diff options
| author | Alex Dupre <ale@FreeBSD.org> | 2018-01-10 17:12:45 +0000 |
|---|---|---|
| committer | Alex Dupre <ale@FreeBSD.org> | 2018-01-10 17:12:45 +0000 |
| commit | 21c95ce266b269e315f59711976e64256758ee49 (patch) | |
| tree | 7900f15ac33fe4e5b332e32a82d4aa44004d0e56 /security/trezord | |
| parent | e4d2a56eadf1cf5c7fde93061db2d7c3066b20c4 (diff) | |
| download | ports-21c95ce266b269e315f59711976e64256758ee49.tar.gz ports-21c95ce266b269e315f59711976e64256758ee49.zip | |
Notes
Diffstat (limited to 'security/trezord')
| -rw-r--r-- | security/trezord/Makefile | 41 | ||||
| -rw-r--r-- | security/trezord/distinfo | 3 | ||||
| -rw-r--r-- | security/trezord/files/config.proto | 30 | ||||
| -rw-r--r-- | security/trezord/files/patch-CMakeLists.txt | 43 | ||||
| -rw-r--r-- | security/trezord/files/patch-src_core.hpp | 33 | ||||
| -rw-r--r-- | security/trezord/files/patch-src_main.cpp | 26 | ||||
| -rw-r--r-- | security/trezord/files/patch-src_wire.hpp | 114 | ||||
| -rw-r--r-- | security/trezord/files/trezord.in | 26 | ||||
| -rw-r--r-- | security/trezord/files/usb.hpp | 172 | ||||
| -rw-r--r-- | security/trezord/pkg-descr | 4 |
10 files changed, 492 insertions, 0 deletions
diff --git a/security/trezord/Makefile b/security/trezord/Makefile new file mode 100644 index 000000000000..cf255d38b3f2 --- /dev/null +++ b/security/trezord/Makefile @@ -0,0 +1,41 @@ +# Created by: Alex Dupre <ale@FreeBSD.org> +# $FreeBSD$ + +PORTNAME= trezord +PORTVERSION= 1.2.1 +CATEGORIES= security +MASTER_SITES= LOCAL/ale + +MAINTAINER= ale@FreeBSD.org +COMMENT= TREZOR Communication Daemon aka TREZOR Bridge + +LICENSE= LGPL3 +LICENSE_FILE= ${WRKSRC}/COPYING + +BUILD_DEPENDS= protoc:devel/protobuf \ + boost-libs>=0:devel/boost-libs +LIB_DEPENDS= libcurl.so:ftp/curl \ + libjsoncpp.so:devel/jsoncpp \ + libmicrohttpd.so:www/libmicrohttpd + +USES= cmake pkgconfig + +USE_RC_SUBR= ${PORTNAME} + +CMAKE_ARGS+= -DJSONCPP_INCLUDE_DIR:STRING="${LOCALBASE}/include/jsoncpp" \ + -DJSONCPP_LIBRARY:STRING="-L${LOCALBASE}/lib -ljsoncpp" + +PLIST_FILES= sbin/${PORTNAME} + +post-extract: + ${CP} ${FILESDIR}/usb.hpp ${WRKSRC}/src/ + ${CP} ${FILESDIR}/config.proto ${WRKSRC}/src/config/ + +pre-build: + cd ${WRKSRC}/src/config && ${LOCALBASE}/bin/protoc \ + -I${LOCALBASE}/include -I. --cpp_out=. config.proto + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}/${PREFIX}/sbin/ + +.include <bsd.port.mk> diff --git a/security/trezord/distinfo b/security/trezord/distinfo new file mode 100644 index 000000000000..39230f9002ce --- /dev/null +++ b/security/trezord/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1514538815 +SHA256 (trezord-1.2.1.tar.gz) = aad7426ffd765977b6013d2efe675748027dd61b83dfc3a9ad28e4331fbc0d53 +SIZE (trezord-1.2.1.tar.gz) = 465139 diff --git a/security/trezord/files/config.proto b/security/trezord/files/config.proto new file mode 100644 index 000000000000..b7ffedd85157 --- /dev/null +++ b/security/trezord/files/config.proto @@ -0,0 +1,30 @@ +/** + * Configuration format for TREZOR plugin + */ + +// Sugar for easier handling in Java +option java_package = "com.satoshilabs.trezor.lib.protobuf"; +option java_outer_classname = "TrezorConfig"; + +import "google/protobuf/descriptor.proto"; + +/** + * Device Descriptor used in Configuration + */ +message DeviceDescriptor { + optional uint32 vendor_id = 1; // USB vendor ID + optional uint32 product_id = 2; // USB product ID + optional string serial_number = 3; // USB serial number + optional string path = 4; // USB device path +} + +/** + * Plugin Configuration + */ +message Configuration { + repeated string whitelist_urls = 1; // allowed URLs for plugin + repeated string blacklist_urls = 2; // forbidden URLs for plugin + required google.protobuf.FileDescriptorSet wire_protocol = 3; // compiled specification of write protocol (serialized using "protoc -o") + repeated DeviceDescriptor known_devices = 4; // descriptors of allowed devices + optional uint32 valid_until = 5; // expiration timestamp +} diff --git a/security/trezord/files/patch-CMakeLists.txt b/security/trezord/files/patch-CMakeLists.txt new file mode 100644 index 000000000000..15b142f09c03 --- /dev/null +++ b/security/trezord/files/patch-CMakeLists.txt @@ -0,0 +1,43 @@ +--- CMakeLists.txt.orig 2017-12-02 14:37:41 UTC ++++ CMakeLists.txt +@@ -31,7 +31,6 @@ if (WIN32) + endif(WIN32) + + if (UNIX AND NOT APPLE) +- set (SRCS src/glibc_compat.c ${SRCS}) + endif(UNIX AND NOT APPLE) + + add_executable(trezord ${SRCS}) +@@ -49,7 +48,7 @@ else(WIN32) + if (APPLE) + set(OS_LIBRARIES pthread) + else(APPLE) +- set(OS_LIBRARIES pthread dl z) ++ set(OS_LIBRARIES pthread usb z) + endif(APPLE) + endif(WIN32) + +@@ -72,7 +71,6 @@ find_package(Protobuf 2.5.0 REQUIRED) + find_package(jsoncpp REQUIRED) + + # add vendored libs +-add_subdirectory(vendor/hidapi) + add_subdirectory(vendor/trezor-crypto) + + include_directories( +@@ -81,7 +79,6 @@ include_directories( + ${PROTOBUF_INCLUDE_DIRS} + ${JSONCPP_INCLUDE_DIRS} + ${CURL_INCLUDE_DIRS} +- vendor/hidapi/hidapi + vendor/trezor-crypto + vendor/easyloggingpp) + +@@ -91,7 +88,6 @@ target_link_libraries(trezord + ${CURL_LIBRARIES} + ${PROTOBUF_LIBRARIES} + ${JSONCPP_LIBRARIES} +- hidapi + TrezorCrypto) + + if(BUILD_TESTS) diff --git a/security/trezord/files/patch-src_core.hpp b/security/trezord/files/patch-src_core.hpp new file mode 100644 index 000000000000..a802caee336d --- /dev/null +++ b/security/trezord/files/patch-src_core.hpp @@ -0,0 +1,33 @@ +--- src/core.hpp.orig 2017-12-02 14:37:41 UTC ++++ src/core.hpp +@@ -195,12 +195,12 @@ public: + pb_wire_codec{new protobuf::wire_codec{pb_state.get()}}, + pb_json_codec{new protobuf::json_codec{pb_state.get()}} + { +- hid::init(); ++ usb::init(); + } + + ~kernel() + { +- hid::exit(); ++ usb::exit(); + } + + std::string +@@ -433,13 +433,13 @@ private: + enumerate_supported_devices() + { + return wire::enumerate_connected_devices( +- [&] (hid_device_info const *i) { ++ [&] (usb::usb_device_info const *i) { + return is_device_supported(i); + }); + } + + bool +- is_device_supported(hid_device_info const *info) ++ is_device_supported(usb::usb_device_info const *info) + { + return std::any_of( + config.c.known_devices().begin(), diff --git a/security/trezord/files/patch-src_main.cpp b/security/trezord/files/patch-src_main.cpp new file mode 100644 index 000000000000..d865a29fcd91 --- /dev/null +++ b/security/trezord/files/patch-src_main.cpp @@ -0,0 +1,26 @@ +--- src/main.cpp.orig 2017-12-02 14:37:41 UTC ++++ src/main.cpp +@@ -33,7 +33,7 @@ + #include <easylogging++.h> + + #include "utils.hpp" +-#include "hid.hpp" ++#include "usb.hpp" + #include "wire.hpp" + #include "core.hpp" + #include "http_client.hpp" +@@ -163,14 +163,12 @@ main(int argc, char *argv[]) + return 1; + } + +-#ifdef __linux__ + if (!vm.count("foreground")) { + if (daemon(0, 0) < 0) { + LOG(ERROR) << "could not daemonize"; + return 1; + } + } +-#endif + + std::string cert_data; + std::string privkey_data; diff --git a/security/trezord/files/patch-src_wire.hpp b/security/trezord/files/patch-src_wire.hpp new file mode 100644 index 000000000000..6af8f2253f81 --- /dev/null +++ b/security/trezord/files/patch-src_wire.hpp @@ -0,0 +1,114 @@ +--- src/wire.hpp.orig 2017-12-02 