libfido2
libfido2 copied to clipboard
Yubico
Extend FIDO2 BLE support also for Linux
For Windows it was already added via gh#336, so let's also add it for Linux. Unpaired devices are ignored, the user has to pair independently of libfido use using the bluetooth manager provided by the desktop environment.
Thank you for your contribution! Before having a more in-depth look, may I ask what authenticator you are testing this against?
This was tested with:
eSecu FIDO2 pro (passkey printed on device, 20 byte control point size, fragmentation often needed, bluetooth turned off after a short time of inactivity) AirID2 Mini (full Numerical comparison for pairing, >200 byte control point size, so fragmentation rarely needed),
about the ci-failures: cifuzz: it does not install dependencies correctly, and they are not specified in this repo, so I cannot do anything there easily. The other fuzzer:
==16136==WARNING: MemorySanitizer: use-of-uninitialized-value
5096
#0 0x7ff5d26bb286 (/lib/x86_64-linux-gnu/libsystemd.so.0+0x4b286) (BuildId: e45f7492c0f62251620378d7224ad0371a8d1f98)
5097
#1 0x7ff5d26b2ae7 in sd_bus_start (/lib/x86_64-linux-gnu/libsystemd.so.0+0x42ae7) (BuildId: e45f7492c0f62251620378d7224ad0371a8d1f98)
5098
#2 0x7ff5d26b2e88 in sd_bus_open_system_with_description (/lib/x86_64-linux-gnu/libsystemd.so.0+0x42e88) (BuildId: e45f7492c0f62251620378d7224ad0371a8d1f98)
5099
#3 0x7ff5d26ba157 in sd_bus_default_system (/lib/x86_64-linux-gnu/libsystemd.so.0+0x4a157) (BuildId: e45f7492c0f62251620378d7224ad0371a8d1f98)
How to debug this? sd_bus_default_system just takes a pointer to a variable on the stack to write some output into this, so nothing scary. Can this be resolved to source code lines?
How to debug this? sd_bus_default_system just takes a pointer to a variable on the stack to write some output into this, so nothing scary. Can this be resolved to source code lines?
MemorySanitizer requires the whole application to be instrumented -- libsystemd included.
We'd likely need to mock a lot of these calls to sensibly fuzz your implementation.
CMakeFiles/fido2_shared.dir/ble_linux.c.o.d -o CMakeFiles/fido2_shared.dir/ble_linux.c.o -c /__w/libfido2/libfido2/src/ble_linux.c
327
In file included from /__w/libfido2/libfido2/src/ble_linux.c:2:
328
/usr/include/elogind/systemd/sd-bus.h:96:43: error: ISO C restricts enumerator values to range of 'int' [-Wpedantic]
329
96 | SD_BUS_CREDS_UNIQUE_NAME = 1ULL << 31,
330
| ^~~~
331
make[2]: *** [src/CMakeFiles/fido2.dir/build.make:569: src/CMakeFiles/fido2.dir/ble_linux.c.o] Error 1
seems like a problem in alpine + libelogind in the ci run
opened an issue for the alpine trouble: https://gitlab.alpinelinux.org/alpine/aports/-/issues/15102
By adding the include path, the alpine build got broken. Don't ask me questions...
A summary of the alpine problem: later versions of sd-bus.h in systemd/elogind use extension keyword to allow 64bit enums even in pedantic mode. So this is solved in alpine edge already and next release in November. Without extension these things are tolerated in system includes (not something added via -I). E.g. debian does not add -Isomething in pkg-config --cflags for libsystemd, so that gets ignored, alpine does, but has a copy of the header files in /usr/include/systemd besides of /usr/include/elogind, so things are found in any case.
So what can we do now:
- just accept the alpine problem until it gets fixed
- remove addition of include path for systemd in CMakeLists.txt
- remove -pedantic
- any hacks in the alpine build process (like removing /usr/include/elogind in the alpine container)
I'm very interested in that functionality and would be willing to help fixing the remaining issues.
The alpine issue referenced above should be fixed in the current stable (as of the new release of alpine v.3.19 released last December 7, 2023). As the pipeline refers to latest ( https://github.com/Yubico/libfido2/blob/f03f4c4d9d25e932066bef5f26b8b82a686ccd33/.github/workflows/alpine_builds.yml#L20) this might just work.
Unfortunately, I can't inspect the fuzzing issues, as the log expired.
