udev: Add id program and rule for FIDO security tokens

System Internals / systemd - Fabian Henneke [henneke.me] - 6 September 2019 17:23 EDT

Add a fido_id program meant to be run for devices in the hidraw subsystem via an IMPORT directive. The program parses the HID report descriptor and assigns the ID_SECURITY_TOKEN environment variable if a declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP specification. This replaces the previous approach of whitelisting all known security token models manually.

This commit is accompanied by a test suite and a fuzzer target for the descriptor parsing routine.

Fixes: #11996.

d45ee2f31a udev: Add id program and rule for FIDO security tokens
rules/60-fido-id.rules | 7 +++
rules/meson.build | 1 +
src/fuzz/fuzz-fido-id-desc.c | 23 +++++++++
src/fuzz/fuzz-fido-id-desc.dict | 6 +++
src/fuzz/meson.build | 5 ++
src/test/meson.build | 5 ++
src/test/test-fido-id-desc.c | 85 +++++++++++++++++++++++++++++++
src/udev/fido_id/fido_id.c | 96 ++++++++++++++++++++++++++++++++++++
src/udev/fido_id/fido_id_desc.c | 92 ++++++++++++++++++++++++++++++++++
src/udev/fido_id/fido_id_desc.h | 8 +++
src/udev/meson.build | 3 ++
test/fuzz/fuzz-fido-id-desc/crash0 | 1 +
test/fuzz/fuzz-fido-id-desc/crash1 | 1 +
test/fuzz/fuzz-fido-id-desc/report0 | Bin 0 -> 71 bytes
test/fuzz/fuzz-fido-id-desc/report1 | Bin 0 -> 34 bytes
15 files changed, 333 insertions(+)

Upstream: github.com


  • Share