Closed timvw01 closed 1 year ago
Sounds like something @micolous would know
@timvw01 This part of the library is still "growing" so I'd expect some issues like this, but thank you for reporting them so we can help investigate :)
@timvw01 That could easily be a bug in this library too... though you mention it worked on Windows 11; so I suspect there's a compatibility issue with that version of Windows.
Can you please provide some details for me:
the output of rustc -vV
(which will show what compiler and CPU architecture you're using)
the full OS build
number shown in Settings
-> System
-> About
-> Windows Specifications
("19045" only tells me you're on Windows 10 22H2, not the minor version)
the full version of c:\windows\system32\webauthn.dll
and c:\windows\syswow64\webauthn.dll
on your system (and if you can, the SHA-256 of the files as well).
That should be visible in Explorer's properties dialog, eg: 10.0.19041.2075
, and this may not match your Windows version.
are you running the code on the same machine that the authenticator is connected to, or via an RDP connection to another host?
what model security key are you using? what transport are you using (USB, NFC, BTLE)? which protocols does it support/have enabled (U2F, CTAP 2.0, 2.1, etc.)?
I may have the same key, so might be able to try stuff out locally.
can you reproduce the access violation running the authenticate
example in the repository?
cargo run --example authenticate --features win10 -- win10
Even if it's just affecting your code, it's still helpful to figure out if there's some missing input handling.
the log output with a complete stack trace ($Env:RUST_BACKTRACE = "full"
) and trace debug output enabled ($Env:RUST_LOG = "trace"
)
the contents of the PublicKeyCredentialRequestOptions
struct for the perform_auth
call (trace!(?pubkey);
should work)
You can also see what Windows is doing in the Event Viewer: attached is a custom view XML that'll show you everything in the last 24 hours: https://gist.github.com/micolous/95f9c20b6e36988475fd514f33bab2c5
Absolutely, see below:
rustc 1.65.0 (897e37553 2022-11-02) binary: rustc commit-hash: 897e37553bba8b42751c67658967889d11ecd120 commit-date: 2022-11-02 host: x86_64-pc-windows-msvc release: 1.65.0 LLVM version: 15.0.0
19045.2486
Algorithm Hash Path
--------- ---- ----
SHA256 890EE5E38BBE940A5CF9605F5D61EE2D9B00FD893023C5286B25DBB82B3DC918 C:\Windows\System32\webauthn.dll
Algorithm Hash Path
--------- ---- ----
SHA256 BF881993AA1B48294F9757DAE7277C4C4050A1CAF19AE3E9F4AEC67D7242E261 C:\Windows\SysWOW64\webauthn.dll
Yes its the same machine
what model security key are you using? what transport are you using (USB, NFC, BTLE)? Its windows itself, so Windows Hello i guess?
which protocols does it support/have enabled (U2F, CTAP 2.0, 2.1, etc.)? Not too sure about this one, where can i find this info?
can you reproduce the access violation running the authenticate example in the repository?
yes, the results and the point at which it crashes are the same
error: process didn't exit successfully: `target\debug\examples\authenticate.exe win10` (exit code: 0xc0000005, STATUS_ACCESS_VIOLATION)
Using Windows 10...
2023-01-24T20:34:10.112941Z TRACE webauthn_authenticator_rs::win10: WebAuthNGetApiVersionNumber(): 2
2023-01-24T20:34:10.124279Z TRACE webauthn_authenticator_rs::win10: WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable() = true
2023-01-24T20:34:10.126805Z INFO authenticate: 🍿 challenge -> CreationChallengeResponse { public_key: PublicKeyCredentialCreationOptions { rp: RelyingParty { name: "https://localhost:8080/auth", id: "localhost" }, user: User { id: Base64UrlSafeData([9e, aa, e4, 59, 44, 1c, 49, c2, 86, 13, e3, 99, 6b, dc, 96, ee]), name: "william", display_name: "william" }, challenge: Base64UrlSafeData([db, c7, 4b, cc, ae, 80, 66, 75, 47, 58, 47, f0, a2, 8b, 86, 8d, ae, 3e, 57, ed, bc, c2, 24, 77, e0, d9, bc, 4b, 26, d2, 8f,
78]), pub_key_cred_params: [PubKeyCredParams { type_: "public-key", alg: fffffffffffffff9 }, PubKeyCredParams { type_: "public-key", alg: fffffffffffffeff }], timeout: Some(1), attestation: Some(None), exclude_credentials: None, authenticator_selection: Some(AuthenticatorSelectionCriteria { authenticator_attachment: None, require_resident_key: false, user_verification: Preferred }), extensions: None } }
2023-01-24T20:34:10.133167Z TRACE webauthn_authenticator_rs::win10::gui: Tried to set the foreground window, but the request was denied.
