Add basic support for caBLE authenticators / initiators

[micolous]

This implements a subset of caBLE v2.1 based on Chromium's implementation, and can act as both an initiator (acting as a transport for CtapAuthenticator) and an authenticator (proxying requests to AuthenticatorBackendHashedClientData, handling PIN/UV auth), and is the MVP for #259.

This handles all the Websockets and Noise-like tunnelling needed to make things work:

• If you're using this as an initiator (to authenticate with a mobile device), this generates a QR code, and works with platform Bluetooth APIs (bluez / CoreBluetooth / WinRT) to listen for the service data advertisement.
• If you want to use this as an authenticator (to pretend to be a mobile device) you'll need to provide a way to send service data advertisements (as macOS and Windows don't allow this); there's an example in cable_tunnel which uses a serial-connected Bluetooth HCI adapter. It's also best to do this on a separate device from the initiator, because it'll conflict with the initiator's local device access unless you're using SoftToken.

This works for me as an initiator with Android and iOS 16 authenticators, and as an authenticator with Chrome and Safari initiators (using Google's tunnel server).

Deferred work listed in #259.

• cargo fmt has been run
• cargo test has been run and passes
• documentation has been updated with relevant examples (if relevant)

In-development screenshots

MakeCredential flow on iOS 16:

GetAssertion flow on iOS 16:

[Firstyear]

@micolous In #235 I'm going to move to 0.5.0-dev, so I think we can merge this as WIP since we are still in dev here which will make it a bit easier for you to rebase and merge going forwards. What do you think?

[micolous]

@micolous In #235 I'm going to move to 0.5.0-dev, so I think we can merge this as WIP since we are still in dev here which will make it a bit easier for you to rebase and merge going forwards. What do you think?

This can't be merged right now, there's many broken things in this branch and tests which will always fail (as I hijacked them while experimenting).

I'm going to have to make some API changes to support caBLE (due to encryption and its unique operation mode), but my priority would be getting #215 in, as that's the biggest source of changes.

[Firstyear]

If iterm2 doesn't have the bluetooth permission you get an unwrap from main rather than a cleaner error handle I think.

