/* * U2F USB device. * * Copyright (c) 2020 César Belley <cesar.belley@lse.epita.fr> * Written by César Belley <cesar.belley@lse.epita.fr> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ #include "qemu/osdep.h" #include "qemu/module.h" #include "qapi/error.h" #include "hw/usb.h" #include "hw/usb/hid.h" #include "migration/vmstate.h" #include "desc.h" #include "u2f.h" /* U2F key Vendor / Product */ #define U2F_KEY_VENDOR_NUM 0x46f4 /* CRC16() of "QEMU" */ #define U2F_KEY_PRODUCT_NUM 0x0005 enum { STR_MANUFACTURER = 1, STR_PRODUCT, STR_SERIALNUMBER, STR_CONFIG, STR_INTERFACE }; static const USBDescStrings desc_strings = { [STR_MANUFACTURER] = "QEMU", [STR_PRODUCT] = "U2F USB key", [STR_SERIALNUMBER] = "0", [STR_CONFIG] = "U2F key config", [STR_INTERFACE] = "U2F key interface" }; static const USBDescIface desc_iface_u2f_key = { .bInterfaceNumber = 0, .bNumEndpoints = 2, .bInterfaceClass = USB_CLASS_HID, .bInterfaceSubClass = 0x0, .bInterfaceProtocol = 0x0, .ndesc = 1, .descs = (USBDescOther[]) { { /* HID descriptor */ .data = (uint8_t[]) { 0x09, /* u8 bLength */ USB_DT_HID, /* u8 bDescriptorType */ 0x10, 0x01, /* u16 HID_class */ 0x00, /* u8 country_code */ 0x01, /* u8 num_descriptors */ USB_DT_REPORT, /* u8 type: Report */ 0x22, 0, /* u16 len */ }, }, }, .eps = (USBDescEndpoint[]) { { .bEndpointAddress = USB_DIR_IN | 0x01, .bmAttributes = USB_ENDPOINT_XFER_INT, .wMaxPacketSize = U2FHID_PACKET_SIZE, .bInterval = 0x05, }, { .bEndpointAddress = USB_DIR_OUT | 0x01, .bmAttributes = USB_ENDPOINT_XFER_INT, .wMaxPacketSize = U2FHID_PACKET_SIZE, .bInterval = 0x05, }, }, }; static const USBDescDevice desc_device_u2f_key = { .bcdUSB = 0x0100, .bMaxPacketSize0 = U2FHID_PACKET_SIZE, .bNumConfigurations = 1, .confs = (USBDescConfig[]) { { .bNumInterfaces = 1, .bConfigurationValue = 1, .iConfiguration = STR_CONFIG, .bmAttributes = USB_CFG_ATT_ONE, .bMaxPower = 15, .nif = 1, .ifs = &desc_iface_u2f_key, }, }, }; static const USBDesc desc_u2f_key = { .id = { .idVendor = U2F_KEY_VENDOR_NUM, .idProduct = U2F_KEY_PRODUCT_NUM, .bcdDevice = 0, .iManufacturer = STR_MANUFACTURER, .iProduct = STR_PRODUCT, .iSerialNumber = STR_SERIALNUMBER, }, .full = &desc_device_u2f_key, .str = desc_strings, }; static const uint8_t u2f_key_hid_report_desc[] = { 0x06, 0xd0, 0xf1, /* Usage Page (FIDO) */ 0x09, 0x01, /* Usage (FIDO) */ 0xa1, 0x01, /* Collection (HID Application) */ 0x09, 0x20, /* Usage (FIDO data in) */ 0x15, 0x00, /* Logical Minimum (0) */ 0x26, 0xFF, 0x00, /* Logical Maximum (0xff) */ 0x75, 0x08, /* Report Size (8) */ 0x95, 0x40, /* Report Count (0x40) */ 0x81, 0x02, /* Input (Data, Variable, Absolute) */ 0x09, 0x21, /* Usage (FIDO data out) */ 0x15, 0x00, /* Logical Minimum (0) */ 0x26, 0xFF, 0x00, /* Logical Maximum (0xFF) */ 0x75, 0x08, /* Report Size (8) */ 0x95, 0x40, /* Report Count (0x40) */ 0x91, 0x02, /* Output (Data, Variable, Absolute) */ 0xC0 /* End Collection */ }; static void u2f_key_reset(U2FKeyState *key) { key->pending_in_start = 0; key->pending_in_end = 0; key->pending_in_num = 0; } static void u2f_key_handle_reset(USBDevice *dev) { U2FKeyState *key = U2F_KEY(dev); u2f_key_reset(key); } static void u2f_key_handle_control(USBDevice *dev, USBPacket *p, int request, int value, int index, int length, uint8_t *data) { U2FKeyState *key = U2F_KEY(dev); int ret; ret = usb_desc_handle_control(dev, p, request, value, index, length, data); if (ret >= 0) { return; } switch (request) { case InterfaceRequest | USB_REQ_GET_DESCRIPTOR: switch (value >> 8) { case 0x22: memcpy(data, u2f_key_hid_report_desc, sizeof(u2f_key_hid_report_desc)); p->actual_length = sizeof(u2f_key_hid_report_desc); break; default: