|
|
ddca0b |
From 080d3b14470f6ac59f4cfb97a4200ed18df5c260 Mon Sep 17 00:00:00 2001
|
|
|
ddca0b |
From: Fabian Henneke <fabian@henneke.me>
|
|
|
ddca0b |
Date: Wed, 21 Aug 2019 11:17:59 +0200
|
|
|
ddca0b |
Subject: [PATCH] udev: Add id program and rule for FIDO security tokens
|
|
|
ddca0b |
|
|
|
ddca0b |
Add a fido_id program meant to be run for devices in the hidraw
|
|
|
ddca0b |
subsystem via an IMPORT directive. The program parses the HID report
|
|
|
ddca0b |
descriptor and assigns the ID_SECURITY_TOKEN environment variable if a
|
|
|
ddca0b |
declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP
|
|
|
ddca0b |
specification. This replaces the previous approach of whitelisting all
|
|
|
ddca0b |
known security token models manually.
|
|
|
ddca0b |
|
|
|
ddca0b |
This commit is accompanied by a test suite and a fuzzer target for the
|
|
|
ddca0b |
descriptor parsing routine.
|
|
|
ddca0b |
|
|
|
ddca0b |
Fixes: #11996.
|
|
|
ddca0b |
(cherry picked from commit d45ee2f31a8358db0accde2e7c81777cedadc3c2)
|
|
|
ddca0b |
|
|
|
ddca0b |
Resolves: #1753369
|
|
|
ddca0b |
---
|
|
|
ddca0b |
rules/60-fido-id.rules | 7 ++
|
|
|
ddca0b |
rules/meson.build | 1 +
|
|
|
ddca0b |
src/fuzz/fuzz-fido-id-desc.c | 23 +++++++
|
|
|
ddca0b |
src/fuzz/fuzz-fido-id-desc.dict | 6 ++
|
|
|
ddca0b |
src/fuzz/meson.build | 4 ++
|
|
|
ddca0b |
src/test/meson.build | 4 ++
|
|
|
ddca0b |
src/test/test-fido-id-desc.c | 85 +++++++++++++++++++++++
|
|
|
ddca0b |
src/udev/fido_id/fido_id.c | 103 ++++++++++++++++++++++++++++
|
|
|
ddca0b |
src/udev/fido_id/fido_id_desc.c | 92 +++++++++++++++++++++++++
|
|
|
ddca0b |
src/udev/fido_id/fido_id_desc.h | 8 +++
|
|
|
ddca0b |
src/udev/meson.build | 3 +
|
|
|
ddca0b |
test/fuzz/fuzz-fido-id-desc/crash0 | 1 +
|
|
|
ddca0b |
test/fuzz/fuzz-fido-id-desc/crash1 | 1 +
|
|
|
ddca0b |
test/fuzz/fuzz-fido-id-desc/report0 | Bin 0 -> 71 bytes
|
|
|
ddca0b |
test/fuzz/fuzz-fido-id-desc/report1 | Bin 0 -> 34 bytes
|
|
|
ddca0b |
15 files changed, 338 insertions(+)
|
|
|
ddca0b |
create mode 100644 rules/60-fido-id.rules
|
|
|
ddca0b |
create mode 100644 src/fuzz/fuzz-fido-id-desc.c
|
|
|
ddca0b |
create mode 100644 src/fuzz/fuzz-fido-id-desc.dict
|
|
|
ddca0b |
create mode 100644 src/test/test-fido-id-desc.c
|
|
|
ddca0b |
create mode 100644 src/udev/fido_id/fido_id.c
|
|
|
ddca0b |
create mode 100644 src/udev/fido_id/fido_id_desc.c
|
|
|
ddca0b |
create mode 100644 src/udev/fido_id/fido_id_desc.h
|
|
|
ddca0b |
create mode 100644 test/fuzz/fuzz-fido-id-desc/crash0
|
|
|
ddca0b |
create mode 100644 test/fuzz/fuzz-fido-id-desc/crash1
|
|
|
ddca0b |
create mode 100644 test/fuzz/fuzz-fido-id-desc/report0
|
|
|
ddca0b |
create mode 100644 test/fuzz/fuzz-fido-id-desc/report1
|
|
|
ddca0b |
|
|
|
ddca0b |
diff --git a/rules/60-fido-id.rules b/rules/60-fido-id.rules
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..fcf5079704
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/rules/60-fido-id.rules
|
|
|
ddca0b |
@@ -0,0 +1,7 @@
|
|
|
ddca0b |
+# do not edit this file, it will be overwritten on update
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ACTION=="remove", GOTO="fido_id_end"
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+SUBSYSTEM=="hidraw", IMPORT{program}="fido_id"