2023-01-24T20:34:14.229481Z TRACE webauthn_rs_core::core: state=RegistrationState { policy: Preferred, exclude_credentials: [], challenge: Base64UrlSafeData([219, 199, 75,
204, 174, 128, 102, 117, 71, 88, 71, 240, 162, 139, 134, 141, 174, 62, 87, 237, 188, 194, 36, 119, 224, 217, 188, 75, 38, 210, 143, 120]), credential_algorithms: [ES256, RS256], require_resident_key: false, authenticator_attachment: None, extensions: RequestRegistrationExtensions { cred_protect: None, uvm: Some(true), cred_props: Some(true),
min_pin_length: None, hmac_create_secret: None }, experimental_allow_passkeys: true }
2023-01-24T20:34:14.261176Z TRACE webauthn_rs_core::core: reg=RegisterPublicKeyCredential { id: "ctHQ_ShgsGb2-lP6Dgh4iG-ZOJRyCy5IYlv1yDA5j2s", raw_id: Base64UrlSafeData([114, 209, 208, 253, 40, 96, 176, 102, 246, 250, 83, 250, 14, 8, 120, 136, 111, 153, 56, 148, 114, 11, 46, 72, 98, 91, 245, 200, 48, 57, 143, 107]), response: AuthenticatorAttestationResponseRaw { attestation_object: Base64UrlSafeData([163, 99, 102, 109, 116, 100, 110, 111, 110, 101, 103, 97, 116, 116, 83, 116, 109, 116, 160, 104, 97, 117, 116,
104, 68, 97, 116, 97, 89, 1, 103, 73, 150, 13, 229, 136, 14, 140, 104, 116, 52, 23, 15, 100, 118, 96, 91, 143, 228, 174, 185, 162, 134, 50, 199, 153, 92, 243, 186, 131, 29, 151, 99, 69, 0, 0, 0, 0, 96, 40, 176, 23, 177, 212, 76, 2, 180, 179, 175, 205, 175, 201, 107, 178, 0, 32, 114, 209, 208, 253, 40, 96, 176, 102, 246, 250, 83, 250, 14, 8, 120, 136, 111, 153, 56, 148, 114, 11, 46, 72, 98, 91, 245, 200, 48, 57, 143, 107, 164, 1, 3, 3, 57, 1, 0, 32, 89, 1, 0, 181, 63, 82, 32, 36, 61, 47, 48, 47, 158, 226, 232, 177, 219, 84, 93, 23, 64, 160, 221, 24, 123, 141, 92, 188, 82, 139, 97, 82, 94, 112, 73, 115, 254, 145, 55, 199, 248, 3, 83, 36, 224, 69, 221, 76, 49, 77, 162, 195, 81, 28,
80, 178, 183, 142, 161, 249, 37, 36, 238, 159, 29, 107, 49, 80, 195, 137, 129, 244, 245, 148, 110, 176, 131, 104, 198, 251, 63, 125, 235, 71, 105, 82, 237, 25, 60, 96, 11,
26, 157, 190, 167, 75, 224, 51, 81, 113, 0, 247, 51, 3, 24, 69, 191, 12, 101, 79, 112, 62, 55, 38, 1, 132, 38, 62, 14, 136, 152, 34, 37, 147, 174, 151, 97, 207, 32, 221, 114, 33, 7, 72, 160, 75, 218, 97, 20, 225, 242, 28, 78, 142, 100, 95, 62, 4, 164, 212, 111, 128, 74, 208, 92, 254, 7, 62, 242, 208, 94, 223, 60, 242, 234, 202, 37, 200, 31, 38, 217, 208, 45, 19, 5, 181, 116, 190, 13, 193, 137, 134, 149, 26, 239, 126, 60, 174, 57, 170, 18, 165, 250, 58, 21, 213, 247, 155, 38, 198, 210, 78, 198, 66, 130, 39, 118, 226, 135, 241, 166, 115, 196, 89, 143, 37, 249, 204, 90, 248, 161, 188, 201, 193, 18, 196, 140, 118, 69, 30, 250, 208, 135, 255, 223, 224, 50, 147, 26, 18, 134, 90, 132, 58, 230, 199, 53, 221, 44, 182, 54, 227, 76, 29, 163, 242, 152, 194, 73, 33, 67, 1, 0, 1]), client_data_json: Base64UrlSafeData([123, 34, 116, 121, 112, 101, 34, 58, 34, 119, 101, 98, 97, 117, 116, 104, 110, 46, 99, 114, 101, 97, 116, 101, 34, 44, 34, 99, 104, 97, 108, 108, 101, 110, 103, 101, 34, 58, 34, 50, 56, 100, 76, 122, 75, 54, 65, 90,
110, 86, 72, 87, 69, 102, 119, 111, 111, 117, 71, 106, 97, 52, 45, 86, 45, 50, 56, 119, 105, 82, 51, 52, 78, 109, 56, 83, 121, 98, 83, 106, 51, 103, 34, 44, 34, 111, 114, 105, 103, 105, 110, 34, 58, 34, 104, 116, 116, 112, 115, 58, 47, 47, 108, 111, 99, 97, 108, 104, 111, 115, 116, 58, 56, 48, 56, 48, 47, 34, 44, 34, 116, 111, 107, 101, 110,
