Use libwebauthn for JSON request parsing

credentialsd/Cargo.toml

@@ -11,7 +11,7 @@ async-trait = "0.1.89"
 base64 = "0.22.1"
 credentialsd-common = { path = "../credentialsd-common" }
 futures-lite.workspace = true
-libwebauthn = { git = "https://github.com/linux-credentials/libwebauthn.git", rev="80545bff16c4e89a930221e90d3141a76303b84b", features = ["libnfc","pcsc"] }
+libwebauthn = { version = "0.3.0", features = ["libnfc","pcsc"] }
 # TODO: split nfc and pcsc into separate features
 # Also, 0.6.1 fails to build with non-vendored library.
 # https://github.com/alexrsagen/rs-nfc1/issues/15

credentialsd/src/credential_service/hybrid.rs

@@ -51,7 +51,13 @@ impl HybridHandler for InternalHybridHandler {
                     QrCodeOperationHint::GetAssertionRequest
                 }
             };
-            let mut device = CableQrCodeDevice::new_transient(hint);
+            let mut device = match CableQrCodeDevice::new_transient(hint) {
+                Ok(device) => device,
+                Err(err) => {
+                    tracing::error!("Failed to create caBLE QR code device: {:?}", err);
+                    return;
+                }
+            };
             let qr_code = device.qr_code.to_string();
             if let Err(err) = tx.send(HybridStateInternal::Init(qr_code)).await {
                 tracing::error!("Failed to send caBLE update: {:?}", err);

credentialsd/src/credential_service/mod.rs

@@ -381,6 +381,7 @@ impl From<GetAssertionResponse> for AuthenticatorResponse {
 mod test {
     use std::{sync::Arc, time::Duration};
 
+    use base64::Engine as _;
     use libwebauthn::{
         ops::webauthn::{
             MakeCredentialRequest, ResidentKeyRequirement, UserVerificationRequirement,
@@ -396,9 +397,7 @@ mod test {
         credential_service::usb::InProcessUsbHandler,
         dbus::test::{DummyFlowServer, DummyUiServer},
         model::CredentialRequest,
-        webauthn::{self, NavigationContext},
     };
-    use credentialsd_common::model::Operation;
 
     use super::{
         hybrid::{test::DummyHybridHandler, HybridStateInternal},
@@ -456,13 +455,15 @@ mod test {
 
     fn create_credential_request() -> CredentialRequest {
         let challenge = "Ox0AXQz7WUER7BGQFzvVrQbReTkS3sepVGj26qfUhhrWSarkDbGF4T4NuCY1aAwHYzOzKMJJ2YRSatetl0D9bQ";
-        let origin = NavigationContext::SameOrigin("https://webauthn.io".parse().unwrap());
-        let client_data_json =
-            webauthn::format_client_data_json(Operation::Create, challenge, &origin);
-        let client_data_hash = webauthn::create_client_data_hash(&client_data_json);
+        let origin = "webauthn.io".to_string();
+        let is_cross_origin = false;
+        let challenge_bytes = base64::engine::general_purpose::URL_SAFE_NO_PAD
+            .decode(challenge)
+            .expect("valid base64url challenge");
         let make_request = MakeCredentialRequest {
-            hash: client_data_hash,
-            origin: "https://webauthn.io".to_string(),
+            challenge: challenge_bytes,
+            origin: origin.clone(),
+            cross_origin: Some(is_cross_origin),
             relying_party: Ctap2PublicKeyCredentialRpEntity {
                 id: "webauthn.io".to_string(),
                 name: Some("webauthn.io".to_string()),

credentialsd/src/credential_service/nfc.rs

@@ -39,8 +39,11 @@ impl InProcessNfcHandler {
         prev_nfc_state: &NfcStateInternal,
     ) -> Result<NfcStateInternal, Error> {
         match libwebauthn::transport::nfc::get_nfc_device().await {
-            Ok(None) => Ok(NfcStateInternal::Waiting),
-            Ok(Some(hid_device)) => Ok(NfcStateInternal::Connected(hid_device)),
+            Ok(Some(nfc_device)) => Ok(NfcStateInternal::Connected(nfc_device)),
+            Ok(None) => {
+                let state = NfcStateInternal::Waiting;
+                Ok(state)
+            }
             Err(err) => {
                 *failures += 1;
                 if *failures == 5 {
@@ -527,6 +530,9 @@ async fn handle_nfc_updates(
             UvUpdate::PresenceRequired => {
                 tracing::debug!("Authenticator requested user presence, but that makes no sense for NFC. Skipping");
             }
+            UvUpdate::PinNotSet(_) => {
+                tracing::error!("Authenticator requested PIN setup, which is not yet supported.");
+            }
         }
     }
     debug!("NFC update channel closed.");

credentialsd/src/credential_service/usb.rs

@@ -641,6 +641,9 @@ async fn handle_usb_updates(
                     tracing::error!("Authenticator requested user presence, but we cannot relay the message to the credential service: {:?}", err);
                 }
             }
+            UvUpdate::PinNotSet(_) => {
+                tracing::error!("Authenticator requested PIN setup, which is not yet supported.");
+            }
         }
     }
     debug!("USB update channel closed.");