2023-01-13T02:08:50.511584Z TRACE webauthn_authenticator_rs::cable: Waiting for beacon...
2023-01-13T02:08:50.554061Z  WARN btleplug::corebluetooth::internal: Authorization status Denied
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: BluetoothError("Permission denied")', webauthn-authenticator-rs/examples/authenticate/main.rs:105:22
stack backtrace:
   0:        0x105746be0 - std::backtrace_rs::backtrace::libunwind::trace::h74af4446853d6729
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:        0x105746be0 - std::backtrace_rs::backtrace::trace_unsynchronized::hbbdfd4ef476b857c
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:        0x105746be0 - std::sys_common::backtrace::_print_fmt::h5439e990fc83de1b
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/sys_common/backtrace.rs:65:5
   3:        0x105746be0 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h7f563e99e08996c8
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/sys_common/backtrace.rs:44:22
   4:        0x105760590 - core::fmt::write::h828d1a1d9994c0d4
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/fmt/mod.rs:1209:17
   5:        0x1057426a4 - std::io::Write::write_fmt::h5f89acb1837ba600
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/io/mod.rs:1682:15
   6:        0x1057469f4 - std::sys_common::backtrace::_print::h13f47e65a1f035c2
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/sys_common/backtrace.rs:47:5
   7:        0x1057469f4 - std::sys_common::backtrace::print::h840392abbac6ee51
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/sys_common/backtrace.rs:34:9
   8:        0x105748234 - std::panicking::default_hook::{{closure}}::h4759ed42ee25f714
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:267:22
   9:        0x105747f8c - std::panicking::default_hook::h0e3a71e8a2850720
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:286:9
  10:        0x105748870 - std::panicking::rust_panic_with_hook::h7210718e7f3b5517
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:688:13
  11:        0x105748680 - std::panicking::begin_panic_handler::{{closure}}::h783370b8bddac8b4
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:579:13
  12:        0x105747048 - std::sys_common::backtrace::__rust_end_short_backtrace::h33a0191324141f1f
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/sys_common/backtrace.rs:137:18
  13:        0x1057483d4 - rust_begin_unwind
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:575:5
  14:        0x10577e6a8 - core::panicking::panic_fmt::h8c7962154a272fe6
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/panicking.rs:65:14
  15:        0x10577e890 - core::result::unwrap_failed::ha0d091c1aec36a85
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/result.rs:1791:5
  16:        0x104dc46d8 - core::result::Result<T,E>::unwrap::h0dd9f801ff92bc43
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/result.rs:1113:23
  17:        0x104da11a8 - authenticate::Provider::connect_provider::{{closure}}::h0f51def57af2e97c
                               at /Users/william/development/kanidm/webauthn-rs/webauthn-authenticator-rs/examples/authenticate/main.rs:103:17
  18:        0x104d916f4 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h3d36fdf94e32c8f3
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/future/mod.rs:91:19
  19:        0x104da1a74 - authenticate::main::{{closure}}::hefc5b36c275baac3
                               at /Users/william/development/kanidm/webauthn-rs/webauthn-authenticator-rs/examples/authenticate/main.rs:124:9
  20:        0x104d931fc - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::hcfb69043cb5bcdb9
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/future/mod.rs:91:19
  21:        0x104ddc30c - tokio::runtime::park::CachedParkThread::block_on::{{closure}}::h18f703955ef9fa8b
                               at /Users/william/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/park.rs:283:63
  22:        0x104ddbdc4 - tokio::runtime::coop::with_budget::h9bdccc692b8fab62
                               at /Users/william/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/coop.rs:102:5
  23:        0x104ddbdc4 - tokio::runtime::coop::budget::h649ce0c15b1f4817
                               at /Users/william/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/coop.rs:68:5
  24:        0x104ddbdc4 - tokio::runtime::park::CachedParkThread::block_on::h1d8b1c68f7fb63dc
                               at /Users/william/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/park.rs:283:31
  25:        0x104dd5204 - tokio::runtime::context::BlockingRegionGuard::block_on::h3a65dfa4a982dd43
                               at /Users/william/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/context.rs:315:13
  26:        0x104dd73c4 - tokio::runtime::scheduler::multi_thread::MultiThread::block_on::haa35b93a7cb2a9ef
                               at /Users/william/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/scheduler/multi_thread/mod.rs:66:9
  27:        0x104da9b70 - tokio::runtime::runtime::Runtime::block_on::h4f846e7ff7639b66
                               at /Users/william/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/runtime.rs:284:45
  28:        0x104ddaca4 - authenticate::main::hfe20e83a0f6e0e82
                               at /Users/william/development/kanidm/webauthn-rs/webauthn-authenticator-rs/examples/authenticate/main.rs:165:5
  29:        0x104db6d2c - core::ops::function::FnOnce::call_once::hd6959a661b1fe268
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/ops/function.rs:251:5
  30:        0x104ddc46c - std::sys_common::backtrace::__rust_begin_short_backtrace::h5109139ce08dc3ea
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/sys_common/backtrace.rs:121:18
  31:        0x104d73f0c - std::rt::lang_start::{{closure}}::h7fccc5847b8233c3
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/rt.rs:166:18
  32:        0x10573e048 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h3b53062eab6199a4
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/core/src/ops/function.rs:286:13
  33:        0x10573e048 - std::panicking::try::do_call::h17d3b9ed3583552a
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:483:40
  34:        0x10573e048 - std::panicking::try::h2d654c437390750a
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:447:19
  35:        0x10573e048 - std::panic::catch_unwind::h0860f5037be189c4
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panic.rs:137:14
  36:        0x10573e048 - std::rt::lang_start_internal::{{closure}}::hac5a1bfdb95d5868
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/rt.rs:148:48
  37:        0x10573e048 - std::panicking::try::do_call::h6244e1d5ff64380f
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:483:40
  38:        0x10573e048 - std::panicking::try::h05734b1779c06a48
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panicking.rs:447:19
  39:        0x10573e048 - std::panic::catch_unwind::h01f5b06b20d00263
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/panic.rs:137:14
  40:        0x10573e048 - std::rt::lang_start_internal::h54d26558116c1823
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/rt.rs:148:20
  41:        0x104d73ed4 - std::rt::lang_start::h5f388ede3e95c6df
                               at /rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library/std/src/rt.rs:165:17
  42:        0x104ddad44 - _main

[micolous]

Now documented the permission issue and attempted to handle it a little better -- it is now an explicit error type.

It looks like GitHub Actions runners are having network issues; I've cancelled those for now, but this should/could be re-run later.