hw/usb/u2f.c

   1 /*
   2  * U2F USB device.
   3  *
   4  * Copyright (c) 2020 César Belley <[email protected]>
   5  * Written by César Belley <[email protected]>
   6  *
   7  * Permission is hereby granted, free of charge, to any person obtaining a copy
   8  * of this software and associated documentation files (the "Software"), to deal
   9  * in the Software without restriction, including without limitation the rights
  10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11  * copies of the Software, and to permit persons to whom the Software is
  12  * furnished to do so, subject to the following conditions:
  13  *
  14  * The above copyright notice and this permission notice shall be included in
  15  * all copies or substantial portions of the Software.
  16  *
  17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  23  * THE SOFTWARE.
  24  */
  25
  26 #include "qemu/osdep.h"
  27 #include "qemu/module.h"
  28 #include "qapi/error.h"
  29 #include "hw/usb.h"
  30 #include "hw/usb/hid.h"
  31 #include "migration/vmstate.h"
  32 #include "desc.h"
  33
  34 #include "u2f.h"
  35
  36 /* U2F key Vendor / Product */
  37 #define U2F_KEY_VENDOR_NUM     0x46f4 /* CRC16() of "QEMU" */
  38 #define U2F_KEY_PRODUCT_NUM    0x0005
  39
  40 enum {
  41     STR_MANUFACTURER = 1,
  42     STR_PRODUCT,
  43     STR_SERIALNUMBER,
  44     STR_CONFIG,
  45     STR_INTERFACE
  46 };
  47
  48 static const USBDescStrings desc_strings = {
  49     [STR_MANUFACTURER]     = "QEMU",
  50     [STR_PRODUCT]          = "U2F USB key",
  51     [STR_SERIALNUMBER]     = "0",
  52     [STR_CONFIG]           = "U2F key config",
  53     [STR_INTERFACE]        = "U2F key interface"
  54 };
  55
  56 static const USBDescIface desc_iface_u2f_key = {
  57     .bInterfaceNumber              = 0,
  58     .bNumEndpoints                 = 2,
  59     .bInterfaceClass               = USB_CLASS_HID,
  60     .bInterfaceSubClass            = 0x0,
  61     .bInterfaceProtocol            = 0x0,
  62     .ndesc                         = 1,
  63     .descs = (USBDescOther[]) {
  64         {
  65             /* HID descriptor */
  66             .data = (uint8_t[]) {
  67                 0x09,          /*  u8  bLength */
  68                 USB_DT_HID,    /*  u8  bDescriptorType */
  69                 0x10, 0x01,    /*  u16 HID_class */
  70                 0x00,          /*  u8  country_code */
  71                 0x01,          /*  u8  num_descriptors */
  72                 USB_DT_REPORT, /*  u8  type: Report */
  73                 0x22, 0,       /*  u16 len */
  74             },
  75         },
  76     },
  77     .eps = (USBDescEndpoint[]) {
  78         {
  79             .bEndpointAddress      = USB_DIR_IN | 0x01,
  80             .bmAttributes          = USB_ENDPOINT_XFER_INT,
  81             .wMaxPacketSize        = U2FHID_PACKET_SIZE,
  82             .bInterval             = 0x05,
  83         }, {
  84             .bEndpointAddress      = USB_DIR_OUT | 0x01,
  85             .bmAttributes          = USB_ENDPOINT_XFER_INT,
  86             .wMaxPacketSize        = U2FHID_PACKET_SIZE,
  87             .bInterval             = 0x05,
  88         },
  89     },
  90
  91 };
  92
  93 static const USBDescDevice desc_device_u2f_key = {
  94     .bcdUSB                        = 0x0100,
  95     .bMaxPacketSize0               = U2FHID_PACKET_SIZE,
  96     .bNumConfigurations            = 1,
  97     .confs = (USBDescConfig[]) {
  98         {
  99             .bNumInterfaces        = 1,
 100             .bConfigurationValue   = 1,
 101             .iConfiguration        = STR_CONFIG,
 102             .bmAttributes          = USB_CFG_ATT_ONE,
 103             .bMaxPower             = 15,
 104             .nif = 1,
 105             .ifs = &desc_iface_u2f_key,
 106         },
 107     },
 108 };
 109
 110 static const USBDesc desc_u2f_key = {
 111     .id = {
