i.into(),
_ => {
continue;
}
}
}
"alg" => cose_key.algorithm = generic.borrow_mut().i32()?,
_ => continue,
},
val @ Value::I8(_)
| val @ Value::I16(_)
| val @ Value::U16(_)
| val @ Value::U8(_) => {
let int_val = match val {
Value::I8(i) => i as i32,
Value::I16(i) => i as i32,
Value::U8(i) => i as i32,
Value::U16(i) => i as i32,
_ => unreachable!(),
};
match int_val {
0x01 => cose_key.key_type = generic.borrow_mut().u16()?,
0x02 => cose_key.algorithm = generic.borrow_mut().i32()?,
key if key < 0 => {
cose_key.parameters.insert(key as i16, generic.value()?);
}
unknown => {
(unknown, generic.value()?); // skip unknown parameter
}
}
}
_ => {
generic.value()?; // skip unknown parameter
unknown => {
(unknown, generic.value()?); // skip unknown parameter
}
}
}

96
src/error.rs
View File

@ -5,8 +5,8 @@
// http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.
use cbor_codec::{DecodeError, EncodeError};
use csv_core::{ReadFieldResult, Reader};
use failure::_core::fmt::{Error, Formatter};
use failure::_core::option::Option;
use failure::{Backtrace, Context, Fail};
use std::fmt;
use std::fmt::Display;
@ -19,10 +19,38 @@ pub struct FidoError(Context<FidoErrorKind>);
#[derive(Debug, Copy, Clone, Fail, Eq, PartialEq)]
pub struct CborErrorCode(u8);
// generated using build.rs
include!(concat!(env!("OUT_DIR"), "/ctap_error_codes.rs"));
impl CborErrorCode {
fn detail(&self) -> Option<(u8, &'static str, &'static str)> {
for (code, name, desc) in CTAP_ERROR_CODES {
if *code == self.0 as usize {
return Some((self.0, name, desc));
}
}
None
}
pub fn name(&self) -> Option<&'static str> {
self.detail().map(|(_, name, _)| name)
}
pub fn description(&self) -> Option<&'static str> {
self.detail().map(|(_, _, desc)| desc)
}
pub fn code(&self) -> u8 {
self.0
}
}
#[derive(Copy, Clone, Eq, PartialEq, Debug, Fail)]
pub enum FidoErrorKind {
#[fail(display = "Read/write error with device.")]
Io,
#[fail(display = "Operation timed out")]
Timeout,
#[fail(display = "Error while reading packet from device.")]
ReadPacket,
#[fail(display = "Error while writing packet to device.")]
@ -47,7 +75,7 @@ pub enum FidoErrorKind {
DecryptPin,
#[fail(display = "Failed to verify response signature.")]
VerifySignature,
#[fail(display = "Supplied key has incorrect type.")]
#[fail(display = "Failed to verify response signature.")]
KeyType,
#[fail(display = "Device returned error: {}", _0)]
CborError(CborErrorCode),
@ -114,58 +142,24 @@ impl From<u8> for CborErrorCode {
impl Display for CborErrorCode {
fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error> {
let messages = include_str!("ctap_error_codes.csv");
let mut rdr = Reader::new();
let mut bytes = messages.as_bytes();
let mut col: usize = 0;
let mut row: usize = 0;
let mut correct_row: bool = false;
let mut field = [0u8; 1024];
let mut name: Option<String> = None;
let mut desc: Option<String> = None;
loop {
let (result, nin, read) = rdr.read_field(&bytes, &mut field);
bytes = &bytes[nin..];
match result {
ReadFieldResult::InputEmpty => {}
ReadFieldResult::OutputFull => panic!("field too large"),
ReadFieldResult::Field { record_end } => {
let text = String::from_utf8(field[..read].iter().cloned().collect()).unwrap();
if row > 0 {
match col {
0 if i64::from_str_radix(&text[2..], 16)
.expect("malformed ctap_error_codes.csv")
== self.0 as i64 =>
{
correct_row = true
}
1 | 2 if correct_row => {
if let Some(_) = name {
desc = Some(text);
break;
} else {
name = Some(text);
}
}
_ => (),
}
}
col += 1;
if record_end {
col = 0;
row += 1;
}
}
ReadFieldResult::End => break,
}
}
if let Some((code, _name, desc)) =
name.and_then(|name| desc.map(|desc| (self.0, name, desc)))
{
if let Some((code, _name, desc)) = self.detail() {
write!(f, "CborError: 0x{:x?}: {}", code, desc)?;
} else {
write!(f, "CborError: 0x{:x?}", self.0)?;
write!(f, "CborError: 0x{:x?}: unknown", self.code())?;
}
Ok(())
}
}
#[cfg(test)]
mod test {
use super::*;
#[test]
fn cbor_error_code() {
assert_eq!(
CborErrorCode(0x33).to_string(),
"CborError: 0x33: PIN authentication, pinAuth, verification failed."
)
}
}