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+LABEL="fido_id_end"
|
|
|
ddca0b |
diff --git a/rules/meson.build b/rules/meson.build
|
|
|
ddca0b |
index b6aae596b6..6363f8bf2e 100644
|
|
|
ddca0b |
--- a/rules/meson.build
|
|
|
ddca0b |
+++ b/rules/meson.build
|
|
|
ddca0b |
@@ -7,6 +7,7 @@ rules = files('''
|
|
|
ddca0b |
60-cdrom_id.rules
|
|
|
ddca0b |
60-drm.rules
|
|
|
ddca0b |
60-evdev.rules
|
|
|
ddca0b |
+ 60-fido-id.rules
|
|
|
ddca0b |
60-input-id.rules
|
|
|
ddca0b |
60-persistent-alsa.rules
|
|
|
ddca0b |
60-persistent-input.rules
|
|
|
ddca0b |
diff --git a/src/fuzz/fuzz-fido-id-desc.c b/src/fuzz/fuzz-fido-id-desc.c
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..cf98dee044
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/src/fuzz/fuzz-fido-id-desc.c
|
|
|
ddca0b |
@@ -0,0 +1,23 @@
|
|
|
ddca0b |
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include <linux/hid.h>
|
|
|
ddca0b |
+#include <stdbool.h>
|
|
|
ddca0b |
+#include <stdint.h>
|
|
|
ddca0b |
+#include <stdlib.h>
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include "fido_id/fido_id_desc.h"
|
|
|
ddca0b |
+#include "fuzz.h"
|
|
|
ddca0b |
+#include "log.h"
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
|
ddca0b |
+ /* We don't want to fill the logs with messages about parse errors.
|
|
|
ddca0b |
+ * Disable most logging if not running standalone */
|
|
|
ddca0b |
+ if (!getenv("SYSTEMD_LOG_LEVEL"))
|
|
|
ddca0b |
+ log_set_max_level(LOG_CRIT);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ if (size > HID_MAX_DESCRIPTOR_SIZE)
|
|
|
ddca0b |
+ return 0;
|
|
|
ddca0b |
+ (void) is_fido_security_token_desc(data, size);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ return 0;
|
|
|
ddca0b |
+}
|
|
|
ddca0b |
diff --git a/src/fuzz/fuzz-fido-id-desc.dict b/src/fuzz/fuzz-fido-id-desc.dict
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..d2d2679e18
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/src/fuzz/fuzz-fido-id-desc.dict
|
|
|
ddca0b |
@@ -0,0 +1,6 @@
|
|
|
ddca0b |
+"\xfe"
|
|
|
ddca0b |
+"\x00"
|
|
|
ddca0b |
+"\x01"
|
|
|
ddca0b |
+"\xf1"
|
|
|
ddca0b |
+"\xd0"
|
|
|
ddca0b |
+"\xf1\xd0\x00\x01"
|
|
|
ddca0b |
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
|
|
|
ddca0b |
index 1dbe28e57e..483a952421 100644
|
|
|
ddca0b |
--- a/src/fuzz/meson.build
|
|
|
ddca0b |
+++ b/src/fuzz/meson.build
|
|
|
ddca0b |
@@ -47,4 +47,8 @@ fuzzers += [
|
|
|
ddca0b |
[libsystemd_journal_remote,
|
|
|
ddca0b |
libshared],
|
|
|
ddca0b |
[]],
|
|
|
ddca0b |
+ [['src/fuzz/fuzz-fido-id-desc.c',
|
|
|
ddca0b |
+ 'src/udev/fido_id/fido_id_desc.c'],
|
|
|
ddca0b |
+ [],
|
|
|
ddca0b |
+ []]
|
|
|
ddca0b |
]
|
|
|
ddca0b |
diff --git a/src/test/meson.build b/src/test/meson.build
|
|
|
ddca0b |
index 0998f59897..4259421f98 100644
|
|
|
ddca0b |
--- a/src/test/meson.build
|
|
|
ddca0b |
+++ b/src/test/meson.build
|
|
|
ddca0b |
@@ -663,6 +663,10 @@ tests += [
|
|
|
ddca0b |
[['src/test/test-bus-util.c'],
|
|
|
ddca0b |
[],
|
|
|
ddca0b |
[]],
|
|
|
ddca0b |
+ [['src/test/test-fido-id-desc.c',
|
|
|
ddca0b |
+ 'src/udev/fido_id/fido_id_desc.c'],
|
|
|
ddca0b |
+ [],
|
|
|
ddca0b |
+ []],
|
|
|
ddca0b |
]
|
|
|
ddca0b |
|
|
|
ddca0b |
