1 /* 2 * USB descriptor handling functions for libusb 3 * Copyright (C) 2007 Daniel Drake <dsd (at) gentoo.org> 4 * Copyright (c) 2001 Johannes Erdfelt <johannes (at) erdfelt.com> 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 19 */ 20 21 #include <errno.h> 22 #include <stdlib.h> 23 #include <string.h> 24 25 #include "libusbi.h" 26 27 #define DESC_HEADER_LENGTH 2 28 #define DEVICE_DESC_LENGTH 18 29 #define CONFIG_DESC_LENGTH 9 30 #define INTERFACE_DESC_LENGTH 9 31 #define ENDPOINT_DESC_LENGTH 7 32 #define ENDPOINT_AUDIO_DESC_LENGTH 9 33 34 /** @defgroup desc USB descriptors 35 * This page details how to examine the various standard USB descriptors 36 * for detected devices 37 */ 38 39 /* set host_endian if the w values are already in host endian format, 40 * as opposed to bus endian. */ 41 int usbi_parse_descriptor(unsigned char *source, char *descriptor, void *dest, 42 int host_endian) 43 { 44 unsigned char *sp = source, *dp = dest; 45 uint16_t w; 46 char *cp; 47 48 for (cp = descriptor; *cp; cp++) { 49 switch (*cp) { 50 case 'b': /* 8-bit byte */ 51 *dp++ = *sp++; 52 break; 53 case 'w': /* 16-bit word, convert from little endian to CPU */ 54 dp += ((unsigned long)dp & 1); /* Align to word boundary */ 55 56 if (host_endian) { 57 memcpy(dp, sp, 2); 58 } else { 59 w = (sp[1] << 8) | sp[0]; 60 *((uint16_t *)dp) = w; 61 } 62 sp += 2; 63 dp += 2; 64 break; 65 } 66 } 67 68 return sp - source; 69 } 70 71 static void clear_endpoint(struct libusb_endpoint_descriptor *endpoint) 72 { 73 if (endpoint->extra) 74 free((unsigned char *) endpoint->extra); 75 } 76 77 static int parse_endpoint(struct libusb_context *ctx, 78 struct libusb_endpoint_descriptor *endpoint, unsigned char *buffer, 79 int size, int host_endian) 80 { 81 struct usb_descriptor_header header; 82 unsigned char *extra; 83 unsigned char *begin; 84 int parsed = 0; 85 int len; 86 87 usbi_parse_descriptor(buffer, "bb", &header, 0); 88 89 /* Everything should be fine being passed into here, but we sanity */ 90 /* check JIC */ 91 if (header.bLength > size) { 92 usbi_err(ctx, "ran out of descriptors parsing"); 93 return -1; 94 } 95 96 if (header.bDescriptorType != LIBUSB_DT_ENDPOINT) { 97 usbi_err(ctx, "unexpected descriptor %x (expected %x)", 98 header.bDescriptorType, LIBUSB_DT_ENDPOINT); 99 return parsed; 100 } 101 102 if (header.bLength >= ENDPOINT_AUDIO_DESC_LENGTH) 103 usbi_parse_descriptor(buffer, "bbbbwbbb", endpoint, host_endian); 104 else if (header.bLength >= ENDPOINT_DESC_LENGTH) 105 usbi_parse_descriptor(buffer, "bbbbwb", endpoint, host_endian); 106 107 buffer += header.bLength; 108 size -= header.bLength; 109 parsed += header.bLength; 110 111 /* Skip over the rest of the Class Specific or Vendor Specific */ 112 /* descriptors */ 113 begin = buffer; 114 while (size >= DESC_HEADER_LENGTH) { 115 usbi_parse_descriptor(buffer, "bb", &header, 0); 116 117 if (header.bLength < 2) { 118 usbi_err(ctx, "invalid descriptor length %d", header.bLength); 119 return -1; 120 } 121 122 /* If we find another "proper" descriptor then we're done */ 123 if ((header.bDescriptorType == LIBUSB_DT_ENDPOINT) || 124 (header.bDescriptorType == LIBUSB_DT_INTERFACE) || 125 (header.bDescriptorType == LIBUSB_DT_CONFIG) || 126 (header.bDescriptorType == LIBUSB_DT_DEVICE)) 127 break; 128 129 usbi_dbg("skipping descriptor %x", header.bDescriptorType); 130 buffer += header.bLength; 131 size -= header.bLength; 132 parsed += header.bLength; 133 } 134 135 /* Copy any unknown descriptors into a storage area for drivers */ 136 /* to later parse */ 137 len = (int)(buffer - begin); 138 if (!len) { 139 endpoint->extra = NULL; 140 endpoint->extra_length = 0; 141 return parsed; 142 } 143 144 extra = malloc(len); 145 endpoint->extra = extra; 146 if (!extra) { 147 endpoint->extra_length = 0; 148 return LIBUSB_ERROR_NO_MEM; 149 } 150 151 memcpy(extra, begin, len); 152 endpoint->extra_length = len; 153 154 return parsed; 155 } 156 157 static void clear_interface(struct libusb_interface *interface) 158 { 159 int i; 160 int j; 161 162 if (interface->altsetting) { 163 for (i = 0; i < interface->num_altsetting; i++) { 164 struct libusb_interface_descriptor *ifp = 165 (struct libusb_interface_descriptor *) 166 interface->altsetting + i; 167 if (ifp->extra) 168 free((void *) ifp->extra); 169 if (ifp->endpoint) { 170 for (j = 0; j < ifp->bNumEndpoints; j++) 171 clear_endpoint((struct libusb_endpoint_descriptor *) 172 ifp->endpoint + j); 173 free((void *) ifp->endpoint); 174 } 175 } 176 free((void *) interface->altsetting); 177 interface->altsetting = NULL; 178 } 179 180 } 181 182 static int parse_interface(libusb_context *ctx, 183 struct libusb_interface *interface, unsigned char *buffer, int size, 184 int host_endian) 185 { 186 int i; 187 int len; 188 int r; 189 int parsed = 0; 190 int tmp; 191 struct usb_descriptor_header header; 192 struct libusb_interface_descriptor *ifp; 193 unsigned char *begin; 194 195 interface->num_altsetting = 0; 196 197 while (size >= INTERFACE_DESC_LENGTH) { 198 struct libusb_interface_descriptor *altsetting = 199 (struct libusb_interface_descriptor *) interface->altsetting; 200 altsetting = realloc(altsetting, 201 sizeof(struct libusb_interface_descriptor) * 202 (interface->num_altsetting + 1)); 203 if (!altsetting) { 204 r = LIBUSB_ERROR_NO_MEM; 205 goto err; 206 } 207 interface->altsetting = altsetting; 208 209 ifp = altsetting + interface->num_altsetting; 210 interface->num_altsetting++; 211 usbi_parse_descriptor(buffer, "bbbbbbbbb", ifp, 0); 212 ifp->extra = NULL; 213 ifp->extra_length = 0; 214 ifp->endpoint = NULL; 215 216 /* Skip over the interface */ 217 buffer += ifp->bLength; 218 parsed += ifp->bLength; 219 size -= ifp->bLength; 220 221 begin = buffer; 222 223 /* Skip over any interface, class or vendor descriptors */ 224 while (size >= DESC_HEADER_LENGTH) { 225 usbi_parse_descriptor(buffer, "bb", &header, 0); 226 if (header.bLength < 2) { 227 usbi_err(ctx, "invalid descriptor of length %d", 228 header.bLength); 229 r = LIBUSB_ERROR_IO; 230 goto err; 231 } 232 233 /* If we find another "proper" descriptor then we're done */ 234 if ((header.bDescriptorType == LIBUSB_DT_INTERFACE) || 235 (header.bDescriptorType == LIBUSB_DT_ENDPOINT) || 236 (header.bDescriptorType == LIBUSB_DT_CONFIG) || 237 (header.bDescriptorType == LIBUSB_DT_DEVICE)) 238 break; 239 240 buffer += header.bLength; 241 parsed += header.bLength; 242 size -= header.bLength; 243 } 244 245 /* Copy any unknown descriptors into a storage area for */ 246 /* drivers to later parse */ 247 len = (int)(buffer - begin); 248 if (len) { 249 ifp->extra = malloc(len); 250 if (!ifp->extra) { 251 r = LIBUSB_ERROR_NO_MEM; 252 goto err; 253 } 254 memcpy((unsigned char *) ifp->extra, begin, len); 255 ifp->extra_length = len; 256 } 257 258 /* Did we hit an unexpected descriptor? */ 259 usbi_parse_descriptor(buffer, "bb", &header, 0); 260 if ((size >= DESC_HEADER_LENGTH) && 261 ((header.bDescriptorType == LIBUSB_DT_CONFIG) || 262 (header.bDescriptorType == LIBUSB_DT_DEVICE))) 263 return parsed; 264 265 if (ifp->bNumEndpoints > USB_MAXENDPOINTS) { 266 usbi_err(ctx, "too many endpoints (%d)", ifp->bNumEndpoints); 267 r = LIBUSB_ERROR_IO; 268 goto err; 269 } 270 271 if (ifp->bNumEndpoints > 0) { 272 struct libusb_endpoint_descriptor *endpoint; 273 tmp = ifp->bNumEndpoints * sizeof(struct libusb_endpoint_descriptor); 274 endpoint = malloc(tmp); 275 ifp->endpoint = endpoint; 276 if (!endpoint) { 277 r = LIBUSB_ERROR_NO_MEM; 278 goto err; 279 } 280 281 memset(endpoint, 0, tmp); 282 for (i = 0; i < ifp->bNumEndpoints; i++) { 283 usbi_parse_descriptor(buffer, "bb", &header, 0); 284 285 if (header.bLength > size) { 286 usbi_err(ctx, "ran out of descriptors parsing"); 287 r = LIBUSB_ERROR_IO; 288 goto err; 289 } 290 291 r = parse_endpoint(ctx, endpoint + i, buffer, size, 292 host_endian); 293 if (r < 0) 294 goto err; 295 296 buffer += r; 297 parsed += r; 298 size -= r; 299 } 300 } 301 302 /* We check to see if it's an alternate to this one */ 303 ifp = (struct libusb_interface_descriptor *) buffer; 304 if (size < LIBUSB_DT_INTERFACE_SIZE || 305 ifp->bDescriptorType != LIBUSB_DT_INTERFACE || 306 !ifp->bAlternateSetting) 307 return parsed; 308 } 309 310 return parsed; 311 err: 312 clear_interface(interface); 313 return r; 314 } 315 316 static void clear_configuration(struct libusb_config_descriptor *config) 317 { 318 if (config->interface) { 319 int i; 320 for (i = 0; i < config->bNumInterfaces; i++) 321 clear_interface((struct libusb_interface *) 322 config->interface + i); 323 free((void *) config->interface); 324 } 325 if (config->extra) 326 free((void *) config->extra); 327 } 328 329 static int parse_configuration(struct libusb_context *ctx, 330 struct libusb_config_descriptor *config, unsigned char *buffer, 331 int host_endian) 332 { 333 int i; 334 int r; 335 int size; 336 int tmp; 337 struct usb_descriptor_header header; 338 struct libusb_interface *interface; 339 340 usbi_parse_descriptor(buffer, "bbwbbbbb", config, host_endian); 341 size = config->wTotalLength; 342 343 if (config->bNumInterfaces > USB_MAXINTERFACES) { 344 usbi_err(ctx, "too many interfaces (%d)", config->bNumInterfaces); 345 return LIBUSB_ERROR_IO; 346 } 347 348 tmp = config->bNumInterfaces * sizeof(struct libusb_interface); 349 interface = malloc(tmp); 350 config->interface = interface; 351 if (!config->interface) 352 return LIBUSB_ERROR_NO_MEM; 353 354 memset(interface, 0, tmp); 355 buffer += config->bLength; 356 size -= config->bLength; 357 358 config->extra = NULL; 359 config->extra_length = 0; 360 361 for (i = 0; i < config->bNumInterfaces; i++) { 362 int len; 363 unsigned char *begin; 364 365 /* Skip over the rest of the Class Specific or Vendor */ 366 /* Specific descriptors */ 367 begin = buffer; 368 while (size >= DESC_HEADER_LENGTH) { 369 usbi_parse_descriptor(buffer, "bb", &header, 0); 370 371 if ((header.bLength > size) || 372 (header.bLength < DESC_HEADER_LENGTH)) { 373 usbi_err(ctx, "invalid descriptor length of %d", 374 header.bLength); 375 r = LIBUSB_ERROR_IO; 376 goto err; 377 } 378 379 /* If we find another "proper" descriptor then we're done */ 380 if ((header.bDescriptorType == LIBUSB_DT_ENDPOINT) || 381 (header.bDescriptorType == LIBUSB_DT_INTERFACE) || 382 (header.bDescriptorType == LIBUSB_DT_CONFIG) || 383 (header.bDescriptorType == LIBUSB_DT_DEVICE)) 384 break; 385 386 usbi_dbg("skipping descriptor 0x%x\n", header.bDescriptorType); 387 buffer += header.bLength; 388 size -= header.bLength; 389 } 390 391 /* Copy any unknown descriptors into a storage area for */ 392 /* drivers to later parse */ 393 len = (int)(buffer - begin); 394 if (len) { 395 /* FIXME: We should realloc and append here */ 396 if (!config->extra_length) { 397 config->extra = malloc(len); 398 if (!config->extra) { 399 r = LIBUSB_ERROR_NO_MEM; 400 goto err; 401 } 402 403 memcpy((unsigned char *) config->extra, begin, len); 404 config->extra_length = len; 405 } 406 } 407 408 r = parse_interface(ctx, interface + i, buffer, size, host_endian); 409 if (r < 0) 410 goto err; 411 412 buffer += r; 413 size -= r; 414 } 415 416 return size; 417 418 err: 419 clear_configuration(config); 420 return r; 421 } 422 423 /** \ingroup desc 424 * Get the USB device descriptor for a given device. 425 * 426 * This is a non-blocking function; the device descriptor is cached in memory. 427 * 428 * \param dev the device 429 * \param desc output location for the descriptor data 430 * \returns 0 on success or a LIBUSB_ERROR code on failure 431 */ 432 API_EXPORTED int libusb_get_device_descriptor(libusb_device *dev, 433 struct libusb_device_descriptor *desc) 434 { 435 unsigned char raw_desc[DEVICE_DESC_LENGTH]; 436 int host_endian = 0; 437 int r; 438 439 usbi_dbg(""); 440 r = usbi_backend->get_device_descriptor(dev, raw_desc, &host_endian); 441 if (r < 0) 442 return r; 443 444 memcpy((unsigned char *) desc, raw_desc, sizeof(raw_desc)); 445 if (!host_endian) { 446 desc->bcdUSB = libusb_le16_to_cpu(desc->bcdUSB); 447 desc->idVendor = libusb_le16_to_cpu(desc->idVendor); 448 desc->idProduct = libusb_le16_to_cpu(desc->idProduct); 449 desc->bcdDevice = libusb_le16_to_cpu(desc->bcdDevice); 450 } 451 return 0; 452 } 453 454 /** \ingroup desc 455 * Get the USB configuration descriptor for the currently active configuration. 456 * This is a non-blocking function which does not involve any requests being 457 * sent to the device. 458 * 459 * \param dev a device 460 * \param config output location for the USB configuration descriptor. Only 461 * valid if 0 was returned. Must be freed with libusb_free_config_descriptor() 462 * after use. 463 * \returns 0 on success 464 * \returns LIBUSB_ERROR_NOT_FOUND if the device is in unconfigured state 465 * \returns another LIBUSB_ERROR code on error 466 * \see libusb_get_config_descriptor 467 */ 468 API_EXPORTED int libusb_get_active_config_descriptor(libusb_device *dev, 469 struct libusb_config_descriptor **config) 470 { 471 struct libusb_config_descriptor *_config = malloc(sizeof(*_config)); 472 unsigned char tmp[8]; 473 unsigned char *buf = NULL; 474 int host_endian = 0; 475 int r; 476 477 usbi_dbg(""); 478 if (!