72
src/extensions/hmac.rs
View File

@ -1,7 +1,4 @@
use crate::{
AuthenticatorOptions, FidoAssertionRequestBuilder,
FidoCredentialRequest,
};
use crate::{FidoAssertionRequest, FidoAssertionRequestBuilder, FidoCredentialRequest};
use crate::{FidoCredential, FidoDevice, FidoErrorKind, FidoResult};
use cbor_codec::value::{Bytes, Int, Key, Text, Value};
use cbor_codec::Encoder;
@ -13,7 +10,6 @@ use rust_crypto::mac::Mac;
use rust_crypto::sha2::Sha256;
use std::collections::BTreeMap;
use std::io::Cursor;
use std::iter::FromIterator;
pub trait HmacExtension {
fn extension_name() -> &'static str {
@ -40,8 +36,10 @@ pub trait HmacExtension {
/// Convenience function to create an credential which includes extension specific data
/// Use `FidoDevice::make_credential` if you need more control
fn make_hmac_credential(&mut self, request: FidoCredentialRequest) -> FidoResult<FidoCredential>;
fn make_hmac_credential(
&mut self,
request: &FidoCredentialRequest,
) -> FidoResult<FidoCredential>;
/// Request an assertion from the authenticator for a given credential and salt(s).
/// at least one `salt` must be provided, consider using a hashing function like SHA256
@ -53,13 +51,11 @@ pub trait HmacExtension {
/// provided, and will fail if a PIN is required but not provided or if the
/// device returns malformed data.
///
fn get_hmac_assertion<'a>(
fn get_hmac_assertion<'a: 'b, 'b>(
&mut self,
rp_id: &str,
credentials: &'a [&'a FidoCredential],
assertion: &FidoAssertionRequest<'a, 'b>,
salt: &[u8; 32],
salt2: Option<&[u8; 32]>,
options: Option<AuthenticatorOptions>,
) -> FidoResult<(&'a FidoCredential, ([u8; 32], Option<[u8; 32]>))>;
/// Convenience function for `get_hmac_assertion` that will accept arbitrary
@ -75,11 +71,13 @@ pub trait HmacExtension {
digest.input(input);
digest.result(&mut salt);
self.get_hmac_assertion(
rp_id,
&[credential],
&FidoAssertionRequestBuilder::default()
.rp_id(rp_id)
.credential(&credential)
.build()
.unwrap(),
&salt,
None,
Some(AuthenticatorOptions { uv: true, rk: true, up: false }),
)
.map(|(_cred, secret)| secret.0)
}
@ -138,43 +136,35 @@ impl HmacExtension for FidoDevice {
Ok(Value::Map(map))
}
fn make_hmac_credential(&mut self, request: FidoCredentialRequest) -> FidoResult<FidoCredential> {
let mut request = request;
fn make_hmac_credential(
&mut self,
request: &FidoCredentialRequest,
) -> FidoResult<FidoCredential> {
let mut request = request.clone();
request.rk = true;
request.extension_data.insert(<Self as HmacExtension>::extension_name(), <Self as HmacExtension>::extension_input());
request.extension_data.insert(
<Self as HmacExtension>::extension_name(),
<Self as HmacExtension>::extension_input(),
);
self.make_credential(&request)
}
fn get_hmac_assertion<'a>(
fn get_hmac_assertion<'a: 'b, 'b>(
&mut self,
rp_id: &str,
credentials: &'a [&'a FidoCredential],
request: &FidoAssertionRequest<'a, 'b>,
salt: &[u8; 32],
salt2: Option<&[u8; 32]>,
options: Option<AuthenticatorOptions>,
) -> FidoResult<(&'a FidoCredential, ([u8; 32], Option<[u8; 32]>))> {
while self.shared_secret.is_none() {
self.init_shared_secret()?;
}
let ext_data: Value = self.get_data(salt, salt2)?;
let mut request = request.clone();
request
.extension_data
.insert(<Self as HmacExtension>::extension_name(), &ext_data);
let ext_data: BTreeMap<&str, &Value> = BTreeMap::from_iter(
[(<Self as HmacExtension>::extension_name(), &ext_data)]
.iter()
.cloned(),
);
let mut builder = FidoAssertionRequestBuilder::default()
.credentials(credentials)
.rp_id(rp_id)
.extension_data(ext_data);
if let Some(opts) = options {
builder = builder.uv(opts.uv).up(opts.up);
}
let (cred, auth_data) =
self.get_assertion(&builder.build().unwrap())?;
let (cred, auth_data) = self.get_assertion(&request)?;
let shared_secret = self.shared_secret.as_ref().unwrap();
let mut decryptor = shared_secret.decryptor();
let mut hmac_secret_combined = [0u8; 64];
@ -206,7 +196,11 @@ impl HmacExtension for FidoDevice {
let mut hmac_secret_1 = [0u8; 32];
hmac_secret_0.copy_from_slice(&hmac_secret[0..32]);
hmac_secret_1.copy_from_slice(&hmac_secret[32..]);
let cred = credentials.into_iter().find(|c| c.id == cred.id).unwrap();
let cred = request
.credentials
.into_iter()
.find(|c| c.id == cred.id)
.unwrap();
Ok((cred, (hmac_secret_0, salt2.and(Some(hmac_secret_1)))))
}
}