############################################################
|
|
|
ddca0b |
diff --git a/src/test/test-fido-id-desc.c b/src/test/test-fido-id-desc.c
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..cf55dd3266
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/src/test/test-fido-id-desc.c
|
|
|
ddca0b |
@@ -0,0 +1,85 @@
|
|
|
ddca0b |
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include <stdint.h>
|
|
|
ddca0b |
+#include <stdlib.h>
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include "fido_id/fido_id_desc.h"
|
|
|
ddca0b |
+#include "macro.h"
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+static void test_is_fido_security_token_desc__fido(void) {
|
|
|
ddca0b |
+ static const uint8_t FIDO_HID_DESC_1[] = {
|
|
|
ddca0b |
+ 0x06, 0xd0, 0xf1, 0x09, 0x01, 0xa1, 0x01, 0x09, 0x20, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75,
|
|
|
ddca0b |
+ 0x08, 0x95, 0x40, 0x81, 0x02, 0x09, 0x21, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75, 0x08, 0x95,
|
|
|
ddca0b |
+ 0x40, 0x91, 0x02, 0xc0,
|
|
|
ddca0b |
+ };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(FIDO_HID_DESC_1, sizeof(FIDO_HID_DESC_1)) > 0);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ static const uint8_t FIDO_HID_DESC_2[] = {
|
|
|
ddca0b |
+ 0x05, 0x01, 0x09, 0x06, 0xa1, 0x01, 0x05, 0x07, 0x19, 0xe0, 0x29, 0xe7, 0x15, 0x00, 0x25,
|
|
|
ddca0b |
+ 0x01, 0x75, 0x01, 0x95, 0x08, 0x81, 0x02, 0x95, 0x01, 0x75, 0x08, 0x81, 0x01, 0x95, 0x05,
|
|
|
ddca0b |
+ 0x75, 0x01, 0x05, 0x08, 0x19, 0x01, 0x29, 0x05, 0x91, 0x02, 0x95, 0x01, 0x75, 0x03, 0x91,
|
|
|
ddca0b |
+ 0x01, 0x95, 0x06, 0x75, 0x08, 0x15, 0x00, 0x25, 0x65, 0x05, 0x07, 0x19, 0x00, 0x29, 0x65,
|
|
|
ddca0b |
+ 0x81, 0x00, 0x09, 0x03, 0x75, 0x08, 0x95, 0x08, 0xb1, 0x02, 0xc0,
|
|
|
ddca0b |
+ 0x06, 0xd0, 0xf1, 0x09, 0x01, 0xa1, 0x01, 0x09, 0x20, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75,
|
|
|
ddca0b |
+ 0x08, 0x95, 0x40, 0x81, 0x02, 0x09, 0x21, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75, 0x08, 0x95,
|
|
|
ddca0b |
+ 0x40, 0x91, 0x02, 0xc0,
|
|
|
ddca0b |
+ };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(FIDO_HID_DESC_2, sizeof(FIDO_HID_DESC_2)) > 0);
|
|
|
ddca0b |
+}
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+static void test_is_fido_security_token_desc__non_fido(void) {
|
|
|
ddca0b |
+ /* Wrong usage page */
|
|
|
ddca0b |
+ static const uint8_t NON_FIDO_HID_DESC_1[] = {
|
|
|
ddca0b |
+ 0x06, 0xd0, 0xf0, 0x09, 0x01, 0xa1, 0x01, 0x09, 0x20, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75,
|
|
|
ddca0b |
+ 0x08, 0x95, 0x40, 0x81, 0x02, 0x09, 0x21, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75, 0x08, 0x95,
|
|
|
ddca0b |
+ 0x40, 0x91, 0x02, 0xc0,
|
|
|
ddca0b |
+ };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(NON_FIDO_HID_DESC_1, sizeof(NON_FIDO_HID_DESC_1)) == 0);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ /* Wrong usage */
|
|
|
ddca0b |
+ static const uint8_t NON_FIDO_HID_DESC_2[] = {
|
|
|
ddca0b |
+ 0x06, 0xd0, 0xf1, 0x09, 0x02, 0xa1, 0x01, 0x09, 0x20, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75,
|
|
|
ddca0b |
+ 0x08, 0x95, 0x40, 0x81, 0x02, 0x09, 0x21, 0x15, 0x00, 0x26, 0xff, 0x00, 0x75, 0x08, 0x95,
|
|
|
ddca0b |
+ 0x40, 0x91, 0x02, 0xc0,
|
|
|
ddca0b |
