Commit 7c5754ad authored by grembo's avatar grembo
Browse files

Add fido/u2f support for FreeBSD.

Also adds test target.

This was merged upstream, so patches can be removed from files/
on the next release of python-fido2.

See:
https://github.com/Yubico/python-fido2/pull/64
https://github.com/Yubico/python-fido2/commit/19c86d5459931b8a76d1adc76420a8a1e0c0cf2e

PR:		240476
Approved by:	koobs (python: maintainer)
parent fe91dfb4
......@@ -2,6 +2,7 @@
PORTNAME= fido2
PORTVERSION= 0.7.0
PORTREVISION= 1
CATEGORIES= security python
MASTER_SITES= CHEESESHOP
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
......@@ -14,11 +15,17 @@ LICENSE_FILE= ${WRKSRC}/COPYING
RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography>=1.5:security/py-cryptography@${PY_FLAVOR} \
${PY_ENUM34} \
${PYTHON_PKGNAMEPREFIX}six>=0:devel/py-six@${PY_FLAVOR}
${PYTHON_PKGNAMEPREFIX}six>=0:devel/py-six@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}uhid-freebsd>=1.2.1:devel/py-uhid-freebsd@${PY_FLAVOR}
TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}mock>0:devel/py-mock@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pycodestyle>0:devel/py-pycodestyle@${PY_FLAVOR}
USES= python
USE_PYTHON= autoplist distutils
NO_ARCH= yes
do-test:
@cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test
.include <bsd.port.mk>
This was part of a pull request that has been merged uptream. Most likely
this patch can be removed on the next release of python-fido2.
See https://github.com/Yubico/python-fido2/pull/64 and
https://github.com/Yubico/python-fido2/commit/19c86d5459931b8a76d1adc76420a8a1e0c0cf2e
--- README.adoc.orig 2019-06-17 12:31:00 UTC
+++ README.adoc
@@ -64,10 +64,15 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
----
+Under FreeBSD you will either need to run as root or add rules for your device
+to /etc/devd.conf, which can be automated by installing security/u2f-devd:
+ # pkg install u2f-devd
+
+
=== Dependencies
fido2 is compatible with CPython 2.7 (2.7.6 and up), 3.4 onwards, and is tested
-on Windows, MacOS, and Linux.
+on Windows, MacOS, FreeBSD, and Linux.
This project depends on Cryptography. For instructions on installing this
dependency, see https://cryptography.io/en/latest/installation/.
This was part of a pull request that has been merged upstream. Most likely
this patch can be removed on the next release of python-fido2.
See https://github.com/Yubico/python-fido2/pull/64 and
https://github.com/Yubico/python-fido2/commit/19c86d5459931b8a76d1adc76420a8a1e0c0cf2e
--- fido2/_pyu2f/__init__.py.orig 2019-09-10 15:15:37 UTC
+++ fido2/_pyu2f/__init__.py
@@ -47,6 +47,9 @@ def InternalPlatformSwitch(funcname, *args, **kwargs):
elif sys.platform.startswith('darwin'):
from . import macos
clz = macos.MacOsHidDevice
+ elif sys.platform.startswith('freebsd'):
+ from . import freebsd
+ clz = freebsd.FreeBSDHidDevice
if not clz:
raise Exception('Unsupported platform: ' + sys.platform)
This was part of a pull request that has been merged upstream. Most likely
this patch can be removed on the next release of python-fido2.
See https://github.com/Yubico/python-fido2/pull/64 and
https://github.com/Yubico/python-fido2/commit/19c86d5459931b8a76d1adc76420a8a1e0c0cf2e
--- fido2/_pyu2f/freebsd.py.orig 2019-09-12 11:35:02 UTC
+++ fido2/_pyu2f/freebsd.py
@@ -0,0 +1,54 @@
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Implements raw HID interface on FreeBSD using sysctl and device files."""
+
+from __future__ import absolute_import
+
+import os
+import uhid_freebsd
+
+from . import linux
+
+