66, 105, 110, 100, 105, 110, 103, 34, 58, 110, 117, 108, 108, 125]), transports: Some([Internal]) }, type_: "none", extensions: RegistrationExtensionsClientOutputs { appid: None, cred_props: None, hmac_secret: None, cred_protect: None, min_pin_length: None } }
2023-01-24T20:34:14.303526Z TRACE webauthn_rs_core::internals: AttestationObjectInner v=Map({Text("fmt"): Text("none"), Text("attStmt"): Map({}), Text("authData"): Bytes([73, 150, 13, 229, 136, 14, 140, 104, 116, 52, 23, 15, 100, 118, 96, 91, 143, 228, 174, 185, 162, 134, 50, 199, 153, 92, 243, 186, 131, 29, 151, 99, 69, 0, 0, 0, 0, 96, 40, 176, 23, 177, 212, 76, 2, 180, 179, 175, 205, 175, 201, 107, 178, 0, 32, 114, 209, 208, 253, 40, 96, 176, 102, 246, 250, 83, 250, 14, 8, 120, 136, 111, 153, 56, 148, 114, 11, 46, 72, 98, 91, 245, 200, 48, 57, 143, 107, 164, 1, 3, 3, 57, 1, 0, 32, 89, 1, 0, 181, 63, 82, 32, 36, 61, 47, 48, 47, 158, 226, 232, 177, 219, 84, 93, 23, 64, 160, 221,
24, 123, 141, 92, 188, 82, 139, 97, 82, 94, 112, 73, 115, 254, 145, 55, 199, 248, 3, 83, 36, 224, 69, 221, 76, 49, 77, 162, 195, 81, 28, 80, 178, 183, 142, 161, 249, 37, 36, 238, 159, 29, 107, 49, 80, 195, 137, 129, 244, 245, 148, 110, 176, 131, 104, 198, 251, 63, 125, 235, 71, 105, 82, 237, 25, 60, 96, 11, 26, 157, 190, 167, 75, 224, 51, 81, 113, 0, 247, 51, 3, 24, 69, 191, 12, 101, 79, 112, 62, 55, 38, 1, 132, 38, 62, 14, 136, 152, 34, 37, 147, 174, 151, 97, 207, 32, 221, 114, 33, 7, 72, 160, 75, 218, 97, 20, 225, 242, 28, 78, 142, 100, 95, 62, 4, 164, 212, 111, 128, 74, 208, 92, 254, 7, 62, 242, 208, 94, 223, 60, 242, 234, 202, 37, 200, 31, 38, 217, 208, 45, 19, 5, 181, 116, 190, 13, 193, 137, 134, 149, 26, 239, 126, 60, 174, 57, 170, 18, 165, 250, 58, 21, 213, 247, 155, 38, 198, 210, 78, 198, 66, 130, 39, 118, 226, 135, 241, 166, 115, 196, 89,
143, 37, 249, 204, 90, 248, 161, 188, 201, 193, 18, 196, 140, 118, 69, 30, 250, 208, 135, 255, 223, 224, 50, 147, 26, 18, 134, 90, 132, 58, 230, 199, 53, 221, 44, 182, 54,
227, 76, 29, 163, 242, 152, 194, 73, 33, 67, 1, 0, 1])})
2023-01-24T20:34:14.337132Z TRACE webauthn_rs_core::internals: extensions=None
2023-01-24T20:34:14.340918Z DEBUG webauthn_rs_core::core: extensions: RegistrationSignedExtensions { cred_protect: None, hmac_secret: None, unknown_keys: {} }
2023-01-24T20:34:14.354052Z DEBUG webauthn_rs_core::core: attestation is: None
2023-01-24T20:34:14.364987Z DEBUG webauthn_rs_core::core: attested credential data is: AttestedCredentialData { aaguid: [96, 40, 176, 23, 177, 212, 76, 2, 180, 179, 175, 205, 175, 201, 107, 178], credential_id: Base64UrlSafeData([114, 209, 208, 253, 40, 96, 176, 102, 246, 250, 83, 250, 14, 8, 120, 136, 111, 153, 56, 148, 114, 11, 46, 72, 98,
91, 245, 200, 48, 57, 143, 107]), credential_pk: Map({Integer(1): Integer(3), Integer(3): Integer(-257), Integer(-1): Bytes([181, 63, 82, 32, 36, 61, 47, 48, 47, 158, 226,