+ };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(NON_FIDO_HID_DESC_2, sizeof(NON_FIDO_HID_DESC_2)) == 0);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ static const uint8_t NON_FIDO_HID_DESC_3[] = {
|
|
|
ddca0b |
+ 0x05, 0x01, 0x09, 0x06, 0xa1, 0x01, 0x05, 0x07, 0x19, 0xe0, 0x29, 0xe7, 0x15, 0x00, 0x25,
|
|
|
ddca0b |
+ 0x01, 0x75, 0x01, 0x95, 0x08, 0x81, 0x02, 0x95, 0x01, 0x75, 0x08, 0x81, 0x01, 0x95, 0x05,
|
|
|
ddca0b |
+ 0x75, 0x01, 0x05, 0x08, 0x19, 0x01, 0x29, 0x05, 0x91, 0x02, 0x95, 0x01, 0x75, 0x03, 0x91,
|
|
|
ddca0b |
+ 0x01, 0x95, 0x06, 0x75, 0x08, 0x15, 0x00, 0x25, 0x65, 0x05, 0x07, 0x19, 0x00, 0x29, 0x65,
|
|
|
ddca0b |
+ 0x81, 0x00, 0x09, 0x03, 0x75, 0x08, 0x95, 0x08, 0xb1, 0x02, 0xc0,
|
|
|
ddca0b |
+ };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(NON_FIDO_HID_DESC_3, sizeof(NON_FIDO_HID_DESC_3)) == 0);
|
|
|
ddca0b |
+}
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+static void test_is_fido_security_token_desc__invalid(void) {
|
|
|
ddca0b |
+ /* Size coded on 1 byte, but no byte given */
|
|
|
ddca0b |
+ static const uint8_t INVALID_HID_DESC_1[] = { 0x01 };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_1, sizeof(INVALID_HID_DESC_1)) < 0);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ /* Size coded on 2 bytes, but only 1 byte given */
|
|
|
ddca0b |
+ static const uint8_t INVALID_HID_DESC_2[] = { 0x02, 0x01 };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_2, sizeof(INVALID_HID_DESC_2)) < 0);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ /* Size coded on 4 bytes, but only 3 bytes given */
|
|
|
ddca0b |
+ static const uint8_t INVALID_HID_DESC_3[] = { 0x03, 0x01, 0x02, 0x03 };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_3, sizeof(INVALID_HID_DESC_3)) < 0);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ /* Long item without a size byte */
|
|
|
ddca0b |
+ static const uint8_t INVALID_HID_DESC_4[] = { 0xfe };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_4, sizeof(INVALID_HID_DESC_4)) < 0);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ /* Usage pages are coded on at most 2 bytes */
|
|
|
ddca0b |
+ static const uint8_t INVALID_HID_DESC_5[] = { 0x07, 0x01, 0x02, 0x03, 0x04 };
|
|
|
ddca0b |
+ assert_se(is_fido_security_token_desc(INVALID_HID_DESC_5, sizeof(INVALID_HID_DESC_5)) < 0);
|
|
|
ddca0b |
+}
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+int main(int argc, char *argv[]) {
|
|
|
ddca0b |
+ test_is_fido_security_token_desc__fido();
|
|
|
ddca0b |
+ test_is_fido_security_token_desc__non_fido();
|
|
|
ddca0b |
+ test_is_fido_security_token_desc__invalid();
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ return EXIT_SUCCESS;
|
|
|
ddca0b |
+}
|
|
|
ddca0b |
diff --git a/src/udev/fido_id/fido_id.c b/src/udev/fido_id/fido_id.c
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..7e1cc804f2
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/src/udev/fido_id/fido_id.c
|
|
|
ddca0b |
@@ -0,0 +1,103 @@
|
|
|
ddca0b |
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
ddca0b |
+/*
|
|
|
ddca0b |
+ * Identifies FIDO CTAP1 ("U2F")/CTAP2 security tokens based on the usage declared in their report
|
|
|
ddca0b |
+ * descriptor and outputs suitable environment variables.
