svn commit: r458661 - in head/security: . trezord trezord/files
Alex Dupre
ale at FreeBSD.org
Wed Jan 10 17:12:47 UTC 2018
Author: ale
Date: Wed Jan 10 17:12:45 2018
New Revision: 458661
URL: https://svnweb.freebsd.org/changeset/ports/458661
Log:
trezord (short for TREZOR Daemon), or TREZOR Bridge, is a small piece of
software, used for websites, to talk with TREZOR devices.
WWW: https://github.com/trezor/trezord
Added:
head/security/trezord/
head/security/trezord/Makefile (contents, props changed)
head/security/trezord/distinfo (contents, props changed)
head/security/trezord/files/
head/security/trezord/files/config.proto (contents, props changed)
head/security/trezord/files/patch-CMakeLists.txt (contents, props changed)
head/security/trezord/files/patch-src_core.hpp (contents, props changed)
head/security/trezord/files/patch-src_main.cpp (contents, props changed)
head/security/trezord/files/patch-src_wire.hpp (contents, props changed)
head/security/trezord/files/trezord.in (contents, props changed)
head/security/trezord/files/usb.hpp (contents, props changed)
head/security/trezord/pkg-descr (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Wed Jan 10 17:06:48 2018 (r458660)
+++ head/security/Makefile Wed Jan 10 17:12:45 2018 (r458661)
@@ -1238,6 +1238,7 @@
SUBDIR += tor-devel
SUBDIR += tpm-tools
SUBDIR += tpmmanager
+ SUBDIR += trezord
SUBDIR += trinokiller
SUBDIR += tripwire
SUBDIR += tripwire-131
Added: head/security/trezord/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/Makefile Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,41 @@
+# Created by: Alex Dupre <ale at FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME= trezord
+PORTVERSION= 1.2.1
+CATEGORIES= security
+MASTER_SITES= LOCAL/ale
+
+MAINTAINER= ale at FreeBSD.org
+COMMENT= TREZOR Communication Daemon aka TREZOR Bridge
+
+LICENSE= LGPL3
+LICENSE_FILE= ${WRKSRC}/COPYING
+
+BUILD_DEPENDS= protoc:devel/protobuf \
+ boost-libs>=0:devel/boost-libs
+LIB_DEPENDS= libcurl.so:ftp/curl \
+ libjsoncpp.so:devel/jsoncpp \
+ libmicrohttpd.so:www/libmicrohttpd
+
+USES= cmake pkgconfig
+
+USE_RC_SUBR= ${PORTNAME}
+
+CMAKE_ARGS+= -DJSONCPP_INCLUDE_DIR:STRING="${LOCALBASE}/include/jsoncpp" \
+ -DJSONCPP_LIBRARY:STRING="-L${LOCALBASE}/lib -ljsoncpp"
+
+PLIST_FILES= sbin/${PORTNAME}
+
+post-extract:
+ ${CP} ${FILESDIR}/usb.hpp ${WRKSRC}/src/
+ ${CP} ${FILESDIR}/config.proto ${WRKSRC}/src/config/
+
+pre-build:
+ cd ${WRKSRC}/src/config && ${LOCALBASE}/bin/protoc \
+ -I${LOCALBASE}/include -I. --cpp_out=. config.proto
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}/${PREFIX}/sbin/
+
+.include <bsd.port.mk>
Added: head/security/trezord/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/distinfo Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1514538815
+SHA256 (trezord-1.2.1.tar.gz) = aad7426ffd765977b6013d2efe675748027dd61b83dfc3a9ad28e4331fbc0d53
+SIZE (trezord-1.2.1.tar.gz) = 465139
Added: head/security/trezord/files/config.proto
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/files/config.proto Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,30 @@
+/**
+ * Configuration format for TREZOR plugin
+ */
+
+// Sugar for easier handling in Java
+option java_package = "com.satoshilabs.trezor.lib.protobuf";
+option java_outer_classname = "TrezorConfig";
+
+import "google/protobuf/descriptor.proto";
+
+/**
+ * Device Descriptor used in Configuration
+ */
+message DeviceDescriptor {
+ optional uint32 vendor_id = 1; // USB vendor ID
+ optional uint32 product_id = 2; // USB product ID