 112         .idVendor          = U2F_KEY_VENDOR_NUM,
 113         .idProduct         = U2F_KEY_PRODUCT_NUM,
 114         .bcdDevice         = 0,
 115         .iManufacturer     = STR_MANUFACTURER,
 116         .iProduct          = STR_PRODUCT,
 117         .iSerialNumber     = STR_SERIALNUMBER,
 118     },
 119     .full = &desc_device_u2f_key,
 120     .str  = desc_strings,
 121 };
 122
 123 static const uint8_t u2f_key_hid_report_desc[] = {
 124     0x06, 0xd0, 0xf1, /* Usage Page (FIDO) */
 125     0x09, 0x01,       /* Usage (FIDO) */
 126     0xa1, 0x01,       /* Collection (HID Application) */
 127     0x09, 0x20,       /*    Usage (FIDO data in) */
 128     0x15, 0x00,       /*        Logical Minimum (0) */
 129     0x26, 0xFF, 0x00, /*        Logical Maximum (0xff) */
 130     0x75, 0x08,       /*        Report Size (8) */
 131     0x95, 0x40,       /*        Report Count (0x40) */
 132     0x81, 0x02,       /*        Input (Data, Variable, Absolute) */
 133     0x09, 0x21,       /*    Usage (FIDO data out) */
 134     0x15, 0x00,       /*        Logical Minimum (0) */
 135     0x26, 0xFF, 0x00, /*        Logical Maximum  (0xFF) */
 136     0x75, 0x08,       /*        Report Size (8) */
 137     0x95, 0x40,       /*        Report Count (0x40) */
 138     0x91, 0x02,       /*        Output (Data, Variable, Absolute) */
 139     0xC0              /* End Collection */
 140 };
 141
 142 static void u2f_key_reset(U2FKeyState *key)
 143 {
 144     key->pending_in_start = 0;
 145     key->pending_in_end = 0;
 146     key->pending_in_num = 0;
 147 }
 148
 149 static void u2f_key_handle_reset(USBDevice *dev)
 150 {
 151     U2FKeyState *key = U2F_KEY(dev);
 152
 153     u2f_key_reset(key);
 154 }
 155
 156 static void u2f_key_handle_control(USBDevice *dev, USBPacket *p,
 157                int request, int value, int index, int length, uint8_t *data)
 158 {
 159     U2FKeyState *key = U2F_KEY(dev);
 160     int ret;
 161
 162     ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
 163     if (ret >= 0) {
 164         return;
 165     }
 166
 167     switch (request) {
 168     case InterfaceRequest | USB_REQ_GET_DESCRIPTOR:
 169         switch (value >> 8) {
 170         case 0x22:
 171             memcpy(data, u2f_key_hid_report_desc,
 172                    sizeof(u2f_key_hid_report_desc));
 173             p->actual_length = sizeof(u2f_key_hid_report_desc);
 174             break;
 175         default:
 176             goto fail;
 177         }
 178         break;
 179     case HID_GET_IDLE:
 180         data[0] = key->idle;
 181         p->actual_length = 1;
 182         break;
 183     case HID_SET_IDLE:
 184         key->idle = (uint8_t)(value >> 8);
 185         break;
 186     default:
 187     fail:
 188         p->status = USB_RET_STALL;
 189         break;
 190     }
 191
 192 }
 193
 194 static void u2f_key_recv_from_guest(U2FKeyState *key, USBPacket *p)
 195 {
 196     U2FKeyClass *kc = U2F_KEY_GET_CLASS(key);
 197     uint8_t packet[U2FHID_PACKET_SIZE];
 198
 199     if (kc->recv_from_guest == NULL || p->iov.size != U2FHID_PACKET_SIZE) {
 200         return;
 201     }
 202
 203     usb_packet_copy(p, packet, p->iov.size);
 204     kc->recv_from_guest(key, packet);
 205 }
 206
 207 static void u2f_pending_in_add(U2FKeyState *key,
 208                                const uint8_t packet[U2FHID_PACKET_SIZE])
 209 {
 210     uint8_t index;
 211
 212     if (key->pending_in_num >= U2FHID_PENDING_IN_NUM) {
 213         return;
 214     }
 215
 216     index = key->pending_in_end;
 217     key->pending_in_end = (index + 1) % U2FHID_PENDING_IN_NUM;
 218     ++key->pending_in_num;
 219
 220     memcpy(key->pending_in[index], packet, U2FHID_PACKET_SIZE);
 221 }
 222
 223 static uint8_t *u2f_pending_in_get(U2FKeyState *key)
 224 {
 225     uint8_t index;
 226
 227     if (key->pending_in_num == 0) {
 228         return NULL;
 229     }
 230
 231     index = key->pending_in_start;
 232     key->pending_in_start = (index + 1) % U2FHID_PENDING_IN_NUM;
 233     --key->pending_in_num;
 234
 235     return key->pending_in[index];
 236 }
 237
 238 static void u2f_key_handle_data(USBDevice *dev, USBPacket *p)
 239 {
 240     U2FKeyState *key = U2F_KEY(dev);
 241     uint8_t *packet_in;
 242
 243     /* Endpoint number check */
 244     if (p->ep->nr != 1) {
 245         p->status = USB_RET_STALL;
 246         return;
 247     }
 248
 249     switch (p->pid) {
 250     case USB_TOKEN_OUT:
 251         u2f_key_recv_from_guest(key, p);
 252         break;
 253     case USB_TOKEN_IN:
 254         packet_in = u2f_pending_in_get(key);
 255         if (packet_in == NULL) {
 256             p->status = USB_RET_NAK;
 257             return;
 258         }
 259         usb_packet_copy(p, packet_in, U2FHID_PACKET_SIZE);
 260         break;
 261     default:
 262         p->status = USB_RET_STALL;
 263         break;
 264     }
 265 }
 266
 267 void u2f_send_to_guest(U2FKeyState *key,
 268                        const uint8_t packet[U2FHID_PACKET_SIZE])
 269 {
 270     u2f_pending_in_add(key, packet);
 271     usb_wakeup(key->ep, 0);
 272 }
 273
 274 static void u2f_key_unrealize(USBDevice *dev)
 275 {
 276     U2FKeyState *key = U2F_KEY(dev);
 277     U2FKeyClass *kc = U2F_KEY_GET_CLASS(key);
 278
 279     if (kc->unrealize != NULL) {
 280         kc->unrealize(key);
 281     }
 282 }
 283
 284 static void u2f_key_realize(USBDevice *dev, Error **errp)
 285 {
 286     U2FKeyState *key = U2F_KEY(dev);
 287     U2FKeyClass *kc = U2F_KEY_GET_CLASS(key);
 288     Error *local_err = NULL;
 289
 290     usb_desc_create_serial(dev);
 291     usb_desc_init(dev);
 292     u2f_key_reset(key);
 293
 294     if (kc->realize != NULL) {
 295         kc->realize(key, &local_err);
 296         if (local_err != NULL) {
 297             error_propagate(errp, local_err);
 298             return;
 299         }
 300     }
 301     key->ep = usb_ep_get(dev, USB_TOKEN_IN, 1);
 302 }
 303
 304 const VMStateDescription vmstate_u2f_key = {
 305     .name = "u2f-key",
 306     .version_id = 1,
 307     .minimum_version_id = 1,
 308     .fields = (VMStateField[]) {
 309         VMSTATE_USB_DEVICE(dev, U2FKeyState),
 310         VMSTATE_UINT8(idle, U2FKeyState),
 311         VMSTATE_UINT8_2DARRAY(pending_in, U2FKeyState,
 312             U2FHID_PENDING_IN_NUM, U2FHID_PACKET_SIZE),
 313         VMSTATE_UINT8(pending_in_start, U2FKeyState),
 314         VMSTATE_UINT8(pending_in_end, U2FKeyState),
 315         VMSTATE_UINT8(pending_in_num, U2FKeyState),
 316         VMSTATE_END_OF_LIST()
 317     }
 318 };
 319
 320 static void u2f_key_class_init(ObjectClass *klass, void *data)
 321 {
 322     DeviceClass *dc = DEVICE_CLASS(klass);
 323     USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
 324
 325     uc->product_desc   = "QEMU U2F USB key";
 326     uc->usb_desc       = &desc_u2f_key;
 327     uc->handle_reset   = u2f_key_handle_reset;
 328     uc->handle_control = u2f_key_handle_control;
 329     uc->handle_data    = u2f_key_handle_data;
 330     uc->handle_attach  = usb_desc_attach;
 331     uc->realize        = u2f_key_realize;
 332     uc->unrealize      = u2f_key_unrealize;
 333     dc->desc           = "QEMU U2F key";
 334     dc->vmsd           = &vmstate_u2f_key;
 335 }
 336
 337 static const TypeInfo u2f_key_info = {
 338     .name          = TYPE_U2F_KEY,
 339     .parent        = TYPE_USB_DEVICE,
 340     .instance_size = sizeof(U2FKeyState),
 341     .abstract      = true,
 342     .class_size    = sizeof(U2FKeyClass),
 343     .class_init    = u2f_key_class_init,
 344 };
 345
 346 static void u2f_key_register_types(void)
 347 {
 348     type_register_static(&u2f_key_info);
 349     usb_legacy_register(TYPE_U2F_KEY, "u2f-key", NULL);
 350 }
 351
 352 type_init(u2f_key_register_types)