_config) 479 return LIBUSB_ERROR_NO_MEM; 480 481 r = usbi_backend->get_active_config_descriptor(dev, tmp, sizeof(tmp), 482 &host_endian); 483 if (r < 0) 484 goto err; 485 486 usbi_parse_descriptor(tmp, "bbw", _config, host_endian); 487 buf = malloc(_config->wTotalLength); 488 if (!buf) { 489 r = LIBUSB_ERROR_NO_MEM; 490 goto err; 491 } 492 493 r = usbi_backend->get_active_config_descriptor(dev, buf, 494 _config->wTotalLength, &host_endian); 495 if (r < 0) 496 goto err; 497 498 r = parse_configuration(dev->ctx, _config, buf, host_endian); 499 if (r < 0) { 500 usbi_err(dev->ctx, "parse_configuration failed with error %d", r); 501 goto err; 502 } else if (r > 0) { 503 usbi_warn(dev->ctx, "descriptor data still left"); 504 } 505 506 free(buf); 507 *config = _config; 508 return 0; 509 510 err: 511 free(_config); 512 if (buf) 513 free(buf); 514 return r; 515 } 516 517 /** \ingroup desc 518 * Get a USB configuration descriptor based on its index. 519 * This is a non-blocking function which does not involve any requests being 520 * sent to the device. 521 * 522 * \param dev a device 523 * \param config_index the index of the configuration you wish to retrieve 524 * \param config output location for the USB configuration descriptor. Only 525 * valid if 0 was returned. Must be freed with libusb_free_config_descriptor() 526 * after use. 527 * \returns 0 on success 528 * \returns LIBUSB_ERROR_NOT_FOUND if the configuration does not exist 529 * \returns another LIBUSB_ERROR code on error 530 * \see libusb_get_active_config_descriptor() 531 * \see libusb_get_config_descriptor_by_value() 532 */ 533 API_EXPORTED int libusb_get_config_descriptor(libusb_device *dev, 534 uint8_t config_index, struct libusb_config_descriptor **config) 535 { 536 struct libusb_config_descriptor *_config; 537 unsigned char tmp[8]; 538 unsigned char *buf = NULL; 539 int host_endian = 0; 540 int r; 541 542 usbi_dbg("index %d", config_index); 543 if (config_index >= dev->num_configurations) 544 return LIBUSB_ERROR_NOT_FOUND; 545 546 _config = malloc(sizeof(*_config)); 547 if (!_config) 548 return LIBUSB_ERROR_NO_MEM; 549 550 r = usbi_backend->get_config_descriptor(dev, config_index, tmp, 551 sizeof(tmp), &host_endian); 552 if (r < 0) 553 goto err; 554 555 usbi_parse_descriptor(tmp, "bbw", _config, host_endian); 556 buf = malloc(_config->wTotalLength); 557 if (!buf) { 558 r = LIBUSB_ERROR_NO_MEM; 559 goto err; 560 } 561 562 host_endian = 0; 563 r = usbi_backend->get_config_descriptor(dev, config_index, buf, 564 _config->wTotalLength, &host_endian); 565 if (r < 0) 566 goto err; 567 568 r = parse_configuration(dev->ctx, _config, buf, host_endian); 569 if (r < 0) { 570 usbi_err(dev->ctx, "parse_configuration failed with error %d", r); 571 goto err; 572 } else if (r > 0) { 573 usbi_warn(dev->ctx, "descriptor data still left"); 574 } 575 576 free(buf); 577 *config = _config; 578 return 0; 579 580 err: 581 free(_config); 582 if (buf) 583 free(buf); 584 return r; 585 } 586 587 /* iterate through all configurations, returning the index of the configuration 588 * matching a specific bConfigurationValue in the idx output parameter, or -1 589 * if the config was not found. 590 * returns 0 or a LIBUSB_ERROR code 591 */ 592 int usbi_get_config_index_by_value(struct libusb_device *dev, 593 uint8_t bConfigurationValue, int *idx) 594 { 595 int i; 596 597 usbi_dbg("value %d", bConfigurationValue); 598 for (i = 0; i < dev->num_configurations; i++) { 599 unsigned char tmp[6]; 600 int host_endian; 601 int r = usbi_backend->get_config_descriptor(dev, i, tmp, sizeof(tmp), 602 &host_endian); 603 if (r < 0) 604 return r; 605 if (tmp[5] == bConfigurationValue) { 606 *idx = i; 607 return 0; 608 } 609 } 610 611 *idx = -1; 612 return 0; 613 } 614 615 /** \ingroup desc 616 * Get a USB configuration descriptor with a specific bConfigurationValue. 617 * This is a non-blocking function which does not involve any requests being 618 * sent to the device. 619 * 620 * \param dev a device 621 * \param bConfigurationValue the bConfigurationValue of the configuration you 622 * wish to retrieve 623 * \param config output location for the USB configuration descriptor. Only 624 * valid if 0 was returned. Must be freed with libusb_free_config_descriptor() 625 * after use. 626 * \returns 0 on success 627 * \returns LIBUSB_ERROR_NOT_FOUND if the configuration does not exist 628 * \returns another LIBUSB_ERROR code on error 629 * \see libusb_get_active_config_descriptor() 630 * \see libusb_get_config_descriptor() 631 */ 632 API_EXPORTED int libusb_get_config_descriptor_by_value(libusb_device *dev, 633 uint8_t bConfigurationValue, struct libusb_config_descriptor **config) 634 { 635 int idx; 636 int r = usbi_get_config_index_by_value(dev, bConfigurationValue, &idx); 637 if (r < 0) 638 return r; 639 else if (idx == -1) 640 return LIBUSB_ERROR_NOT_FOUND; 641 else 642 return libusb_get_config_descriptor(dev, idx, config); 643 } 644 645 /** \ingroup desc 646 * Free a configuration descriptor obtained from 647 * libusb_get_active_config_descriptor() or libusb_get_config_descriptor(). 648 * It is safe to call this function with a NULL config parameter, in which 649 * case the function simply returns. 650 * 651 * \param config the configuration descriptor to free 652 */ 653 API_EXPORTED void libusb_free_config_descriptor( 654 struct libusb_config_descriptor *config) 655 { 656 if (!config) 657 return; 658 659 clear_configuration(config); 660 free(config); 661 } 662 663 /** \ingroup desc 664 * Retrieve a string descriptor in C style ASCII. 665 * 666 * Wrapper around libusb_get_string_descriptor(). Uses the first language 667 * supported by the device. 668 * 669 * \param dev a device handle 670 * \param desc_index the index of the descriptor to retrieve 671 * \param data output buffer for ASCII string descriptor 672 * \param length size of data buffer 673 * \returns number of bytes returned in data, or LIBUSB_ERROR code on failure 674 */ 675 API_EXPORTED int libusb_get_string_descriptor_ascii(libusb_device_handle *dev, 676 uint8_t desc_index, unsigned char *data, int length) 677 { 678 unsigned char tbuf[255]; /* Some devices choke on size > 255 */ 679 int r, langid, si, di; 680 681 /* Asking for the zero'th index is special - it returns a string 682 * descriptor that contains all the language IDs supported by the device. 683 * Typically there aren't many - often only one. The language IDs are 16 684 * bit numbers, and they start at the third byte in the descriptor. See 685 * USB 2.0 specification section 9.6.7 for more information. */ 686 r = libusb_get_string_descriptor(dev, 0, 0, tbuf, sizeof(tbuf)); 687 if (r < 0) 688 return r; 689 690 if (r < 4) 691 return LIBUSB_ERROR_IO; 692 693 langid = tbuf[2] | (tbuf[3] << 8); 694 695 r = libusb_get_string_descriptor(dev, desc_index, langid, tbuf, 696 sizeof(tbuf)); 697 if (r < 0) 698 return r; 699 700 if (tbuf[1] != LIBUSB_DT_STRING) 701 return LIBUSB_ERROR_IO; 702 703 if (tbuf[0] > r) 704 return LIBUSB_ERROR_IO; 705 706 for (di = 0, si = 2; si < tbuf[0]; si += 2) { 707 if (di >= (length - 1)) 708 break; 709 710 if (tbuf[si + 1]) /* high byte */ 711 data[di++] = '?'; 712 else 713 data[di++] = tbuf[si]; 714 } 715 716 data[di] = 0; 717 return di; 718 } 719 720
