Add a higher-level AuthenticatorService that can query multiple backends

Author: jcjones

Cargo.toml

@@ -43,3 +43,4 @@ bitflags = "1.0"
 sha2 = "^0.8.2"
 base64 = "^0.10"
 env_logger = "^0.6"
+getopts = "^0.2"

examples/main.rs

@@ -4,27 +4,19 @@
 
 extern crate authenticator;
 extern crate base64;
+extern crate env_logger;
+extern crate getopts;
+extern crate log;
 extern crate sha2;
+
 use authenticator::{
-    AuthenticatorTransports, KeyHandle, RegisterFlags, SignFlags, StatusUpdate, U2FManager,
+    authenticatorservice::AuthenticatorService, AuthenticatorTransports, KeyHandle, RegisterFlags,
+    SignFlags, StatusUpdate,
 };
+use getopts::Options;
 use sha2::{Digest, Sha256};
 use std::sync::mpsc::{channel, RecvError};
-use std::{io, thread};
-
-extern crate env_logger;
-extern crate log;
-
-macro_rules! try_or {
-    ($val:expr, $or:expr) => {
-        match $val {
-            Ok(v) => v,
-            Err(e) => {
-                return $or(e);
-            }
-        }
-    };
-}
+use std::{env, io, thread};
 
 fn u2f_get_key_handle_from_register_response(register_response: &[u8]) -> io::Result<Vec<u8>> {
     if register_response[0] != 0x05 {
@@ -42,9 +34,35 @@ fn u2f_get_key_handle_from_register_response(register_response: &[u8]) -> io::Re
     Ok(key_handle)
 }
 
+fn print_usage(program: &str, opts: Options) {
+    let brief = format!("Usage: {} [options]", program);
+    print!("{}", opts.usage(&brief));
+}
+
 fn main() {
     env_logger::init();
 
+    let args: Vec<String> = env::args().collect();
+    let program = args[0].clone();
+
+    let mut opts = Options::new();
+    opts.optflag("x", "no-u2f-usb-hid", "do not enable u2f-usb-hid platforms");
+    opts.optflag("h", "help", "print this help menu");
+    let matches = match opts.parse(&args[1..]) {
+        Ok(m) => m,
+        Err(f) => panic!(f.to_string()),
+    };
+    if matches.opt_present("help") {
+        print_usage(&program, opts);
+        return;
+    }
+
+    let mut manager =
+        AuthenticatorService::new().expect("The auth service should initialize safely");
+    if !matches.opt_present("no-u2f-usb-hid") {
+        manager.add_u2f_usb_hid_platform_transports();
+    }
+
     println!("Asking a security key to register now...");
     let challenge_str = format!(
         "{}{}",
@@ -59,7 +77,6 @@ fn main() {
     application.input(b"http://demo.yubico.com");
     let app_bytes = application.result().to_vec();
 
-    let manager = U2FManager::new().unwrap();
     let flags = RegisterFlags::empty();
 
     let (status_tx, status_rx) = channel::<StatusUpdate>();
@@ -94,13 +111,12 @@ fn main() {
                 register_tx.send(rv).unwrap();
             },
         )
-        .unwrap();
+        .expect("Couldn't register");
 
-    let register_result = try_or!(register_rx.recv(), |_| {
-        panic!("Problem receiving, unable to continue");
-    });
-    let (register_data, device_info) =
-        register_result.unwrap_or_else(|e| panic!("Registration failed: {:?}", e));
+    let register_result = register_rx
+        .recv()
+        .expect("Problem receiving, unable to continue");
+    let (register_data, device_info) = register_result.expect("Registration failed");
 
     println!("Register result: {}", base64::encode(&register_data));
     println!("Device info: {}", &device_info);
@@ -113,25 +129,24 @@ fn main() {
 
     let flags = SignFlags::empty();
     let (sign_tx, sign_rx) = channel();
-    manager
-        .sign(
-            flags,
-            15_000,
-            chall_bytes,
-            vec![app_bytes],
-            vec![key_handle],
-            status_tx,
-            move |rv| {
-                sign_tx.send(rv).unwrap();
-            },
-        )
-        .unwrap();
+    if let Err(e) = manager.sign(
+        flags,
+        15_000,
+        chall_bytes,
+        vec![app_bytes],
+        vec![key_handle],
+        status_tx,
+        move |rv| {
+            sign_tx.send(rv).unwrap();
+        },
+    ) {
+        panic!("Couldn't register: {:?}", e);
+    }
 