goto fail; } break; case HID_GET_IDLE: data[0] = key->idle; p->actual_length = 1; break; case HID_SET_IDLE: key->idle = (uint8_t)(value >> 8); break; default: fail: p->status = USB_RET_STALL; break; } } static void u2f_key_recv_from_guest(U2FKeyState *key, USBPacket *p) { U2FKeyClass *kc = U2F_KEY_GET_CLASS(key); uint8_t packet[U2FHID_PACKET_SIZE]; if (kc->recv_from_guest == NULL || p->iov.size != U2FHID_PACKET_SIZE) { return; } usb_packet_copy(p, packet, p->iov.size); kc->recv_from_guest(key, packet); } static void u2f_pending_in_add(U2FKeyState *key, const uint8_t packet[U2FHID_PACKET_SIZE]) { uint8_t index; if (key->pending_in_num >= U2FHID_PENDING_IN_NUM) { return; } index = key->pending_in_end; key->pending_in_end = (index + 1) % U2FHID_PENDING_IN_NUM; ++key->pending_in_num; memcpy(key->pending_in[index], packet, U2FHID_PACKET_SIZE); } static uint8_t *u2f_pending_in_get(U2FKeyState *key) { uint8_t index; if (key->pending_in_num == 0) { return NULL; } index = key->pending_in_start; key->pending_in_start = (index + 1) % U2FHID_PENDING_IN_NUM; --key->pending_in_num; return key->pending_in[index]; } static void u2f_key_handle_data(USBDevice *dev, USBPacket *p) { U2FKeyState *key = U2F_KEY(dev); uint8_t *packet_in; /* Endpoint number check */ if (p->ep->nr != 1) { p->status = USB_RET_STALL; return; } switch (p->pid) { case USB_TOKEN_OUT: u2f_key_recv_from_guest(key, p); break; case USB_TOKEN_IN: packet_in = u2f_pending_in_get(key); if (packet_in == NULL) { p->status = USB_RET_NAK; return; } usb_packet_copy(p, packet_in, U2FHID_PACKET_SIZE); break; default: p->status = USB_RET_STALL; break; } } void u2f_send_to_guest(U2FKeyState *key, const uint8_t packet[U2FHID_PACKET_SIZE]) { u2f_pending_in_add(key, packet); usb_wakeup(key->ep, 0); } static void u2f_key_unrealize(USBDevice *dev) { U2FKeyState *key = U2F_KEY(dev); U2FKeyClass *kc = U2F_KEY_GET_CLASS(key); if (kc->unrealize != NULL) { kc->unrealize(key); } } static void u2f_key_realize(USBDevice *dev, Error **errp) { U2FKeyState *key = U2F_KEY(dev); U2FKeyClass *kc = U2F_KEY_GET_CLASS(key); Error *local_err = NULL; usb_desc_create_serial(dev); usb_desc_init(dev); u2f_key_reset(key); if (kc->realize != NULL) { kc->realize(key, &local_err); if (local_err != NULL) { error_propagate(errp, local_err); return; } } key->ep = usb_ep_get(dev, USB_TOKEN_IN, 1); } const VMStateDescription vmstate_u2f_key = { .name = "u2f-key", .version_id = 1, .minimum_version_id = 1, .fields = (VMStateField[]) { VMSTATE_USB_DEVICE(dev, U2FKeyState), VMSTATE_UINT8(idle, U2FKeyState), VMSTATE_UINT8_2DARRAY(pending_in, U2FKeyState, U2FHID_PENDING_IN_NUM, U2FHID_PACKET_SIZE), VMSTATE_UINT8(pending_in_start, U2FKeyState), VMSTATE_UINT8(pending_in_end, U2FKeyState), VMSTATE_UINT8(pending_in_num, U2FKeyState), VMSTATE_END_OF_LIST() } }; static void u2f_key_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); USBDeviceClass *uc = USB_DEVICE_CLASS(klass); uc->product_desc = "QEMU U2F USB key"; uc->usb_desc = &desc_u2f_key; uc->handle_reset = u2f_key_handle_reset; uc->handle_control = u2f_key_handle_control; uc->handle_data = u2f_key_handle_data; uc->handle_attach = usb_desc_attach; uc->realize = u2f_key_realize; uc->unrealize = u2f_key_unrealize; dc->desc = "QEMU U2F key"; dc->vmsd = &vmstate_u2f_key; } static const TypeInfo u2f_key_info = { .name = TYPE_U2F_KEY, .parent = TYPE_USB_DEVICE, .instance_size = sizeof(U2FKeyState), .abstract = true, .class_size = sizeof(U2FKeyClass), .class_init = u2f_key_class_init, }; static void u2f_key_register_types(void) { type_register_static(&u2f_key_info); } type_init(u2f_key_register_types)