+ optional string serial_number = 3; // USB serial number
+ optional string path = 4; // USB device path
+}
+
+/**
+ * Plugin Configuration
+ */
+message Configuration {
+ repeated string whitelist_urls = 1; // allowed URLs for plugin
+ repeated string blacklist_urls = 2; // forbidden URLs for plugin
+ required google.protobuf.FileDescriptorSet wire_protocol = 3; // compiled specification of write protocol (serialized using "protoc -o")
+ repeated DeviceDescriptor known_devices = 4; // descriptors of allowed devices
+ optional uint32 valid_until = 5; // expiration timestamp
+}
Added: head/security/trezord/files/patch-CMakeLists.txt
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/files/patch-CMakeLists.txt Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,43 @@
+--- CMakeLists.txt.orig 2017-12-02 14:37:41 UTC
++++ CMakeLists.txt
+@@ -31,7 +31,6 @@ if (WIN32)
+ endif(WIN32)
+
+ if (UNIX AND NOT APPLE)
+- set (SRCS src/glibc_compat.c ${SRCS})
+ endif(UNIX AND NOT APPLE)
+
+ add_executable(trezord ${SRCS})
+@@ -49,7 +48,7 @@ else(WIN32)
+ if (APPLE)
+ set(OS_LIBRARIES pthread)
+ else(APPLE)
+- set(OS_LIBRARIES pthread dl z)
++ set(OS_LIBRARIES pthread usb z)
+ endif(APPLE)
+ endif(WIN32)
+
+@@ -72,7 +71,6 @@ find_package(Protobuf 2.5.0 REQUIRED)
+ find_package(jsoncpp REQUIRED)
+
+ # add vendored libs
+-add_subdirectory(vendor/hidapi)
+ add_subdirectory(vendor/trezor-crypto)
+
+ include_directories(
+@@ -81,7 +79,6 @@ include_directories(
+ ${PROTOBUF_INCLUDE_DIRS}
+ ${JSONCPP_INCLUDE_DIRS}
+ ${CURL_INCLUDE_DIRS}
+- vendor/hidapi/hidapi
+ vendor/trezor-crypto
+ vendor/easyloggingpp)
+
+@@ -91,7 +88,6 @@ target_link_libraries(trezord
+ ${CURL_LIBRARIES}
+ ${PROTOBUF_LIBRARIES}
+ ${JSONCPP_LIBRARIES}
+- hidapi
+ TrezorCrypto)
+
+ if(BUILD_TESTS)
Added: head/security/trezord/files/patch-src_core.hpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/files/patch-src_core.hpp Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,33 @@
+--- src/core.hpp.orig 2017-12-02 14:37:41 UTC
++++ src/core.hpp
+@@ -195,12 +195,12 @@ public:
+ pb_wire_codec{new protobuf::wire_codec{pb_state.get()}},
+ pb_json_codec{new protobuf::json_codec{pb_state.get()}}
+ {
+- hid::init();
++ usb::init();
+ }
+
+ ~kernel()
+ {
+- hid::exit();
++ usb::exit();
+ }
+
+ std::string
+@@ -433,13 +433,13 @@ private:
+ enumerate_supported_devices()
+ {
+ return wire::enumerate_connected_devices(
+- [&] (hid_device_info const *i) {
++ [&] (usb::usb_device_info const *i) {
+ return is_device_supported(i);
+ });
+ }
+
+ bool
+- is_device_supported(hid_device_info const *info)
++ is_device_supported(usb::usb_device_info const *info)
+ {
+ return std::any_of(
+ config.c.known_devices().begin(),
Added: head/security/trezord/files/patch-src_main.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/files/patch-src_main.cpp Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,26 @@
+--- src/main.cpp.orig 2017-12-02 14:37:41 UTC
++++ src/main.cpp
+@@ -33,7 +33,7 @@
+ #include <easylogging++.h>
+
+ #include "utils.hpp"
+-#include "hid.hpp"
++#include "usb.hpp"
+ #include "wire.hpp"
+ #include "core.hpp"
+ #include "http_client.hpp"
+@@ -163,14 +163,12 @@ main(int argc, char *argv[])
+ return 1;
+ }
+
+-#ifdef __linux__
+ if (!vm.count("foreground")) {
+ if (daemon(0, 0) < 0) {
+ LOG(ERROR) << "could not daemonize";
+ return 1;
+ }
+ }
+-#endif
+
+ std::string cert_data;
+ std::string privkey_data;
Added: head/security/trezord/files/patch-src_wire.hpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/files/patch-src_wire.hpp Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,114 @@