|
|
|
ddca0b |
+ *
|
|
|
ddca0b |
+ * Inspired by Andrew Lutomirski's 'u2f-hidraw-policy.c'
|
|
|
ddca0b |
+ */
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include <errno.h>
|
|
|
ddca0b |
+#include <fcntl.h>
|
|
|
ddca0b |
+#include <linux/hid.h>
|
|
|
ddca0b |
+#include <stdio.h>
|
|
|
ddca0b |
+#include <stdlib.h>
|
|
|
ddca0b |
+#include <sys/types.h>
|
|
|
ddca0b |
+#include <unistd.h>
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include "sd-device.h"
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include "device-internal.h"
|
|
|
ddca0b |
+#include "device-private.h"
|
|
|
ddca0b |
+#include "device-util.h"
|
|
|
ddca0b |
+#include "fd-util.h"
|
|
|
ddca0b |
+#include "fido_id_desc.h"
|
|
|
ddca0b |
+#include "log.h"
|
|
|
ddca0b |
+#include "macro.h"
|
|
|
ddca0b |
+#include "path-util.h"
|
|
|
ddca0b |
+#include "string-util.h"
|
|
|
ddca0b |
+#include "udev-util.h"
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+static int run(int argc, char **argv) {
|
|
|
ddca0b |
+ _cleanup_(sd_device_unrefp) struct sd_device *device = NULL;
|
|
|
ddca0b |
+ _cleanup_free_ char *desc_path = NULL;
|
|
|
ddca0b |
+ _cleanup_close_ int fd = -1;
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ struct sd_device *hid_device;
|
|
|
ddca0b |
+ const char *sys_path;
|
|
|
ddca0b |
+ uint8_t desc[HID_MAX_DESCRIPTOR_SIZE];
|
|
|
ddca0b |
+ ssize_t desc_len;
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ int r;
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ log_set_target(LOG_TARGET_AUTO);
|
|
|
ddca0b |
+ udev_parse_config();
|
|
|
ddca0b |
+ log_parse_environment();
|
|
|
ddca0b |
+ log_open();
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ if (argc > 2)
|
|
|
ddca0b |
+ return log_error_errno(EINVAL, "Usage: %s [SYSFS_PATH]", program_invocation_short_name);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ if (argc == 1) {
|
|
|
ddca0b |
+ r = device_new_from_strv(&device, environ);
|
|
|
ddca0b |
+ if (r < 0)
|
|
|
ddca0b |
+ return log_error_errno(r, "Failed to get current device from environment: %m");
|
|
|
ddca0b |
+ } else {
|
|
|
ddca0b |
+ r = sd_device_new_from_syspath(&device, argv[1]);
|
|
|
ddca0b |
+ if (r < 0)
|
|
|
ddca0b |
+ return log_error_errno(r, "Failed to get device from syspath: %m");
|
|
|
ddca0b |
+ }
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ r = sd_device_get_parent(device, &hid_device);
|
|
|
ddca0b |
+ if (r < 0)
|
|
|
ddca0b |
+ return log_device_error_errno(device, r, "Failed to get parent HID device: %m");
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ r = sd_device_get_syspath(hid_device, &sys_path);
|
|
|
ddca0b |
+ if (r < 0)
|
|
|
ddca0b |
+ return log_device_error_errno(hid_device, r, "Failed to get syspath for HID device: %m");
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ desc_path = path_join(NULL, sys_path, "report_descriptor");
|
|
|
ddca0b |
+ if (!desc_path)
|
|
|
ddca0b |
+ return log_oom();
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ fd = open(desc_path, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
|
|
|
ddca0b |
+ if (fd < 0)
|
|
|
ddca0b |