14:37:41 UTC ++++ src/wire.hpp +@@ -57,13 +57,14 @@ device_info_list + enumerate_connected_devices(F filter) + { + device_info_list list; +- auto *infos = hid::enumerate(0x00, 0x00); ++ auto *infos = usb::enumerate(0x00, 0x00); + + for (auto i = infos; i != nullptr; i = i->next) { + // skip unsupported devices + if (!filter(i)) { + continue; + } ++#if 0 + // skip foreign interfaces + if (i->interface_number > 0) { + CLOG(DEBUG, "wire.enumerate") << "skipping, invalid device"; +@@ -79,6 +80,7 @@ enumerate_connected_devices(F filter) + CLOG(DEBUG, "wire.enumerate") << "skipping, fido interface"; + continue; + } ++#endif + list.emplace_back( + device_info{ + i->vendor_id, +@@ -86,7 +88,7 @@ enumerate_connected_devices(F filter) + i->path}); + } + +- hid::free_enumeration(infos); ++ usb::free_enumeration(infos); + return list; + } + +@@ -112,18 +114,19 @@ struct device + + device(char const *path) + { +- hid = hid::open_path(path); ++ hid = usb::open_path(path); + if (!hid) { + throw open_error("HID device open failed"); + } +- hid_version = try_hid_version(); ++ hid_version = 1; // no report with libusb try_hid_version(); + if (hid_version <= 0) { + throw open_error("Unknown HID version"); + } + } + +- ~device() { hid::close(hid); } ++ ~device() { usb::close(hid); } + ++#if 0 + // try writing packet that will be discarded to figure out hid version + int try_hid_version() { + int r; +@@ -133,7 +136,7 @@ struct device + report.fill(0xFF); + report[0] = 0x00; + report[1] = 0x3F; +- r = hid::write(hid, report.data(), 65); ++ r = usb::write(hid, report.data(), 65); + if (r == 65) { + return 2; + } +@@ -141,7 +144,7 @@ struct device + // try version 1 + report.fill(0xFF); + report[0] = 0x3F; +- r = hid::write(hid, report.data(), 64); ++ r = usb::write(hid, report.data(), 64); + if (r == 64) { + return 1; + } +@@ -149,6 +152,7 @@ struct device + // unknown version + return 0; + } ++#endif + + void + read_buffered(char_type *data, +@@ -210,7 +214,7 @@ private: + int r; + + do { +- r = hid::read_timeout(hid, report.data(), report.size(), 50); ++ r = usb::read(hid, report.data(), report.size()); + } while (r == 0); + + if (r < 0) { +@@ -251,7 +255,7 @@ private: + break; + } + +- int r = hid::write(hid, report.data(), report_size); ++ int r = usb::write(hid, report.data(), report_size); + if (r < 0) { + throw write_error{"HID device write failed"}; + } +@@ -263,9 +267,9 @@ private: + } + + typedef std::vector<char_type> buffer_type; +- typedef std::array<char_type, 65> report_type; ++ typedef std::array<char_type, 64> report_type; + +- hid_device *hid; ++ libusb_device_handle *hid; + buffer_type read_buffer; + int hid_version; + }; diff --git a/security/trezord/files/trezord.in b/security/trezord/files/trezord.in new file mode 100644 index 000000000000..5fdd0a6dd6fc --- /dev/null +++ b/security/trezord/files/trezord.in @@ -0,0 +1,26 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: trezord +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add these lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# trezord_enable (bool): Set to NO by default. +# Set it to YES to enable trezord. + +. /etc/rc.subr + +name=trezord +rcvar=trezord_enable + +load_rc_config $name + +: ${trezord_enable:="NO"} + +command=%%PREFIX%%/sbin/${name} + +run_rc_command "$1" diff --git a/security/trezord/files/usb.hpp b/security/trezord/files/usb.hpp new file mode 100644 index 000000000000..b0d4adb8405c --- /dev/null +++ b/security/trezord/files/usb.hpp @@ -0,0 +1,172 @@ +/* + * This file is part of the TREZOR project. + * + * Copyright (C) 2014 SatoshiLabs + * + * This library is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this library. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <stdio.h> +#include <libusb.h> + +namespace trezord +{ +namespace usb +{ + +static std::unique_ptr< utils::async_executor > usb_executor; + +struct usb_device_info { + char path[10]; + uint16_t vendor_id; + uint16_t product_id; + + usb_device_info *next; +}; + +// Init/exit + +void +init() +{ + libusb_init(NULL); + usb_executor.reset(new utils::async_executor()); +} + +void +exit() +{ + libusb_exit(NULL); + usb_executor.reset(); +} + +// Enumeration + +usb_device_info * +enumerate(unsigned short vendor_id, unsigned short product_id) +{ + return usb_executor->await([=] { + libusb_device **devs = NULL; + libusb_device *dev = NULL; + struct usb_device_info *root = NULL; /* return object */ + struct usb_device_info *cur_dev = NULL; + int i = 0; + + libusb_get_device_list(NULL, &devs); + while ((dev = devs[i++]) != NULL) { + struct libusb_device_descriptor desc; + libusb_get_device_descriptor(dev, &desc); + if ((vendor_id == 0 || vendor_id == desc.idVendor) && (product_id == 0 || product_id == desc.idProduct)) { + struct usb_device_info *tmp; + tmp = (struct usb_device_info *) calloc(1, sizeof(struct usb_device_info)); + if (cur_dev) { + cur_dev->next = tmp; + } else { + root = tmp; + } + cur_dev = tmp; + + cur_dev->next = NULL; + snprintf(cur_dev->path, sizeof(cur_dev->path), "%04x:%04x", + libusb_get_bus_number(dev), + libusb_get_device_address(dev)); + + cur_dev->vendor_id = desc.idVendor; + cur_dev->product_id = desc.idProduct; + } + } + libusb_free_device_list(devs, 1); + return root; + }); +} + +void +free_enumeration(usb_device_info *devs) +{ + return usb_executor->await([=] { + struct usb_device_info *d = devs; + while (d) { + struct usb_device_info *next = d->next; + free(d); + d = next; + } + }); +} + +// Open/close + +libusb_device_handle * +open_path(char const *path) +{ + return usb_executor->await([=] { + libusb_device **devs = NULL; + libusb_device *dev = NULL; + libusb_device_handle *handle = NULL; + int i = 0; + + libusb_get_device_list(NULL, &devs); + while ((dev = devs[i++]) != NULL) { + char devpath[10]; + snprintf(devpath, sizeof(devpath), "%04x:%04x", + libusb_get_bus_number(dev), + libusb_get_device_address(dev)); + if (strncmp(devpath, path, sizeof(devpath)) == 0) { + if (libusb_open(dev, &handle) == 0) { + libusb_set_auto_detach_kernel_driver(handle, 1); + if (libusb_claim_interface(handle, 0)) { + libusb_close(handle); + handle = NULL; + } + } + break; + } + } + libusb_free_device_list(devs, 1); + return handle; + }); +} + +void +close(libusb_device_handle *device) +{ + return usb_executor->await([=] { + libusb_release_interface(device, 0); + libusb_close(device); + }); +} + +// Communication + +int +write(libusb_device_handle *device, unsigned char *data, size_t length) +{ + return usb_executor->await([=] { + int xfer = -1; + libusb_interrupt_transfer(device, 0x01, data, length, &xfer, 0); + return xfer; + }); +} + +int +read(libusb_device_handle *device, unsigned char *data, size_t length) +{ + return usb_executor->await([=] { + int xfer = -1; + libusb_interrupt_transfer(device, 0x81, data, length, &xfer, 0); + return xfer; + }); +} + +} +} diff --git a/security/trezord/pkg-descr b/security/trezord/pkg-descr new file mode 100644 index 000000000000..3a82010656a7 --- /dev/null +++ b/security/trezord/pkg-descr @@ -0,0 +1,4 @@ +trezord (short for TREZOR Daemon), or TREZOR Bridge, is a small piece of +software, used for websites, to talk with TREZOR devices. + +WWW: https://github.com/trezor/trezord |