22
src/lib.rs
View File

@ -217,7 +217,7 @@ impl<'a> FidoCredentialRequest<'a> {
#[derive(Clone, Debug, Builder)]
#[builder(setter(into))]
#[builder(pattern = "owned")]
pub struct FidoAssertionRequest<'a> {
pub struct FidoAssertionRequest<'a, 'b> {
#[builder(default)]
up: bool,
#[builder(default)]
@ -232,16 +232,16 @@ pub struct FidoAssertionRequest<'a> {
#[builder(default = "&[0u8; 32]")]
client_data_hash: &'a [u8],
#[builder(default)]
extension_data: BTreeMap<&'a str, &'a cbor_codec::value::Value>,
extension_data: BTreeMap<&'b str, &'b cbor_codec::value::Value>,
}
impl<'a> FidoAssertionRequest<'a> {
impl<'a, 'b> FidoAssertionRequest<'a, 'b> {
pub fn get_assertion(&self, device: &mut FidoDevice) -> FidoResult<&'a FidoCredential> {
device.get_assertion(self).map(|res| res.0)
}
}
impl<'a> FidoAssertionRequestBuilder<'a> {
impl<'a, 'b> FidoAssertionRequestBuilder<'a, 'b> {
pub fn credential(mut self, credential: &'a &'a FidoCredential) -> Self {
self.credentials = Some(std::slice::from_ref(credential));
self
@ -287,14 +287,14 @@ impl FidoDevice {
cbor::Response::GetInfo(resp) => resp,
_ => Err(FidoErrorKind::CborDecode)?,
};
if !response.versions.iter().any(|ver| ver == "FIDO_2_0") {
if !response.versions.iter().any(|ver| ["FIDO_2_0", "FIDO_2_1_PRE"].contains(&ver.as_str())) {
Err(FidoErrorKind::DeviceUnsupported)?
}
// Require pin protocol version 1, only if pin-protocol is supported at all
if !response
.pin_protocols
.iter()
.fold(true, |supported, ver| *ver == 1 && supported)
.any(|ver| *ver == 1) && response.pin_protocols.len() > 0
{
Err(FidoErrorKind::DeviceUnsupported)?
}
@ -325,6 +325,11 @@ impl FidoDevice {
}
}
/// True if this authenticator requires a PIN
pub fn needs_pin(&self) -> bool {
self.needs_pin
}
/// Unlock the device with the provided PIN. Internally this will generate
/// an ECDH keypair, send the encrypted PIN to the device and store the PIN
/// token that the device generates on every power cycle. The PIN itself is
@ -457,10 +462,9 @@ impl FidoDevice {
///
/// This method will fail if a PIN is required but the device is not
/// unlocked or if the device returns malformed data.
pub fn get_assertion<'a>(
pub fn get_assertion<'a, 'b>(
&mut self,
assertion: &FidoAssertionRequest<'a>,
assertion: &FidoAssertionRequest<'a, 'b>,
) -> FidoResult<(&'a FidoCredential, AuthenticatorData)> {
while self.shared_secret.is_none() {
self.init_shared_secret()?;