-    let sign_result = try_or!(sign_rx.recv(), |_| {
-        panic!("Problem receiving, unable to continue");
-    });
-    let (_, handle_used, sign_data, device_info) =
-        sign_result.unwrap_or_else(|e| panic!("Sign failed: {:?}", e));
+    let sign_result = sign_rx
+        .recv()
+        .expect("Problem receiving, unable to continue");
+    let (_, handle_used, sign_data, device_info) = sign_result.expect("Sign failed");
 
     println!("Sign result: {}", base64::encode(&sign_data));
     println!("Key handle used: {}", base64::encode(&handle_used));

src/authenticatorservice.rs

@@ -0,0 +1,174 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use std::io;
+use std::sync::mpsc::Sender;
+
+use crate::consts::PARAMETER_SIZE;
+use crate::util::StateCallback;
+
+pub trait AuthenticatorTransport {
+    /// The implementation of this method must return quickly and should
+    /// report its status via the status and callback methods
+    fn register(
+        &self,
+        flags: crate::RegisterFlags,
+        timeout: u64,
+        challenge: Vec<u8>,
+        application: crate::AppId,
+        key_handles: Vec<crate::KeyHandle>,
+        status: Sender<crate::StatusUpdate>,
+        callback: StateCallback<Result<crate::RegisterResult, crate::Error>>,
+    ) -> Result<(), crate::Error>;
+
+    /// The implementation of this method must return quickly and should
+    /// report its status via the status and callback methods
+    fn sign(
+        &self,
+        flags: crate::SignFlags,
+        timeout: u64,
+        challenge: Vec<u8>,
+        app_ids: Vec<crate::AppId>,
+        key_handles: Vec<crate::KeyHandle>,
+        status: Sender<crate::StatusUpdate>,
+        callback: StateCallback<Result<crate::SignResult, crate::Error>>,
+    ) -> Result<(), crate::Error>;
+
+    fn cancel(&self) -> Result<(), crate::Error>;
+}
+
+pub struct AuthenticatorService {
+    transports: Vec<Box<dyn AuthenticatorTransport>>,
+}
+
+impl AuthenticatorService {
+    pub fn new() -> io::Result<Self> {
+        Ok(Self {
+            transports: Vec::new(),
+        })
+    }
+
+    /// Add any detected platform transports
+    pub fn add_detected_transports(&mut self) {
+        self.add_u2f_usb_hid_platform_transports();
+    }
+
+    pub fn add_u2f_usb_hid_platform_transports(&mut self) {
+        if let Ok(u2fhid) = crate::U2FManager::new() {
+            self.transports.push(Box::new(u2fhid));
+        }
+    }
+
+    pub fn register<F>(
+        &self,
+        flags: crate::RegisterFlags,
+        timeout: u64,
+        challenge: Vec<u8>,
+        application: crate::AppId,
+        key_handles: Vec<crate::KeyHandle>,
+        status: Sender<crate::StatusUpdate>,
+        callback: F,
+    ) -> Result<(), crate::Error>
+    where
+        F: Fn(Result<crate::RegisterResult, crate::Error>),
+        F: Send + 'static,
+    {
+        if challenge.len() != PARAMETER_SIZE || application.len() != PARAMETER_SIZE {
+            return Err(crate::Error::Unknown);
+        }
+
+        for key_handle in &key_handles {
+            if key_handle.credential.len() > 256 {
+                return Err(crate::Error::Unknown);
+            }
+        }
+
+        if self.transports.is_empty() {
+            return Err(crate::Error::NotSupported);
+        }
+
+        let callback = StateCallback::new(Box::new(callback));
+
+        for transport in &self.transports {
+            transport.register(
+                flags.clone(),
+                timeout,
+                challenge.clone(),
+                application.clone(),
+                key_handles.clone(),
+                status.clone(),
+                callback.clone(),
+            )?;
+        }
+
+        Ok(())
+    }
+
+    pub fn sign<F>(
+        &self,
+        flags: crate::SignFlags,
+        timeout: u64,
+        challenge: Vec<u8>,
+        app_ids: Vec<crate::AppId>,
+        key_handles: Vec<crate::KeyHandle>,
+        status: Sender<crate::StatusUpdate>,
+        callback: F,
+    ) -> Result<(), crate::Error>
+    where
+        F: Fn(Result<crate::SignResult, crate::Error>),
+        F: Send + 'static,
+    {
+        if challenge.len() != PARAMETER_SIZE {
+            return Err(crate::Error::Unknown);
+        }
+
+        if app_ids.is_empty() {
+            return Err(crate::Error::Unknown);
+        }
+
+        for app_id in &app_ids {
+            if app_id.len() != PARAMETER_SIZE {
+                return Err(crate::Error::Unknown);
+            }
+        }
+
+        for key_handle in &key_handles {
+            if key_handle.credential.len() > 256 {
+                return Err(crate::Error::Unknown);
+            }
+        }
+
+        if self.transports.is_empty() {
+            return Err(crate::Error::NotSupported);
+        }
+
+        let callback = StateCallback::new(Box::new(callback));
+
+        for transport in &self.transports {
+            transport.sign(
+                flags.clone(),
+                timeout,
+                challenge.clone(),
+                app_ids.clone(),
+                key_handles.clone(),
+                status.clone(),
+                callback.clone(),
+            )?;
+        }
+
+        Ok(())
+    }
+
+    pub fn cancel(&self) -> Result<(), crate::Error> {
+        if self.transports.is_empty() {
+            return Err(crate::Error::NotSupported);
+        }
+
+        for transport in &self.transports {
+            transport.cancel()?;
+        }
+
+        Ok(())
+    }
+}