+ return log_device_error_errno(hid_device, errno,
|
|
|
ddca0b |
+ "Failed to open report descriptor at '%s': %m", desc_path);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ desc_len = read(fd, desc, sizeof(desc));
|
|
|
ddca0b |
+ if (desc_len < 0)
|
|
|
ddca0b |
+ return log_device_error_errno(hid_device, errno,
|
|
|
ddca0b |
+ "Failed to read report descriptor at '%s': %m", desc_path);
|
|
|
ddca0b |
+ if (desc_len == 0)
|
|
|
ddca0b |
+ return log_device_debug_errno(hid_device, EINVAL,
|
|
|
ddca0b |
+ "Empty report descriptor at '%s'.", desc_path);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ r = is_fido_security_token_desc(desc, desc_len);
|
|
|
ddca0b |
+ if (r < 0)
|
|
|
ddca0b |
+ return log_device_debug_errno(hid_device, r,
|
|
|
ddca0b |
+ "Failed to parse report descriptor at '%s'.", desc_path);
|
|
|
ddca0b |
+ if (r > 0) {
|
|
|
ddca0b |
+ printf("ID_FIDO_TOKEN=1\n");
|
|
|
ddca0b |
+ printf("ID_SECURITY_TOKEN=1\n");
|
|
|
ddca0b |
+ }
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ return 0;
|
|
|
ddca0b |
+}
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+int main(int argc, char *argv[]) {
|
|
|
ddca0b |
+ int r;
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ r = run(argc, argv);
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
|
|
ddca0b |
+}
|
|
|
ddca0b |
diff --git a/src/udev/fido_id/fido_id_desc.c b/src/udev/fido_id/fido_id_desc.c
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..bbfcf93709
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/src/udev/fido_id/fido_id_desc.c
|
|
|
ddca0b |
@@ -0,0 +1,92 @@
|
|
|
ddca0b |
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
ddca0b |
+/* Inspired by Andrew Lutomirski's 'u2f-hidraw-policy.c' */
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include <errno.h>
|
|
|
ddca0b |
+#include <stdbool.h>
|
|
|
ddca0b |
+#include <stddef.h>
|
|
|
ddca0b |
+#include <stdint.h>
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include "fido_id_desc.h"
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#define HID_RPTDESC_FIRST_BYTE_LONG_ITEM 0xfeu
|
|
|
ddca0b |
+#define HID_RPTDESC_TYPE_GLOBAL 0x1u
|
|
|
ddca0b |
+#define HID_RPTDESC_TYPE_LOCAL 0x2u
|
|
|
ddca0b |
+#define HID_RPTDESC_TAG_USAGE_PAGE 0x0u
|
|
|
ddca0b |
+#define HID_RPTDESC_TAG_USAGE 0x0u
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+/*
|
|
|
ddca0b |
+ * HID usage for FIDO CTAP1 ("U2F") and CTAP2 security tokens.
|
|
|
ddca0b |
+ * https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-u2f_hid.h-v1.0-ps-20141009.txt
|
|
|
ddca0b |
+ * https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#usb-discovery
|
|
|
ddca0b |
+ * https://www.usb.org/sites/default/files/hutrr48.pdf
|
|
|
ddca0b |
+ */
|
|
|
ddca0b |
+#define FIDO_FULL_USAGE_CTAPHID 0xf1d00001u
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+/*
|
|
|
ddca0b |
+ * Parses a HID report descriptor and identifies FIDO CTAP1 ("U2F")/CTAP2 security tokens based on their
|
|
|
ddca0b |
+ * declared usage.
|
|
|
ddca0b |
+ * A positive return value indicates that the report descriptor belongs to a FIDO security token.
|
|
|
ddca0b |
+ * https://www.usb.org/sites/default/files/documents/hid1_11.pdf (Section 6.2.2)
|
|
|
ddca0b |
+ */
|
|
|
ddca0b |
+int is_fido_security_token_desc(const uint8_t *desc, size_t desc_len) {
|
|
|
ddca0b |
+ uint32_t usage = 0;
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ for (size_t pos = 0; pos < desc_len; ) {
|
|
|
ddca0b |
+ uint8_t tag, type, size_code;
|
|
|
ddca0b |
+ size_t size;
|
|
|
ddca0b |
+ uint32_t value;
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ /* Report descriptors consists of short items (1-5 bytes) and long items (3-258 bytes). */
|
|
|
ddca0b |
+ if (desc[pos] == HID_RPTDESC_FIRST_BYTE_LONG_ITEM) {
|
|
|
ddca0b |
+ /* No long items are defined in the spec; skip them.
|
|
|
ddca0b |
+ * The length of the data in a long item is contained in the byte after the long
|
|
|
ddca0b |
+ * item tag. The header consists of three bytes: special long item tag, length,
|
|
|
ddca0b |
+ * actual tag. */
|
|
|
ddca0b |
+ if (pos + 1 >= desc_len)
|
|
|
ddca0b |
+ return -EINVAL;
|
|
|
ddca0b |
+ pos += desc[pos + 1] + 3;
|
|
|
ddca0b |
+ continue;
|
|
|
ddca0b |
+ }
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ /* The first byte of a short item encodes tag, type and size. */
|
|
|
ddca0b |
+ tag = desc[pos] >> 4; /* Bits 7 to 4 */
|
|
|
ddca0b |
+ type = (desc[pos] >> 2) & 0x3; /* Bits 3 and 2 */
|
|
|
ddca0b |
+ size_code = desc[pos] & 0x3; /* Bits 1 and 0 */
|
|
|
ddca0b |
+ /* Size is coded as follows:
|
|
|
ddca0b |
+ * 0 -> 0 bytes, 1 -> 1 byte, 2 -> 2 bytes, 3 -> 4 bytes
|
|
|
ddca0b |
+ */
|
|
|
ddca0b |
+ size = size_code < 3 ? size_code : 4;
|
|
|
ddca0b |
+ /* Consume header byte. */
|
|
|
ddca0b |
+ pos++;
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ /* Extract the item value coded on size bytes. */
|
|
|
ddca0b |
+ if (pos + size > desc_len)
|
|
|
ddca0b |
+ return -EINVAL;
|
|
|
ddca0b |
+ value = 0;
|
|
|
ddca0b |
+ for (size_t i = 0; i < size; i++)
|
|
|
ddca0b |
+ value |= (uint32_t) desc[pos + i] << (8 * i);
|
|
|
ddca0b |
+ /* Consume value bytes. */
|
|
|
ddca0b |
+ pos += size;
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ if (type == HID_RPTDESC_TYPE_GLOBAL && tag == HID_RPTDESC_TAG_USAGE_PAGE) {
|
|
|
ddca0b |
+ /* A usage page is a 16 bit value coded on at most 16 bits. */
|
|
|
ddca0b |
+ if (size > 2)
|
|
|
ddca0b |
+ return -EINVAL;
|
|
|
ddca0b |
+ /* A usage page sets the upper 16 bits of a following usage. */
|
|
|
ddca0b |
+ usage = (value & 0x0000ffffu) << 16;
|
|
|
ddca0b |
+ }
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ if (type == HID_RPTDESC_TYPE_LOCAL && tag == HID_RPTDESC_TAG_USAGE) {
|
|
|
ddca0b |
+ /* A usage is a 32 bit value, but is prepended with the current usage page if
|
|
|
ddca0b |
+ * coded on less than 4 bytes (that is, at most 2 bytes). */
|
|
|
ddca0b |
+ if (size == 4)
|
|
|
ddca0b |
+ usage = value;
|
|
|
ddca0b |
+ else
|
|
|
ddca0b |
+ usage = (usage & 0xffff0000u) | (value & 0x0000ffffu);
|
|
|
ddca0b |
+ if (usage == FIDO_FULL_USAGE_CTAPHID)
