feat(transport): thread persistent token store through HID channel

Author: AlfioEmanueleFresta

libwebauthn/src/transport/hid/channel.rs

@@ -15,6 +15,7 @@ use tokio::sync::mpsc::{self, Receiver, Sender};
 use tokio::time::sleep;
 use tracing::{debug, info, instrument, trace, warn, Level};
 
+use crate::pin::persistent_token::PersistentTokenStore;
 use crate::proto::ctap1::apdu::{ApduRequest, ApduResponse};
 use crate::proto::ctap1::{Ctap1, Ctap1RegisterRequest};
 use crate::proto::ctap2::cbor::{CborRequest, CborResponse};
@@ -79,14 +80,18 @@ pub struct HidChannel<'d> {
     open_device: OpenHidDevice,
     init: InitResponse,
     auth_token_data: Option<AuthTokenData>,
+    persistent_token_store: Option<Arc<dyn PersistentTokenStore>>,
     ux_update_sender: broadcast::Sender<UvUpdate>,
     handle: HidChannelHandle,
     #[cfg(feature = "virt")]
     pin_protocol_override: Option<Ctap2PinUvAuthProtocol>,
 }
 
 impl<'d> HidChannel<'d> {
-    pub async fn new(device: &'d HidDevice) -> Result<HidChannel<'d>, Error> {
+    pub async fn new(
+        device: &'d HidDevice,
+        persistent_token_store: Option<Arc<dyn PersistentTokenStore>>,
+    ) -> Result<HidChannel<'d>, Error> {
         let (ux_update_sender, _) = broadcast::channel(16);
         let (handle_tx, handle_rx) = mpsc::channel(1);
         let handle = HidChannelHandle { tx: handle_tx };
@@ -106,6 +111,7 @@ impl<'d> HidChannel<'d> {
             },
             init: InitResponse::default(),
             auth_token_data: None,
+            persistent_token_store,
             ux_update_sender,
             handle,
             #[cfg(feature = "virt")]
@@ -600,4 +606,8 @@ impl Ctap2AuthTokenStore for HidChannel<'_> {
     fn clear_uv_auth_token_store(&mut self) {
         self.auth_token_data = None;
     }
+
+    fn persistent_token_store(&self) -> Option<Arc<dyn PersistentTokenStore>> {
+        self.persistent_token_store.clone()
+    }
 }

libwebauthn/src/transport/hid/device.rs

@@ -4,13 +4,15 @@ use async_trait::async_trait;
 use hidapi::DeviceInfo;
 use hidapi::HidApi;
 use std::fmt;
+use std::sync::Arc;
 #[cfg(feature = "virt")]
-use std::sync::{Arc, Mutex};
+use std::sync::Mutex;
 #[allow(unused_imports)]
 use tracing::{debug, info, instrument};
 
 #[cfg(feature = "virt")]
 use super::framing::HidMessage;
+use crate::pin::persistent_token::PersistentTokenStore;
 use crate::transport::error::TransportError;
 use crate::transport::Device;
 use crate::webauthn::error::Error;
@@ -24,6 +26,16 @@ pub trait HidPipeBackend: fmt::Debug + Send {
 #[derive(Debug, Clone)]
 pub struct HidDevice {
     pub backend: HidBackendDevice,
+    persistent_token_store: Option<Arc<dyn PersistentTokenStore>>,
+}
+
+impl HidDevice {
+    /// Attach a caller-supplied persistent pinUvAuthToken (pcmr) store. The store is
+    /// forwarded to every channel opened from this device.
+    pub fn with_persistent_token_store(mut self, store: Arc<dyn PersistentTokenStore>) -> Self {
+        self.persistent_token_store = Some(store);
+        self
+    }
 }
 
 #[derive(Debug, Clone)]
@@ -37,6 +49,7 @@ impl From<&DeviceInfo> for HidDevice {
     fn from(hidapi_device: &DeviceInfo) -> Self {
         Self {
             backend: HidBackendDevice::HidApiDevice(hidapi_device.clone()),
+            persistent_token_store: None,
         }
     }
 }
@@ -77,13 +90,15 @@ pub async fn list_devices() -> Result<Vec<HidDevice>, Error> {
 pub fn virtual_device<B: HidPipeBackend + 'static>(backend: B) -> HidDevice {
     HidDevice {
         backend: HidBackendDevice::VirtualDevice(Arc::new(Mutex::new(backend))),
+        persistent_token_store: None,
     }
 }
 
 #[async_trait]
 impl<'d> Device<'d, Hid, HidChannel<'d>> for HidDevice {
     async fn channel(&'d mut self) -> Result<HidChannel<'d>, Error> {
-        let channel = HidChannel::new(self).await?;
+        let store = self.persistent_token_store.clone();
+        let channel = HidChannel::new(self, store).await?;
         Ok(channel)
     }