232, 177, 219, 84, 93, 23, 64, 160, 221, 24, 123, 141, 92, 188, 82, 139, 97, 82, 94, 112, 73, 115, 254, 145, 55, 199, 248, 3, 83, 36, 224, 69, 221, 76, 49, 77, 162, 195, 81, 28, 80, 178, 183, 142, 161, 249, 37, 36, 238, 159, 29, 107, 49, 80, 195, 137, 129, 244, 245, 148, 110, 176, 131, 104, 198, 251, 63, 125, 235, 71, 105, 82, 237, 25, 60, 96, 11, 26, 157, 190, 167, 75, 224, 51, 81, 113, 0, 247, 51, 3, 24, 69, 191, 12, 101, 79, 112, 62, 55, 38, 1, 132, 38, 62, 14, 136, 152, 34, 37, 147, 174, 151, 97, 207, 32, 221, 114, 33, 7, 72, 160, 75, 218, 97, 20, 225, 242, 28, 78, 142, 100, 95, 62, 4, 164, 212, 111, 128, 74, 208, 92, 254, 7, 62, 242, 208, 94, 223, 60, 242, 234, 202, 37, 200, 31, 38, 217, 208, 45, 19, 5, 181, 116, 190, 13, 193, 137, 134, 149, 26, 239, 126, 60, 174, 57, 170, 18, 165, 250, 58, 21, 213, 247, 155, 38, 198, 210, 78, 198, 66, 130, 39, 118, 226, 135, 241, 166, 115, 196, 89, 143, 37, 249, 204, 90, 248, 161, 188, 201, 193, 18, 196, 140, 118, 69, 30, 250, 208, 135, 255, 223, 224, 50, 147, 26, 18, 134, 90,
132, 58, 230, 199, 53, 221, 44, 182, 54, 227, 76, 29, 163, 242, 152, 194, 73]), Integer(-2): Bytes([1, 0, 1])}) }
2023-01-24T20:34:14.383536Z TRACE webauthn_rs_core::internals: extensions=RegisteredExtensions { cred_protect: NotRequested, hmac_create_secret: NotRequested, appid: NotRequested, cred_props: Ignored }
2023-01-24T20:34:14.394581Z DEBUG webauthn_rs_core::core: attested_ca_crt = None
2023-01-24T20:34:14.399774Z TRACE authenticate: cred=Credential { cred_id: Base64UrlSafeData([114, 209, 208, 253, 40, 96, 176, 102, 246, 250, 83, 250, 14, 8, 120, 136, 111, 153, 56, 148, 114, 11, 46, 72, 98, 91, 245, 200, 48, 57, 143, 107]), cred: COSEKey { type_: RS256, key: RSA(COSERSAKey { n: Base64UrlSafeData([181, 63, 82, 32, 36, 61, 47, 48, 47, 158, 226, 232, 177, 219, 84, 93, 23, 64, 160, 221, 24, 123, 141, 92, 188, 82, 139, 97, 82, 94, 112, 73, 115, 254, 145, 55, 199, 248, 3, 83, 36, 224, 69, 221, 76, 49, 77, 162, 195, 81, 28, 80, 178, 183, 142, 161, 249, 37, 36, 238, 159, 29, 107, 49, 80, 195, 137, 129, 244, 245, 148, 110, 176, 131, 104, 198, 251, 63, 125, 235, 71, 105,
82, 237, 25, 60, 96, 11, 26, 157, 190, 167, 75, 224, 51, 81, 113, 0, 247, 51, 3, 24, 69, 191, 12, 101, 79, 112, 62, 55, 38, 1, 132, 38, 62, 14, 136, 152, 34, 37, 147, 174,
151, 97, 207, 32, 221, 114, 33, 7, 72, 160, 75, 218, 97, 20, 225, 242, 28, 78, 142, 100, 95, 62, 4, 164, 212, 111, 128, 74, 208, 92, 254, 7, 62, 242, 208, 94, 223, 60, 242, 234, 202, 37, 200, 31, 38, 217, 208, 45, 19, 5, 181, 116, 190, 13, 193, 137, 134, 149, 26, 239, 126, 60, 174, 57, 170, 18, 165, 250, 58, 21, 213, 247, 155, 38, 198, 210, 78, 198, 66, 130, 39, 118, 226, 135, 241, 166, 115, 196, 89, 143, 37, 249, 204, 90, 248, 161, 188, 201, 193, 18, 196, 140, 118, 69, 30, 250, 208, 135, 255, 223, 224, 50, 147, 26, 18, 134, 90, 132, 58, 230, 199, 53, 221, 44, 182, 54, 227, 76, 29, 163, 242, 152, 194, 73]), e: [1, 0, 1] }) }, counter: 0, transports: None, user_verified: true, backup_eligible: false, backup_state: false, registration_policy: Preferred, extensions: RegisteredExtensions { cred_protect: NotRequested, hmac_create_secret: NotRequested, appid: NotRequested, cred_props: Ignored }, attestation: ParsedAttestation { data: None, metadata: None }, attestation_format: None }