|
|
|
ddca0b |
+ return 1;
|
|
|
ddca0b |
+ }
|
|
|
ddca0b |
+ }
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+ return 0;
|
|
|
ddca0b |
+}
|
|
|
ddca0b |
diff --git a/src/udev/fido_id/fido_id_desc.h b/src/udev/fido_id/fido_id_desc.h
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..c813a3a454
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/src/udev/fido_id/fido_id_desc.h
|
|
|
ddca0b |
@@ -0,0 +1,8 @@
|
|
|
ddca0b |
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#pragma once
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+#include <stddef.h>
|
|
|
ddca0b |
+#include <stdint.h>
|
|
|
ddca0b |
+
|
|
|
ddca0b |
+int is_fido_security_token_desc(const uint8_t *desc, size_t desc_len);
|
|
|
ddca0b |
diff --git a/src/udev/meson.build b/src/udev/meson.build
|
|
|
ddca0b |
index 3bcd2bd3d7..5931a6da7d 100644
|
|
|
ddca0b |
--- a/src/udev/meson.build
|
|
|
ddca0b |
+++ b/src/udev/meson.build
|
|
|
ddca0b |
@@ -160,6 +160,9 @@ libudev_core = static_library(
|
|
|
ddca0b |
foreach prog : [['ata_id/ata_id.c'],
|
|
|
ddca0b |
['cdrom_id/cdrom_id.c'],
|
|
|
ddca0b |
['collect/collect.c'],
|
|
|
ddca0b |
+ ['fido_id/fido_id.c',
|
|
|
ddca0b |
+ 'fido_id/fido_id_desc.c',
|
|
|
ddca0b |
+ 'fido_id/fido_id_desc.h'],
|
|
|
ddca0b |
['scsi_id/scsi_id.c',
|
|
|
ddca0b |
'scsi_id/scsi_id.h',
|
|
|
ddca0b |
'scsi_id/scsi_serial.c',
|
|
|
ddca0b |
diff --git a/test/fuzz/fuzz-fido-id-desc/crash0 b/test/fuzz/fuzz-fido-id-desc/crash0
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..e066656502
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/test/fuzz/fuzz-fido-id-desc/crash0
|
|
|
ddca0b |
@@ -0,0 +1 @@
|
|
|
ddca0b |
+????Ì?
|
|
|
ddca0b |
\ No newline at end of file
|
|
|
ddca0b |
diff --git a/test/fuzz/fuzz-fido-id-desc/crash1 b/test/fuzz/fuzz-fido-id-desc/crash1
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000..aef3e18335
|
|
|
ddca0b |
--- /dev/null
|
|
|
ddca0b |
+++ b/test/fuzz/fuzz-fido-id-desc/crash1
|
|
|
ddca0b |
@@ -0,0 +1 @@
|
|
|
ddca0b |
+øûøûûÜ
|
|
|
ddca0b |
\ No newline at end of file
|
|
|
ddca0b |
diff --git a/test/fuzz/fuzz-fido-id-desc/report0 b/test/fuzz/fuzz-fido-id-desc/report0
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000000000000000000000000000000000..48757cba682ffddd5a1ddd8988bb8bcdc7db0a7a
|
|
|
ddca0b |
GIT binary patch
|
|
|
ddca0b |
literal 71
|
|
|
ddca0b |
zcmZQ&<YZgO$jUDHK=ZjMgDPVw<5Z4Drm2jj9F2@qSxXsNIV2f1Sto)-m?tt$Wh>
|
|
|
ddca0b |
Xs!9c_XV6S-WZ+~j<(SH`k?8;c6l@Pq
|
|
|
ddca0b |
|
|
|
ddca0b |
literal 0
|
|
|
ddca0b |
HcmV?d00001
|
|
|
ddca0b |
|
|
|
ddca0b |
diff --git a/test/fuzz/fuzz-fido-id-desc/report1 b/test/fuzz/fuzz-fido-id-desc/report1
|
|
|
ddca0b |
new file mode 100644
|
|
|
ddca0b |
index 0000000000000000000000000000000000000000..b70b7fb871aeccf4074ccbd20e3cdbaca42e23b3
|
|
|
ddca0b |
GIT binary patch
|
|
|
ddca0b |
literal 34
|
|
|
ddca0b |
icmZR(@R5^oAtR@PD1+L6hEk5H4vkElig3
|
|
|
ddca0b |
|
|
|
ddca0b |
literal 0
|
|
|
ddca0b |
HcmV?d00001
|
|
|
ddca0b |
|