Add fido(4), a HID driver for FIDO/U2F security keys

While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access.  Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.
It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser.  Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process.  This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems.  With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.
With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead.  The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.
With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits

src/etc/MAKEDEV.common

@@ -1,4 +1,4 @@
-vers(a, {-$OpenBSD: MAKEDEV.common,v 1.105 2019/12/14 05:05:46 deraadt Exp $-})dnl
+vers(a, {-$OpenBSD: MAKEDEV.common,v 1.106 2019/12/17 13:08:54 reyk Exp $-})dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
 dnl
@@ -177,6 +177,7 @@ __devitem(ramdisk, ramdisk, Ramdisk kernel devices,nothing)dnl
 dnl
 target(usb, usb, 0, 1, 2, 3, 4, 5, 6, 7)dnl
 target(usb, uhid, 0, 1, 2, 3, 4, 5, 6, 7)dnl
+twrget(usb, fido, fido)dnl
 target(usb, ulpt, 0, 1)dnl
 target(usb, ugen, 0, 1, 2, 3, 4, 5, 6, 7)dnl
 target(usb, ttyU, 0, 1, 2, 3)dnl
@@ -357,6 +358,10 @@ _mkdev({-usb-}, usb*, {-[ "$i" = "usb" ] && u= || u=$U
 	M usb$u c major_usb_c $U 640-})dnl
 __devitem(uhid, uhid*, Generic HID devices)dnl
 _mcdev({-uhid-}, uhid*, {-uhid-}, {-major_uhid_c-}, 600)dnl
+__devitem(fido, fido, fido/* nodes, fd)dnl
+_mkdev(fido, fido, {-RMlist[${#RMlist[*]}]=";mkdir -p fido;rm -f" n=0
+	while [ $n -lt 4 ];do M fido/$n c major_fido_c $n 666;n=Add($n, 1);done
+	MKlist[${#MKlist[*]}]=";chmod 555 fido"-})dnl
 __devitem(ulpt, ulpt*, Printer devices)dnl
 _mcdev({-ulpt-}, ulpt*, {-ulpt-}, {-major_ulpt_c-}, 600)dnl
 __devitem(ttyU, ttyU*, USB serial ports,ucom)dnl

src/etc/etc.alpha/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,alpha)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.71 2017/11/02 14:04:24 mpi Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.72 2019/12/17 13:08:54 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -55,6 +55,7 @@ _DEV(ttyU, 49)
 _DEV(uall)
 _DEV(ugen, 48)
 _DEV(uhid, 46)
+_DEV(fido, 70)
 _DEV(ulpt, 47)
 _DEV(usb, 45)
 _TITLE(spec)

src/etc/etc.amd64/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,amd64)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.71 2019/12/13 21:03:57 deraadt Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.72 2019/12/17 13:08:54 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -59,6 +59,7 @@ _DEV(ttyU, 66)
 _DEV(uall)
 _DEV(ugen, 63)
 _DEV(uhid, 62)
+_DEV(fido, 98)
 _DEV(ulpt, 64)
 _DEV(usb, 61)
 _TITLE(spec)

src/etc/etc.arm64/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,arm64)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.3 2018/08/20 16:07:39 kettenis Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.4 2019/12/17 13:08:55 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -51,6 +51,7 @@ _DEV(ttyU, 66)
 _DEV(uall)
 _DEV(ugen, 63)
 _DEV(uhid, 62)
+_DEV(fido, 98)
 _DEV(ulpt, 64)
 _DEV(usb, 61)
 _TITLE(spec)

src/etc/etc.armv7/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,armv7)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.14 2016/09/04 15:38:59 naddy Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.15 2019/12/17 13:08:55 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2004 Todd T. Fries <todd@OpenBSD.org>
@@ -60,6 +60,7 @@ _DEV(ttyU, 68)
 _DEV(uall)
 _DEV(ugen, 70)
 _DEV(uhid, 65)
+_DEV(fido, 106)
 _DEV(ulpt, 66)
 _DEV(usb, 64)
 _TITLE(spec)

src/etc/etc.hppa/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,hppa)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.60 2016/09/04 15:38:59 naddy Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.61 2019/12/17 13:08:55 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -53,6 +53,7 @@ _TITLE(usb)
 _DEV(uall)
 _DEV(usb, 40)
 _DEV(uhid, 41)
+_DEV(fido, 61)
 _DEV(ugen, 42)
 _DEV(ulpt, 43)
 _DEV(ttyU, 45)

src/etc/etc.i386/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,i386)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.86 2019/12/13 21:03:57 deraadt Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.87 2019/12/17 13:08:55 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -60,6 +60,7 @@ _DEV(ttyU, 66)
 _DEV(uall)
 _DEV(ugen, 63)
 _DEV(uhid, 62)
+_DEV(fido, 98)
 _DEV(ulpt, 64)
 _DEV(usb, 61)
 _TITLE(spec)

src/etc/etc.landisk/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,landisk)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.43 2016/09/11 19:59:53 deraadt Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.44 2019/12/17 13:08:55 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2004 Todd T. Fries <todd@OpenBSD.org>
@@ -64,6 +64,7 @@ _DEV(ttyU, 68)
 _DEV(uall)
 _DEV(ugen, 70)
 _DEV(uhid, 65)
+_DEV(fido, 106)
 _DEV(ulpt, 66)
 _DEV(usb, 64)
 _TITLE(spec)

src/etc/etc.loongson/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,loongson)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.27 2017/05/21 13:00:53 visa Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.28 2019/12/17 13:08:56 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -59,6 +59,7 @@ _DEV(ttyU, 66)
 _DEV(uall)
 _DEV(ugen, 63)
 _DEV(uhid, 62)
+_DEV(fido, 88)
 _DEV(ulpt, 64)
 _DEV(usb, 61)
 _TITLE(spec)

src/etc/etc.macppc/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,macppc)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.70 2016/09/11 19:59:53 deraadt Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.71 2019/12/17 13:08:56 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -69,6 +69,7 @@ _DEV(uall)
 _DEV(ttyU, 66)
 _DEV(ugen, 63)
 _DEV(uhid, 62)
+_DEV(fido, 90)
 _DEV(ulpt, 64)
 _DEV(usb, 61)
 _TITLE(spec)

src/etc/etc.octeon/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,octeon)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.14 2019/07/17 14:36:31 visa Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.15 2019/12/17 13:08:56 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -65,6 +65,8 @@ _TITLE(usb)
 _DEV(ttyU, 66)
 _DEV(uall)
 _DEV(usb, 61)
+_DEV(uhid, 62)
+_DEV(fido, 76)
 _TITLE(spec)
 _DEV(au, 44)
 _DEV(bio, 49)

src/etc/etc.sgi/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,sgi)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.49 2016/09/11 19:59:54 deraadt Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.50 2019/12/17 13:08:56 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -68,6 +68,7 @@ _DEV(ttyU, 66)
 _DEV(uall)
 _DEV(ugen, 63)
 _DEV(uhid, 62)
+_DEV(fido, 76)
 _DEV(ulpt, 64)
 _DEV(usb, 61)
 _TITLE(spec)

src/etc/etc.sparc64/MAKEDEV.md

@@ -1,6 +1,6 @@
 define(MACHINE,sparc64)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.88 2019/10/20 16:31:10 kettenis Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.89 2019/12/17 13:08:56 reyk Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -103,6 +103,7 @@ _DEV(ttyU, 95)
 _DEV(uall)
 _DEV(ugen, 92)
 _DEV(uhid, 91)
+_DEV(fido, 137)
 _DEV(ulpt, 93)
 _DEV(usb, 90)
 _TITLE(spec)