+--- src/wire.hpp.orig 2017-12-02 14:37:41 UTC
++++ src/wire.hpp
+@@ -57,13 +57,14 @@ device_info_list
+ enumerate_connected_devices(F filter)
+ {
+ device_info_list list;
+- auto *infos = hid::enumerate(0x00, 0x00);
++ auto *infos = usb::enumerate(0x00, 0x00);
+
+ for (auto i = infos; i != nullptr; i = i->next) {
+ // skip unsupported devices
+ if (!filter(i)) {
+ continue;
+ }
++#if 0
+ // skip foreign interfaces
+ if (i->interface_number > 0) {
+ CLOG(DEBUG, "wire.enumerate") << "skipping, invalid device";
+@@ -79,6 +80,7 @@ enumerate_connected_devices(F filter)
+ CLOG(DEBUG, "wire.enumerate") << "skipping, fido interface";
+ continue;
+ }
++#endif
+ list.emplace_back(
+ device_info{
+ i->vendor_id,
+@@ -86,7 +88,7 @@ enumerate_connected_devices(F filter)
+ i->path});
+ }
+
+- hid::free_enumeration(infos);
++ usb::free_enumeration(infos);
+ return list;
+ }
+
+@@ -112,18 +114,19 @@ struct device
+
+ device(char const *path)
+ {
+- hid = hid::open_path(path);
++ hid = usb::open_path(path);
+ if (!hid) {
+ throw open_error("HID device open failed");
+ }
+- hid_version = try_hid_version();
++ hid_version = 1; // no report with libusb try_hid_version();
+ if (hid_version <= 0) {
+ throw open_error("Unknown HID version");
+ }
+ }
+
+- ~device() { hid::close(hid); }
++ ~device() { usb::close(hid); }
+
++#if 0
+ // try writing packet that will be discarded to figure out hid version
+ int try_hid_version() {
+ int r;
+@@ -133,7 +136,7 @@ struct device
+ report.fill(0xFF);
+ report[0] = 0x00;
+ report[1] = 0x3F;
+- r = hid::write(hid, report.data(), 65);
++ r = usb::write(hid, report.data(), 65);
+ if (r == 65) {
+ return 2;
+ }
+@@ -141,7 +144,7 @@ struct device
+ // try version 1
+ report.fill(0xFF);
+ report[0] = 0x3F;
+- r = hid::write(hid, report.data(), 64);
++ r = usb::write(hid, report.data(), 64);
+ if (r == 64) {
+ return 1;
+ }
+@@ -149,6 +152,7 @@ struct device
+ // unknown version
+ return 0;
+ }
++#endif
+
+ void
+ read_buffered(char_type *data,
+@@ -210,7 +214,7 @@ private:
+ int r;
+
+ do {
+- r = hid::read_timeout(hid, report.data(), report.size(), 50);
++ r = usb::read(hid, report.data(), report.size());
+ } while (r == 0);
+
+ if (r < 0) {
+@@ -251,7 +255,7 @@ private:
+ break;
+ }
+
+- int r = hid::write(hid, report.data(), report_size);
++ int r = usb::write(hid, report.data(), report_size);
+ if (r < 0) {
+ throw write_error{"HID device write failed"};
+ }
+@@ -263,9 +267,9 @@ private:
+ }
+
+ typedef std::vector<char_type> buffer_type;
+- typedef std::array<char_type, 65> report_type;
++ typedef std::array<char_type, 64> report_type;
+
+- hid_device *hid;
++ libusb_device_handle *hid;
+ buffer_type read_buffer;
+ int hid_version;
+ };
Added: head/security/trezord/files/trezord.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/files/trezord.in Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: trezord
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add these lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# trezord_enable (bool): Set to NO by default.
+# Set it to YES to enable trezord.
+
+. /etc/rc.subr
+
+name=trezord
+rcvar=trezord_enable
+
+load_rc_config $name
+
+: ${trezord_enable:="NO"}
+
+command=%%PREFIX%%/sbin/${name}
+
+run_rc_command "$1"
Added: head/security/trezord/files/usb.hpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/files/usb.hpp Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,172 @@
+/*
+ * This file is part of the TREZOR project.