+class FreeBSDHidDevice(linux.LinuxHidDevice):
+ """Implementation of HID device for FreeBSD.
+ """
+
+ @staticmethod
+ def Enumerate():
+ for dev in uhid_freebsd.enumerate():
+ desc = linux.base.DeviceDescriptor()
+ desc.path = dev["path"]
+ desc.vendor_id = dev["vendor_id"]
+ desc.product_id = dev["product_id"]
+ desc.product_string = dev["product_desc"]
+ fd = os.open(desc.path, os.O_RDONLY)
+ linux.ParseReportDescriptor(
+ uhid_freebsd.get_report_data(fd, 3), desc)
+ os.close(fd)
+ yield desc.ToPublicDict()
+
+ def __init__(self, path):
+ linux.base.HidDevice.__init__(self, path)
+ self.dev = os.open(path, os.O_RDWR)
+ self.desc = linux.base.DeviceDescriptor()
+ self.desc.path = path
+ linux.ParseReportDescriptor(
+ uhid_freebsd.get_report_data(self.dev, 3), self.desc)
+
+ def Write(self, packet):
+ """See base class."""
+ out = bytes(bytearray([0]*64 + packet)) # 64 zero bytes (report ID)
+ os.write(self.dev, out)
This was part of a pull request that has been merged upstream. Most likely
this patch can be removed on the next release of python-fido2.
See https://github.com/Yubico/python-fido2/pull/64 and
https://github.com/Yubico/python-fido2/commit/19c86d5459931b8a76d1adc76420a8a1e0c0cf2e
--- setup.py.orig 2019-06-17 10:59:34 UTC
+++ setup.py
@@ -48,13 +48,14 @@ setup(
install_requires=[
'six',
'cryptography>=1.5',
+ 'uhid-freebsd>=1.2.1;platform_system=="FreeBSD"',
],
extras_require={
':python_version < "3.4"': ['enum34'],
'pcsc': ['pyscard']
},
test_suite='test',
- tests_require=['mock>=1.0.1', 'pyfakefs>=3.4'],
+ tests_require=['mock>=1.0.1', 'pyfakefs>=3.4;platform_system=="Linux"'],
classifiers=[
'License :: OSI Approved :: BSD License',
'License :: OSI Approved :: Apache Software License',
This was part of a pull request that has been merged upstream. Most likely
this patch can be removed on the next release of python-fido2.
See https://github.com/Yubico/python-fido2/pull/64 and
https://github.com/Yubico/python-fido2/commit/19c86d5459931b8a76d1adc76420a8a1e0c0cf2e
--- test/_pyu2f/freebsd_test.py.orig 2019-09-13 11:01:05 UTC
+++ test/_pyu2f/freebsd_test.py
@@ -0,0 +1,122 @@
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Tests for _pyu2f.hid.freebsd."""
+
+import base64
+import os
+import sys
+
+import six
+from six.moves import builtins
+from mock import patch
+
+if sys.platform.startswith('freebsd'):
+ from fido2._pyu2f import freebsd
+
+if sys.version_info[:2] < (2, 7):
+ import unittest2 as unittest # pylint: disable=g-import-not-at-top
+else:
+ import unittest # pylint: disable=g-import-not-at-top
+
+
+# These are base64 encoded report descriptors of a Yubico token
+# and a Logitech keyboard.
+YUBICO_RD = 'BtDxCQGhAQkgFQAm/wB1CJVAgQIJIRUAJv8AdQiVQJECwA=='
+KEYBOARD_RD = (
+ 'BQEJAqEBCQGhAAUJGQEpBRUAJQGVBXUBgQKVAXUDgQEFAQkwCTEJOBWBJX91CJUDgQbAwA==')
+
+
+class FakeUhidFreeBSDModule():
+ def enumerate(self):
+ return [{'device': 'uhid0',
+ 'path': '/dev/uhid0',
+ 'vendor_id': 0x046d,
+ 'product_id': 0xc31c,
+ 'product_desc': 'Logitech Keyboard'},
+ {'device': 'uhid1',
+ 'path': '/dev/uhid1',
+ 'vendor_id': 0x1050,
+ 'product_id': 0x0407,
+ 'product_desc': 'Yubico U2F'}]
+
+ def get_report_data(self, fd, unused_report_id):
+ if fd:
+ return base64.b64decode(YUBICO_RD)
+ else:
+ return base64.b64decode(KEYBOARD_RD)
+
+
+class FakeOsModule():
+ O_RDONLY = os.O_RDONLY
+ O_RDWR = os.O_RDWR
+ path = os.path
+
+ data_written = None
+ data_to_return = None
+
+ def open(self, path, unused_opts): # pylint: disable=invalid-name
+ if path.find('uhid1') >= 0:
+ return 1 # fd == 1 => magic number to return Yubikey RD below