2023-01-24T20:34:14.414276Z TRACE webauthn_authenticator_rs::win10: options=PublicKeyCredentialRequestOptions { challenge: Base64UrlSafeData([92, 169, 87, 7, 34, 124, 65, 126, 98, 158, 199, 208, 178, 250, 13, 33, 61, 218, 145, 220, 57, 120, 8, 197, 223, 50, 125, 155, 145, 243, 194, 112]), timeout: Some(1), rp_id: "localhost", allow_credentials: [AllowCredentials { type_: "public-key", id: Base64UrlSafeData([114, 209, 208, 253, 40, 96, 176, 102, 246, 250, 83, 250, 14, 8, 120, 136, 111, 153, 56, 148, 114, 11, 46, 72, 98, 91, 245, 200, 48, 57, 143, 107]), transports: None }], user_verification: Preferred, extensions: Some(RequestAuthenticationExtensions { appid: Some("example.app.id"), uvm: None, hmac_get_secret: None }) }
2023-01-24T20:34:14.521673Z TRACE webauthn_authenticator_rs::win10::gui: Tried to set the foreground window, but the request was denied.
error: process didn't exit successfully: `target\debug\examples\authenticate.exe win10` (exit code: 0xc0000005, STATUS_ACCESS_VIOLATION)
2023-01-24T20:46:35.333514Z TRACE authenticate: chal.public_key=PublicKeyCredentialRequestOptions { challenge: Base64UrlSafeData([77, 104, 154, 252, 164, 179, 74, 167, 184, 211, 121, 108, 37, 60, 252, 28, 208, 90, 101, 35, 229, 247, 136, 53, 106, 2, 202, 85, 156, 54, 24, 82]), timeout: Some(1), rp_id: "localhost", allow_credentials: [AllowCredentials { type_: "public-key", id: Base64UrlSafeData([224, 24, 140, 160, 74, 74, 23, 95, 43, 90, 73, 219, 188, 185, 74, 105, 4, 55, 250, 188, 57, 175, 126, 226, 0, 24, 122, 175, 72, 28, 3, 124]), transports: None }], user_verification: Preferred, extensions: Some(RequestAuthenticationExtensions { appid: Some("example.app.id"), uvm: None, hmac_get_secret: None }) }
Nice this will be helpful with the further webauthn development !
Thanks for that!
It looks like you have the same binaries as me, and only one version of Windows 10 behind (current is 19045.2546), but I would have been running 19045.2486 a couple of weeks ago.
I think the issue is with the platform authenticator (Windows Hello's built-in authenticator, WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable() = true
), and I don't have one of those.
I think there's a null pointer being returned on Win10 with the platform authenticator; but to figure out which one it is, I'll need a full stack trace, which you can get from WinDbg. If you don't have WinDbg already, it's available in the Windows SDK, which is an optional component in the Visual Studio Build Tools (which you would have used to install MSVC components for Rust):
(I can't remember whether this is one of the default installed items)
So what you'd need to do is:
Build the authenticate example: cargo build --example authenticate --features win10
Copy the git commit ID you built from into this bug
Open WinDbg (X64)
File
-> Open Executable
Set Arguments
to win10
Select authenticate.exe
in .\target\debug\examples
:
You should then get an empty console window with the debugger paused.
Go to the WinDbg window and press F5 to start running the authenticate example
You then should get prompted to set up a security key, press OK and do that part with the platform authenticator until it crashes
WinDbg should show a message in the Command window like:
(47c4.4448): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
Get a stack trace: in the textbox at the bottom of the Command window (where it'll say 0:000>
), type k
then press Enter
Copy that stack trace into this issue.
Press Shift F5 to stop debugging.
The stack trace will look something like this; here I added a bug to the code in my local copy which tries to dereference a null pointer.
0:000> k
# Child-SP RetAddr Call Site
00 00000061`a44e6c98 00007ff7`355ed38c VCRUNTIME140!memcpy+0x17c [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm @ 299]
01 00000061`a44e6ca0 00007ff7`34f179c9 authenticate!alloc::slice::hack::impl$1::to_vec<u8,alloc::alloc::Global>+0x11c [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\alloc\src\slice.rs @ 162]
02 (Inline Function) --------`-------- authenticate!alloc::slice::hack::to_vec+0x5 [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\alloc\src\slice.rs @ 106]
03 (Inline Function) --------`-------- authenticate!alloc::slice::impl$0::to_vec_in+0xf [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\alloc\src\slice.rs @ 436]
04 (Inline Function) --------`-------- authenticate!alloc::slice::impl$0::to_vec+0x19 [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\alloc\src\slice.rs @ 411]
05 00000061`a44e6e40 00007ff7`34f1a24b authenticate!alloc::vec::impl$35::from<u8>+0x39 [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\alloc\src\vec\mod.rs @ 3094]
06 00000061`a44e6ec0 00007ff7`34e2512c authenticate!core::convert::impl$3::into<slice$<u8>,alloc::vec::Vec<u8,alloc::alloc::Global> >+0x1b [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\core\src\convert\mod.rs @ 727]
07 00000061`a44e6f00 00007ff7`34a8d7a1 authenticate!webauthn_authenticator_rs::win10::impl$1::perform_register+0xe3c [~\Documents\webauthn-rs\webauthn-authenticator-rs\src\win10\mod.rs @ 185]
08 00000061`a44e7d20 00007ff7`34a78cc4 authenticate!authenticate::main::async_block$0+0x1101 [~\Documents\webauthn-rs\webauthn-authenticator-rs\examples\authenticate\main.rs @ 195]
09 00000061`a44f0a30 00007ff7`34a70e8a authenticate!core::future::from_generator::impl$1::poll<enum2$<authenticate::main::async_block_env$0> >+0x64 [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\core\src\future\mod.rs @ 91]
0a 00000061`a44f0ac0 00007ff7`34a70c7e authenticate!tokio::runtime::park::impl$4::block_on::closure$0<core::future::from_generator::GenFuture<enum2$<authenticate::main::async_block_env$0> > >+0x4a [~\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.1\src\runtime\park.rs @ 283]
0b (Inline Function) --------`-------- authenticate!tokio::runtime::coop::with_budget+0x58 [~\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.1\src\runtime\coop.rs @ 102]
0c (Inline Function) --------`-------- authenticate!tokio::runtime::coop::budget+0xa8 [~\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.1\src\runtime\coop.rs @ 68]
0d 00000061`a44f0b30 00007ff7`34a8258c authenticate!tokio::runtime::park::CachedParkThread::block_on<core::future::from_generator::GenFuture<enum2$<authenticate::main::async_block_env$0> > >+0x20e [~\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.1\src\runtime\park.rs @ 283]
0e 00000061`a44f2a10 00007ff7`34a70631 authenticate!tokio::runtime::context::BlockingRegionGuard::block_on<core::future::from_generator::GenFuture<enum2$<authenticate::main::async_block_env$0> > >+0x6c [~\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.1\src\runtime\context.rs @ 315]
0f 00000061`a44f4800 00007ff7`34ad0f25 authenticate!tokio::runtime::scheduler::multi_thread::MultiThread::block_on<core::future::from_generator::GenFuture<enum2$<authenticate::main::async_block_env$0> > >+0x81 [~\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.1\src\runtime\scheduler\multi_thread\mod.rs @ 66]
10 00000061`a44f6610 00007ff7`34a80460 authenticate!tokio::runtime::runtime::Runtime::block_on<core::future::from_generator::GenFuture<enum2$<authenticate::main::async_block_env$0> > >+0x105 [~\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.1\src\runtime\runtime.rs @ 284]
11 00000061`a44fa1d0 00007ff7`34aba93b authenticate!authenticate::main+0xe0 [~\Documents\webauthn-rs\webauthn-authenticator-rs\examples\authenticate\main.rs @ 213]
12 00000061`a44ffc00 00007ff7`34ab698e authenticate!core::ops::function::FnOnce::call_once<void (*)(),tuple$<> >+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\core\src\ops\function.rs @ 251]
13 (Inline Function) --------`-------- authenticate!core::hint::black_box [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\core\src\hint.rs @ 226]
14 00000061`a44ffc40 00007ff7`34a57a41 authenticate!std::sys_common::backtrace::__rust_begin_short_backtrace<void (*)(),tuple$<> >+0xe [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\std\src\sys_common\backtrace.rs @ 124]
15 00000061`a44ffc70 00007ff7`3560c90e authenticate!std::rt::lang_start::closure$0<tuple$<> >+0x11 [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\std\src\rt.rs @ 166]
16 (Inline Function) --------`-------- authenticate!core::ops::function::impls::impl$2::call_once+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\core\src\ops\function.rs @ 286]
17 (Inline Function) --------`-------- authenticate!std::panicking::try::do_call+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\std\src\panicking.rs @ 483]
18 (Inline Function) --------`-------- authenticate!std::panicking::try+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\std\src\panicking.rs @ 447]
19 (Inline Function) --------`-------- authenticate!std::panic::catch_unwind+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\std\src\panic.rs @ 137]
1a (Inline Function) --------`-------- authenticate!std::rt::lang_start_internal::closure$2+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\std\src\rt.rs @ 148]
1b (Inline Function) --------`-------- authenticate!std::panicking::try::do_call+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\std\src\panicking.rs @ 483]
1c (Inline Function) --------`-------- authenticate!std::panicking::try+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\std\src\panicking.rs @ 447]
1d (Inline Function) --------`-------- authenticate!std::panic::catch_unwind+0xb [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\std\src\panic.rs @ 137]
1e 00000061`a44ffcb0 00007ff7`34a57a1a authenticate!std::rt::lang_start_internal+0xbe [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6/library\std\src\rt.rs @ 148]
1f 00000061`a44ffe00 00007ff7`34a80539 authenticate!std::rt::lang_start<tuple$<> >+0x3a [/rustc/90743e7298aca107ddaa0c202a4d3604e29bfeb6\library\std\src\rt.rs @ 165]
20 00000061`a44ffe70 00007ff7`3588ae5c authenticate!main+0x19
21 (Inline Function) --------`-------- authenticate!invoke_main+0x22 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 78]
22 00000061`a44ffea0 00007ffd`62ee7614 authenticate!__scrt_common_main_seh+0x10c [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288]
23 00000061`a44ffee0 00007ffd`630226a1 KERNEL32!BaseThreadInitThunk+0x14
24 00000061`a44fff10 00000000`00000000 ntdll!RtlUserThreadStart+0x21
That should point me at what's broken. :)
Just checking in to see if you could get a stack trace for this?
I figured out how to get my Windows 11 machine to use the platform authenticator – it had a TPM, but the control panel entries to set it up were hidden when connecting over RDP. I couldn't get a crash out of it with the authenticate
example.
Unfortunately the Windows 11 machine is ARM, so that can't run Windows 10... so I've now got a TPM on order for my x86_64
Windows 10 machine, so I'll see if that lets me reproduce the issue.
Sorry, i was away for a while! Here is the trace:
0:000> k
# Child-SP RetAddr Call Site
00 000000e6`120fc8a0 00007ff7`7f6c6b75 authenticate!windows::core::strings::pcwstr::PCWSTR::as_wide+0xe [C:\Users\Timvw01\.cargo\registry\src\github.com-1ecc6299db9ec823\windows-0.41.0\src\core\strings\pcwstr.rs @ 35]
01 000000e6`120fc900 00007ff7`7f670a8a authenticate!windows::core::strings::pcwstr::PCWSTR::to_string+0x25 [C:\Users\Timvw01\.cargo\registry\src\github.com-1ecc6299db9ec823\windows-0.41.0\src\core\strings\pcwstr.rs @ 45]
02 000000e6`120fc960 00007ff7`7f6711f8 authenticate!webauthn_authenticator_rs::win10::extensions::impl$3::try_from+0x3a [E:\Downloads\webauthn-rs-master\webauthn-rs-master\webauthn-authenticator-rs\src\win10\extensions.rs @ 227]
03 000000e6`120fcd60 00007ff7`7f66378a authenticate!webauthn_authenticator_rs::win10::extensions::native_to_assertion_extensions+0x128 [E:\Downloads\webauthn-rs-master\webauthn-rs-master\webauthn-authenticator-rs\src\win10\extensions.rs @ 251]
04 000000e6`120fcf30 00007ff7`7f472a22 authenticate!webauthn_authenticator_rs::win10::impl$1::perform_auth+0xffa [E:\Downloads\webauthn-rs-master\webauthn-rs-master\webauthn-authenticator-rs\src\win10\mod.rs @ 311]
05 000000e6`120fde60 00007ff7`7f45767b authenticate!authenticate::main+0xf92 [E:\Downloads\webauthn-rs-master\webauthn-rs-master\webauthn-authenticator-rs\examples\authenticate\main.rs @ 134]
06 000000e6`120ffc20 00007ff7`7f45b04e authenticate!core::ops::function::FnOnce::call_once<void (*)(),tuple$<> >+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120\library\core\src\ops\function.rs @ 248]
07 (Inline Function) --------`-------- authenticate!core::hint::black_box [/rustc/897e37553bba8b42751c67658967889d11ecd120\library\core\src\hint.rs @ 223]
08 000000e6`120ffc60 00007ff7`7f45e8a1 authenticate!std::sys_common::backtrace::__rust_begin_short_backtrace<void (*)(),tuple$<> >+0xe [/rustc/897e37553bba8b42751c67658967889d11ecd120\library\std\src\sys_common\backtrace.rs @ 125]
09 000000e6`120ffc90 00007ff7`7f9f677e authenticate!std::rt::lang_start::closure$0<tuple$<> >+0x11 [/rustc/897e37553bba8b42751c67658967889d11ecd120\library\std\src\rt.rs @ 166]
0a (Inline Function) --------`-------- authenticate!core::ops::function::impls::impl$2::call_once+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\core\src\ops\function.rs @ 283]
0b (Inline Function) --------`-------- authenticate!std::panicking::try::do_call+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\std\src\panicking.rs @ 492]
0c (Inline Function) --------`-------- authenticate!std::panicking::try+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\std\src\panicking.rs @ 456]
0d (Inline Function) --------`-------- authenticate!std::panic::catch_unwind+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\std\src\panic.rs @ 137]
0e (Inline Function) --------`-------- authenticate!std::rt::lang_start_internal::closure$2+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\std\src\rt.rs @ 148]
0f (Inline Function) --------`-------- authenticate!std::panicking::try::do_call+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\std\src\panicking.rs @ 492]
10 (Inline Function) --------`-------- authenticate!std::panicking::try+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\std\src\panicking.rs @ 456]
11 (Inline Function) --------`-------- authenticate!std::panic::catch_unwind+0xb [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\std\src\panic.rs @ 137]
12 000000e6`120ffcd0 00007ff7`7f45e87a authenticate!std::rt::lang_start_internal+0xbe [/rustc/897e37553bba8b42751c67658967889d11ecd120/library\std\src\rt.rs @ 148]
13 000000e6`120ffe20 00007ff7`7f47387c authenticate!std::rt::lang_start<tuple$<> >+0x3a [/rustc/897e37553bba8b42751c67658967889d11ecd120\library\std\src\rt.rs @ 165]
14 000000e6`120ffe90 00007ff7`7fa1c200 authenticate!main+0x1c
15 (Inline Function) --------`-------- authenticate!invoke_main+0x22 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 78]
16 000000e6`120ffec0 00007ffd`cf4b7614 authenticate!__scrt_common_main_seh+0x10c [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288]
17 000000e6`120fff00 00007ffd`d0b226a1 KERNEL32!BaseThreadInitThunk+0x14
18 000000e6`120fff30 00000000`00000000 ntdll!RtlUserThreadStart+0x21
Cannot make much soup of it i'm afraid..
@micolous Reading the stack it looks similar to the one we went over last night so I think you got it with the dwVersion fix.
Yes it works! Great! ive applied #287 and it now it works as expected.
Yup, that trace is the same.
It looks like that when you use a platform authenticator, the memory layout is a little different.
With a platform credential, the library tries to parse a WEBAUTHN_EXTENSIONS
; except that field is not initialised. The extension count (cExtensions
) is some very high number. Then the first pExtensions
has another valid pointer, which the library derefs. The first field in the WEBAUTHN_EXTENSION
struct is pwszExtensionIdentifier
(PCWSTR
), which we try to deref as well... but that's set to 0.
By comparison, I believe using a non-platform credential, the memory where the WEBAUTHN_EXTENSIONS
should be has cExtensions = 0
, so doesn't try to convert any more of that struct.
The assumption the library made is that Windows would never try to give us an old WEBAUTHN_ASSERTION
struct that was missing the Extensions
field... but this only seems to be true on Windows 11. Unfortunately, I haven't mapped out enough of the Windows 10 version of webauthn.dll
to see precisely which conditions it'll emit different struct versions.
Extensions are mostly unimplemented in webauthn-authenticator-rs
right now anyways.
I did this
Use the windows 10 authenticator from Webauthn-authenticator-rs
Then use the register method to register (this works properly).
Where it goes wrong is:
What happened
Compiling works, during run-time running the .perform_auth(), the authenticator does appear, after entering a correct code the following error appears:
The actual errors comes from this line of the windows-0.41.0 package (windows-0.41.0/src/core/strings/pcwstr.rs)
The exact same code does work on a windows 11 desktop.
Version (and git commit)
Operating System / Version
Doesnt work: OS Name Microsoft Windows 10 Home Version 10.0.19045 Build 19045 Works: Windows 11 v?
Any other comments
Not sure if i should post this here or at the windows-0.41.0 package github. Did anyone else run into this?