LDVG
commented
1 year ago Thank you for your contribution! Before having a more in-depth look, may I ask what authenticator you are testing this against?
Open akemnade opened 1 year ago
LDVG
commented
1 year ago Thank you for your contribution! Before having a more in-depth look, may I ask what authenticator you are testing this against?
akemnade
commented
1 year ago This was tested with:
eSecu FIDO2 pro (passkey printed on device, 20 byte control point size, fragmentation often needed, bluetooth turned off after a short time of inactivity) AirID2 Mini (full Numerical comparison for pairing, >200 byte control point size, so fragmentation rarely needed),
akemnade
commented
1 year ago about the ci-failures: cifuzz: it does not install dependencies correctly, and they are not specified in this repo, so I cannot do anything there easily. The other fuzzer:
==16136==WARNING: MemorySanitizer: use-of-uninitialized-value
5096
#0 0x7ff5d26bb286 (/lib/x86_64-linux-gnu/libsystemd.so.0+0x4b286) (BuildId: e45f7492c0f62251620378d7224ad0371a8d1f98)
5097
#1 0x7ff5d26b2ae7 in sd_bus_start (/lib/x86_64-linux-gnu/libsystemd.so.0+0x42ae7) (BuildId: e45f7492c0f62251620378d7224ad0371a8d1f98)
5098
#2 0x7ff5d26b2e88 in sd_bus_open_system_with_description (/lib/x86_64-linux-gnu/libsystemd.so.0+0x42e88) (BuildId: e45f7492c0f62251620378d7224ad0371a8d1f98)
5099
#3 0x7ff5d26ba157 in sd_bus_default_system (/lib/x86_64-linux-gnu/libsystemd.so.0+0x4a157) (BuildId: e45f7492c0f62251620378d7224ad0371a8d1f98)How to debug this? sd_bus_default_system just takes a pointer to a variable on the stack to write some output into this, so nothing scary. Can this be resolved to source code lines?
LDVG
commented
1 year ago How to debug this? sd_bus_default_system just takes a pointer to a variable on the stack to write some output into this, so nothing scary. Can this be resolved to source code lines?
MemorySanitizer requires the whole application to be instrumented -- libsystemd included.
We'd likely need to mock a lot of these calls to sensibly fuzz your implementation.
akemnade
commented
1 year ago CMakeFiles/fido2_shared.dir/ble_linux.c.o.d -o CMakeFiles/fido2_shared.dir/ble_linux.c.o -c /__w/libfido2/libfido2/src/ble_linux.c
327
In file included from /__w/libfido2/libfido2/src/ble_linux.c:2:
328
/usr/include/elogind/systemd/sd-bus.h:96:43: error: ISO C restricts enumerator values to range of 'int' [-Wpedantic]
329
96 | SD_BUS_CREDS_UNIQUE_NAME = 1ULL << 31,
330
| ^~~~
331
make[2]: *** [src/CMakeFiles/fido2.dir/build.make:569: src/CMakeFiles/fido2.dir/ble_linux.c.o] Error 1seems like a problem in alpine + libelogind in the ci run
akemnade
commented
1 year ago opened an issue for the alpine trouble: https://gitlab.alpinelinux.org/alpine/aports/-/issues/15102
By adding the include path, the alpine build got broken. Don't ask me questions...
akemnade
commented
1 year ago A summary of the alpine problem: later versions of sd-bus.h in systemd/elogind use extension keyword to allow 64bit enums even in pedantic mode. So this is solved in alpine edge already and next release in November. Without extension these things are tolerated in system includes (not something added via -I). E.g. debian does not add -Isomething in pkg-config --cflags for libsystemd, so that gets ignored, alpine does, but has a copy of the header files in /usr/include/systemd besides of /usr/include/elogind, so things are found in any case.
So what can we do now:
jo-bitsch
commented
9 months ago I'm very interested in that functionality and would be willing to help fixing the remaining issues.
The alpine issue referenced above should be fixed in the current stable (as of the new release of alpine v.3.19 released last December 7, 2023). As the pipeline refers to latest ( https://github.com/Yubico/libfido2/blob/f03f4c4d9d25e932066bef5f26b8b82a686ccd33/.github/workflows/alpine_builds.yml#L20) this might just work.
Unfortunately, I can't inspect the fuzzing issues, as the log expired.
For Windows it was already added via gh#336, so let's also add it for Linux. Unpaired devices are ignored, the user has to pair independently of libfido use using the bluetooth manager provided by the desktop environment.