122
src/util.rs
View File

@ -1,44 +1,88 @@
use crate::cbor::AuthenticatorData;
use crate::{FidoAssertionRequest, FidoCredential, FidoDevice, FidoErrorKind, FidoResult};
use std::sync::mpsc::channel;
#[cfg(feature = "assert_devices")]
#[cfg(feature = "request_multiple")]
use crate::{
cbor::AuthenticatorData, FidoAssertionRequest, FidoCredential, FidoCredentialRequest,
FidoDevice, FidoErrorKind, FidoResult,
};
#[cfg(feature = "request_multiple")]
use crossbeam::thread;
/// Will send the `assertion` to all supplied `devices` and return either the first successful assertion or the last error
#[cfg(feature = "assert_devices")]
pub fn get_assertion_devices<'a>(
assertion: &'a FidoAssertionRequest,
devices: impl Iterator<Item = &'a mut FidoDevice>,
) -> FidoResult<(&'a FidoCredential, AuthenticatorData)> {
thread::scope(
|scope| -> FidoResult<(&'a FidoCredential, AuthenticatorData)> {
let (tx, rx) = channel();
let handles = devices
.map(|device| {
let cancel = device.cancel_handle()?;
let tx = tx.clone();
let thread_handle =
scope.spawn(move |_| tx.send(device.get_assertion(assertion)));
Ok((cancel, thread_handle))
})
.collect::<FidoResult<Vec<_>>>()?;
let mut err = None;
for res in rx.iter().take(handles.len()) {
match res {
Ok(_) => {
for (mut cancel, join) in handles {
// Canceling out of courtesy don't care if it fails
let _ = cancel.cancel();
let _ = join.join();
}
return res;
}
e => err = Some(e),
#[cfg(feature = "request_multiple")]
use std::sync::mpsc::channel;
#[cfg(feature = "request_multiple")]
use std::time::Duration;
#[cfg(feature = "request_multiple")]
pub fn request_multiple_devices<
'a,
T: Send + 'a,
F: Fn(&mut FidoDevice) -> FidoResult<T> + 'a + Sync,
>(
devices: impl Iterator<Item = (&'a mut FidoDevice, &'a F)>,
timeout: Option<Duration>,
) -> FidoResult<T> {
thread::scope(|scope| -> FidoResult<T> {
let (tx, rx) = channel();
let handles = devices
.map(|(device, fn_)| {
let cancel = device.cancel_handle()?;
let tx = tx.clone();
let thread_handle = scope.spawn(move |_| tx.send(fn_(device)));
Ok((cancel, thread_handle))
})
.collect::<FidoResult<Vec<_>>>()?;
let mut err = None;
let mut slept = Duration::from_millis(0);
let interval = Duration::from_millis(10);
let mut received = 0usize;
let res = loop {
match timeout {
Some(t) if t < slept => {
break if let Some(cause) = err {
cause
} else {
Err(FidoErrorKind::Timeout.into())
};
}
_ => (),
}
err.unwrap_or(Err(FidoErrorKind::DeviceUnsupported.into()))
},
)
if timeout.map(|t| t < slept).unwrap_or(true) {}
if let Ok(msg) = rx.recv_timeout(interval) {
received += 1;
match msg {
e @ Err(_) if received == handles.len() => break e,
e @ Err(_) => err = Some(e),
res @ Ok(_) => break res,
}
} else {
slept += interval;
}
};
for (mut cancel, join) in handles {
// Canceling out of courtesy don't care if it fails
let _ = cancel.cancel();
let _ = join.join();
}
res
})
.unwrap()
}
/// Will send the `assertion_request` to all supplied `devices` and return either the first successful assertion or the last error
#[cfg(feature = "request_multiple")]
pub fn get_assertion_devices<'a>(
assertion_request: &'a FidoAssertionRequest,
devices: impl Iterator<Item = &'a mut FidoDevice>,
timeout: Option<Duration>,
) -> FidoResult<(&'a FidoCredential, AuthenticatorData)> {
let get_assertion = |device: &mut FidoDevice| device.get_assertion(assertion_request);
request_multiple_devices(devices.map(|device| (device, &get_assertion)), timeout)
}
/// Will send the `credential_request` to all supplied `devices` and return either the first credential or the last error
#[cfg(feature = "request_multiple")]
pub fn make_credential_devices<'a>(
credential_request: &'a FidoCredentialRequest,
devices: impl Iterator<Item = &'a mut FidoDevice>,
timeout: Option<Duration>,
) -> FidoResult<FidoCredential> {
let make_credential = |device: &mut FidoDevice| device.make_credential(credential_request);
request_multiple_devices(devices.map(|device| (device, &make_credential)), timeout)
}