-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic support for caBLE authenticators / initiators #232
Conversation
This can't be merged right now, there's many broken things in this branch and tests which will always fail (as I hijacked them while experimenting). I'm going to have to make some API changes to support caBLE (due to encryption and its unique operation mode), but my priority would be getting #215 in, as that's the biggest source of changes. |
9a29302
to
81df802
Compare
If iterm2 doesn't have the bluetooth permission you get an unwrap from main rather than a cleaner error handle I think.
|
Now documented the permission issue and attempted to handle it a little better -- it is now an explicit error type. It looks like GitHub Actions runners are having network issues; I've cancelled those for now, but this should/could be re-run later. |
This implements a subset of caBLE v2.1 based on Chromium's implementation, and can act as both an initiator (acting as a transport for
CtapAuthenticator
) and an authenticator (proxying requests toAuthenticatorBackendHashedClientData
, handling PIN/UV auth), and is the MVP for #259.This handles all the Websockets and Noise-like tunnelling needed to make things work:
cable_tunnel
which uses a serial-connected Bluetooth HCI adapter. It's also best to do this on a separate device from the initiator, because it'll conflict with the initiator's local device access unless you're usingSoftToken
.This works for me as an initiator with Android and iOS 16 authenticators, and as an authenticator with Chrome and Safari initiators (using Google's tunnel server).
Deferred work listed in #259.
In-development screenshots
MakeCredential flow on iOS 16:
GetAssertion flow on iOS 16: