Skip to content

Allow unknown CBOR fields (ref #66) #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jun 16, 2025
Merged

Allow unknown CBOR fields (ref #66) #110

merged 6 commits into from
Jun 16, 2025

Conversation

AlfioEmanueleFresta
Copy link
Member

  • Part fixes Ignore unknown CTAP response fields #66 for unknown CBOR structures decoded via DeserializeIndexed from serde-indexed.
  • Remaining to allow unknown enum variants, to be fixed in a later PR.

Depends on trussed-dev/serde-indexed#19.

@AlfioEmanueleFresta AlfioEmanueleFresta mentioned this pull request May 25, 2025
Closed
2 tasks
msirringhaus
msirringhaus reviewed May 26, 2025
View reviewed changes
Copy link
Collaborator

@msirringhaus msirringhaus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some thoughts

Base automatically changed from thiserror-1 to master May 26, 2025 14:01
msirringhaus
msirringhaus approved these changes Jun 16, 2025
View reviewed changes
Copy link
Collaborator

@msirringhaus msirringhaus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good to me! I added two small comments, but good to go as is.

libwebauthn/src/proto/ctap2/cbor/serde.rs
map.insert(1, 10u8);
map.insert(2, 20u8);

let cbor = to_vec(&map).unwrap();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not necessarily for this PR, but I wonder if we could have additionally actual raw (cbor) bytes in these tests to compare the outputs to.

libwebauthn/src/proto/ctap2/cbor/serde.rs
fn eq(&self, other: &Self) -> bool {
match (self, other) {
(CborError::SerdeCbor(e1), CborError::SerdeCbor(e2)) => {
e1.to_string() == e2.to_string()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we could implement PartialEq in serde_cbor for this, because this is really ugly :D
But obviously, not for this PR.

@AlfioEmanueleFresta AlfioEmanueleFresta merged commit 8ac81b8 into master Jun 16, 2025
4 checks passed
@AlfioEmanueleFresta AlfioEmanueleFresta deleted the serde-indexed-fix branch June 16, 2025 20:29
@AlfioEmanueleFresta AlfioEmanueleFresta mentioned this pull request Jul 19, 2025
Merged
AlfioEmanueleFresta added a commit that referenced this pull request Jul 21, 2025
@AlfioEmanueleFresta
Hybrid transport runtime errors fixes (#127)
ad4c843 
## 1. Tungstenite now requiring selecting a crypto provider

A panic at runtime when attempting to establish a secure WebSocket
connection:

```
DEBUG tokio_tungstenite::tls::encryption::rustls: Added 148/148 native root certificates (ignored 0)    

thread 'main' panicked at /home/afresta/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rustls-0.23.27/src/crypto/mod.rs:249:14:
no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```

For more details, see:
* snapview/tokio-tungstenite#336
* snapview/tokio-tungstenite#353

This is now fixed by explicitly selecting `rustls` as the `tungstenite`
TLS backend, as recommended in `tokio-tungstenite`.

## 2. Hybrid initial GetInfo deserialization fails

An error deserializing the caBLE initial message containing the GetInfo
response:

```
DEBUG libwebauthn::transport::cable::tunnel: Responding to GetInfo request with cached response
ERROR webauthn_make_credential{dev=CableChannel}:ctap2_get_info: libwebauthn::proto::ctap2::protocol: Failed to parse Ctap2GetInfoResponse from CBOR-data provided by the device. Parsing error: SerdeCbor(ErrorImpl { code: Message("invalid type: byte array, expected Ctap2GetInfoResponse"), offset: 0 })

thread 'main' panicked at libwebauthn/examples/webauthn_cable.rs:139:10:
called `Result::unwrap()` on an `Err` value: Platform(InvalidDeviceResponse)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```

This was accidentally introduced in #110:
https://github.com/linux-credentials/libwebauthn/pull/110/files#diff-d061af4011a3c577c5c2dbef3b1933b0e8c8a9ebc0bf70a0ebc3358e890ed725R587

Fixed by using the appropriate serialization method.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msirringhaus msirringhaus msirringhaus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ignore unknown CTAP response fields
2 participants
@AlfioEmanueleFresta @msirringhaus