+ else:
+ return 0
+
+ def write(self, unused_dev, data): # pylint: disable=invalid-name
+ self.data_written = data
+
+ def read(self, unused_dev, unused_length): # pylint: disable=invalid-name
+ return self.data_to_return
+
+ def close(self, unused_dev): # pylint: disable=invalid-name
+ pass
+
+
+@unittest.skipIf(not sys.platform.startswith('freebsd'),
+ 'FreeBSD specific test case')
+class FreeBSDTest(unittest.TestCase):
+ @patch('fido2._pyu2f.freebsd.os', FakeOsModule())
+ @patch('fido2._pyu2f.freebsd.uhid_freebsd', FakeUhidFreeBSDModule())
+ def testCallEnumerate(self):
+ devs = list(freebsd.FreeBSDHidDevice.Enumerate())
+ devs = sorted(devs, key=lambda k: k['vendor_id'])
+
+ self.assertEqual(len(devs), 2)
+ self.assertEqual(devs[0]['vendor_id'], 0x046d)
+ self.assertEqual(devs[0]['product_id'], 0xc31c)
+ self.assertEqual(devs[1]['vendor_id'], 0x1050)
+ self.assertEqual(devs[1]['product_id'], 0x0407)
+ self.assertEqual(devs[1]['usage_page'], 0xf1d0)
+ self.assertEqual(devs[1]['usage'], 1)
+
+ @patch('fido2._pyu2f.freebsd.uhid_freebsd', FakeUhidFreeBSDModule())
+ def testCallOpen(self):
+ fake_os = FakeOsModule()
+ with patch('fido2._pyu2f.linux.os', fake_os):
+ with patch('fido2._pyu2f.freebsd.os', fake_os):
+ dev = freebsd.FreeBSDHidDevice('/dev/uhid1')
+ self.assertEqual(dev.GetInReportDataLength(), 64)
+ self.assertEqual(dev.GetOutReportDataLength(), 64)
+
+ dev.Write(list(range(0, 64)))
+ # The HidDevice implementation prepends one zero-byte-packet
+ # (64 bytes) representing the report ID + padding
+ self.assertEqual(list(six.iterbytes(fake_os.data_written)),
+ [0]*64 + list(range(0, 64)))
+
+ fake_os.data_to_return = b'x' * 64
+ self.assertEqual(dev.Read(), [120] * 64) # chr(120) = 'x'
+
+
+if __name__ == '__main__':
+ unittest.main()
This was part of a pull request that has been merged upstream. Most likely
this patch can be removed on the next release of python-fido2.
See https://github.com/Yubico/python-fido2/pull/64 and
https://github.com/Yubico/python-fido2/commit/19c86d5459931b8a76d1adc76420a8a1e0c0cf2e
--- test/_pyu2f/linux_test.py.orig 2019-09-13 11:17:23 UTC
+++ test/_pyu2f/linux_test.py
@@ -27,7 +27,11 @@ from fido2._pyu2f import linux
try:
from pyfakefs import fake_filesystem # pylint: disable=g-import-not-at-top
except ImportError:
- from fakefs import fake_filesystem # pylint: disable=g-import-not-at-top
+ try:
+ from fakefs import fake_filesystem # pylint: disable=g-import-not-at-top
+ except ImportError:
+ if sys.platform.startswith('linux'):
+ raise
if sys.version_info[:2] < (2, 7):
import unittest2 as unittest # pylint: disable=g-import-not-at-top
@@ -71,6 +75,8 @@ class FakeDeviceOsModule(object):
return self.data_to_return
+@unittest.skipIf(not sys.platform.startswith('linux'),
+ 'Linux specific test case')
class LinuxTest(unittest.TestCase):
def setUp(self):
self.fs = fake_filesystem.FakeFilesystem()
This was part of a pull request that has been merged upstream. Most likely
this patch can be removed on the next release of python-fido2.
See https://github.com/Yubico/python-fido2/pull/64 and
https://github.com/Yubico/python-fido2/commit/19c86d5459931b8a76d1adc76420a8a1e0c0cf2e
--- test/_pyu2f/macos_test.py.orig 2018-07-04 13:27:36 UTC
+++ test/_pyu2f/macos_test.py
@@ -44,6 +44,8 @@ def init_mock_get_int_property(mock_get_int_property):
mock_get_int_property.return_value = 64
+@unittest.skipIf(not sys.platform.startswith('darwin'),
+ 'MacOS specific test case')
class MacOsTest(unittest.TestCase):
@classmethod
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment