diff options
author | César Belley <cesar.belley@lse.epita.fr> | 2020-08-26 13:42:08 +0200 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2020-08-31 08:23:39 +0200 |
commit | 4ee40a6b98c02b72fc5dd262df9d3ac8680d767b (patch) | |
tree | c1d100db86b90999dcb09734b220e227bde7060c | |
parent | dea01f66811b6963f306a7dcffe001fb4637662f (diff) | |
download | qemu-4ee40a6b98c02b72fc5dd262df9d3ac8680d767b.zip qemu-4ee40a6b98c02b72fc5dd262df9d3ac8680d767b.tar.gz qemu-4ee40a6b98c02b72fc5dd262df9d3ac8680d767b.tar.bz2 |
hw/usb: Add U2F device check to passthru mode
This patchs adds a check to verify that the device passed through the
hidraw property is a U2F device.
The check is done by ensuring that the first values of the report
descriptor (USAGE PAGE and USAGE) correspond to those of a U2F device.
Signed-off-by: César Belley <cesar.belley@lse.epita.fr>
Message-id: 20200826114209.28821-12-cesar.belley@lse.epita.fr
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-rw-r--r-- | hw/usb/u2f-passthru.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/hw/usb/u2f-passthru.c b/hw/usb/u2f-passthru.c index 52b4467..74d4ae6 100644 --- a/hw/usb/u2f-passthru.c +++ b/hw/usb/u2f-passthru.c @@ -34,6 +34,12 @@ #include "u2f.h" +#ifdef CONFIG_LIBUDEV +#include <libudev.h> +#endif +#include <linux/hidraw.h> +#include <sys/ioctl.h> + #define NONCE_SIZE 8 #define BROADCAST_CID 0xFFFFFFFF #define TRANSACTION_TIMEOUT 120000 @@ -344,6 +350,34 @@ static void u2f_passthru_recv_from_guest(U2FKeyState *base, } } +static bool u2f_passthru_is_u2f_device(int fd) +{ + int ret, rdesc_size; + struct hidraw_report_descriptor rdesc; + const uint8_t u2f_hid_report_desc_header[] = { + 0x06, 0xd0, 0xf1, /* Usage Page (FIDO) */ + 0x09, 0x01, /* Usage (FIDO) */ + }; + + /* Get report descriptor size */ + ret = ioctl(fd, HIDIOCGRDESCSIZE, &rdesc_size); + if (ret < 0 || rdesc_size < sizeof(u2f_hid_report_desc_header)) { + return false; + } + + /* Get report descriptor */ + memset(&rdesc, 0x0, sizeof(rdesc)); + rdesc.size = rdesc_size; + ret = ioctl(fd, HIDIOCGRDESC, &rdesc); + if (ret < 0) { + return false; + } + + /* Header bytes cover specific U2F rdesc values */ + return memcmp(u2f_hid_report_desc_header, rdesc.value, + sizeof(u2f_hid_report_desc_header)) == 0; +} + static void u2f_passthru_unrealize(U2FKeyState *base) { U2FPassthruState *key = PASSTHRU_U2F_KEY(base); @@ -368,6 +402,13 @@ static void u2f_passthru_realize(U2FKeyState *base, Error **errp) key->hidraw); return; } + + if (!u2f_passthru_is_u2f_device(fd)) { + qemu_close(fd); + error_setg(errp, "%s: Passed hidraw does not represent " + "a U2F HID device", TYPE_U2F_PASSTHRU); + return; + } key->hidraw_fd = fd; u2f_passthru_reset(key); } |