+ *
+ * Copyright (C) 2014 SatoshiLabs
+ *
+ * This library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <libusb.h>
+
+namespace trezord
+{
+namespace usb
+{
+
+static std::unique_ptr< utils::async_executor > usb_executor;
+
+struct usb_device_info {
+ char path[10];
+ uint16_t vendor_id;
+ uint16_t product_id;
+
+ usb_device_info *next;
+};
+
+// Init/exit
+
+void
+init()
+{
+ libusb_init(NULL);
+ usb_executor.reset(new utils::async_executor());
+}
+
+void
+exit()
+{
+ libusb_exit(NULL);
+ usb_executor.reset();
+}
+
+// Enumeration
+
+usb_device_info *
+enumerate(unsigned short vendor_id, unsigned short product_id)
+{
+ return usb_executor->await([=] {
+ libusb_device **devs = NULL;
+ libusb_device *dev = NULL;
+ struct usb_device_info *root = NULL; /* return object */
+ struct usb_device_info *cur_dev = NULL;
+ int i = 0;
+
+ libusb_get_device_list(NULL, &devs);
+ while ((dev = devs[i++]) != NULL) {
+ struct libusb_device_descriptor desc;
+ libusb_get_device_descriptor(dev, &desc);
+ if ((vendor_id == 0 || vendor_id == desc.idVendor) && (product_id == 0 || product_id == desc.idProduct)) {
+ struct usb_device_info *tmp;
+ tmp = (struct usb_device_info *) calloc(1, sizeof(struct usb_device_info));
+ if (cur_dev) {
+ cur_dev->next = tmp;
+ } else {
+ root = tmp;
+ }
+ cur_dev = tmp;
+
+ cur_dev->next = NULL;
+ snprintf(cur_dev->path, sizeof(cur_dev->path), "%04x:%04x",
+ libusb_get_bus_number(dev),
+ libusb_get_device_address(dev));
+
+ cur_dev->vendor_id = desc.idVendor;
+ cur_dev->product_id = desc.idProduct;
+ }
+ }
+ libusb_free_device_list(devs, 1);
+ return root;
+ });
+}
+
+void
+free_enumeration(usb_device_info *devs)
+{
+ return usb_executor->await([=] {
+ struct usb_device_info *d = devs;
+ while (d) {
+ struct usb_device_info *next = d->next;
+ free(d);
+ d = next;
+ }
+ });
+}
+
+// Open/close
+
+libusb_device_handle *
+open_path(char const *path)
+{
+ return usb_executor->await([=] {
+ libusb_device **devs = NULL;
+ libusb_device *dev = NULL;
+ libusb_device_handle *handle = NULL;
+ int i = 0;
+
+ libusb_get_device_list(NULL, &devs);
+ while ((dev = devs[i++]) != NULL) {
+ char devpath[10];
+ snprintf(devpath, sizeof(devpath), "%04x:%04x",
+ libusb_get_bus_number(dev),
+ libusb_get_device_address(dev));
+ if (strncmp(devpath, path, sizeof(devpath)) == 0) {
+ if (libusb_open(dev, &handle) == 0) {
+ libusb_set_auto_detach_kernel_driver(handle, 1);
+ if (libusb_claim_interface(handle, 0)) {
+ libusb_close(handle);
+ handle = NULL;
+ }
+ }
+ break;
+ }
+ }
+ libusb_free_device_list(devs, 1);
+ return handle;
+ });
+}
+
+void
+close(libusb_device_handle *device)
+{
+ return usb_executor->await([=] {
+ libusb_release_interface(device, 0);
+ libusb_close(device);
+ });
+}
+
+// Communication
+
+int
+write(libusb_device_handle *device, unsigned char *data, size_t length)
+{
+ return usb_executor->await([=] {
+ int xfer = -1;
+ libusb_interrupt_transfer(device, 0x01, data, length, &xfer, 0);
+ return xfer;
+ });
+}
+
+int
+read(libusb_device_handle *device, unsigned char *data, size_t length)
+{
+ return usb_executor->await([=] {
+ int xfer = -1;
+ libusb_interrupt_transfer(device, 0x81, data, length, &xfer, 0);
+ return xfer;
+ });
+}
+
+}
+}
Added: head/security/trezord/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/trezord/pkg-descr Wed Jan 10 17:12:45 2018 (r458661)
@@ -0,0 +1,4 @@
+trezord (short for TREZOR Daemon), or TREZOR Bridge, is a small piece of
+software, used for websites, to talk with TREZOR devices.
+
+WWW: https://github.com/trezor/trezord
More information about the svn-ports-all
mailing list