From patchwork Wed Aug 12 09:41:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9sar_Belley?= X-Patchwork-Id: 276708 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76569C433DF for ; Wed, 12 Aug 2020 09:43:54 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3FC0C2076B for ; Wed, 12 Aug 2020 09:43:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=lse.epita.fr header.i=@lse.epita.fr header.b="Xlvk/cTH" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3FC0C2076B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lse.epita.fr Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:58928 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5nIX-0003V1-Dq for qemu-devel@archiver.kernel.org; Wed, 12 Aug 2020 05:43:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42258) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHS-00022d-EK for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:46 -0400 Received: from gate-2.cri.epita.net ([163.5.55.20]:40864 helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHQ-0006kH-BE for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:46 -0400 Received: from MattGorko-Laptop.localdomain (unknown [78.194.154.81]) (Authenticated sender: cesar.belley) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id 2C5DB4150B; Wed, 12 Aug 2020 11:42:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lse.epita.fr; s=cri; t=1597225363; bh=mXjkHDuBA2Pelp7FvLqsvotpGAVI+Oj+eqQ5xB79ZVs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Xlvk/cTHYNzxQP3ZauXx6odIb4WJK1dEADQYWb2ITyIx/IFc5D4ykBSfsvlDiCVW9 oVwhyNA36YMPx2C6hP5DgyD+zt+vB34o89QnPUByTIbKC3D7etpB+CFRN14WQVb5td 7T3XiDtAgCBFcqD984xK7idOaQiEco/ZlRiXWWT8= From: =?utf-8?q?C=C3=A9sar_Belley?= To: qemu-devel@nongnu.org Subject: [PATCH 02/13] docs: Add USB U2F key device documentation Date: Wed, 12 Aug 2020 11:41:24 +0200 Message-Id: <20200812094135.20550-3-cesar.belley@lse.epita.fr> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200812094135.20550-1-cesar.belley@lse.epita.fr> References: <20200812094135.20550-1-cesar.belley@lse.epita.fr> MIME-Version: 1.0 Received-SPF: pass client-ip=163.5.55.20; envelope-from=srs0=nna4=bw=lse.epita.fr=cesar.belley@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/12 05:42:10 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9sar_Belley?= , kraxel@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Add USB U2F key device documentation: - USB U2F key device - Building - Using u2f-emulated - Using u2f-passthru - Libu2f-emu Signed-off-by: César Belley --- docs/u2f.txt | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 docs/u2f.txt diff --git a/docs/u2f.txt b/docs/u2f.txt new file mode 100644 index 0000000000..f60052882e --- /dev/null +++ b/docs/u2f.txt @@ -0,0 +1,101 @@ +QEMU U2F Key Device Documentation. + +Contents +1. USB U2F key device +2. Building +3. Using u2f-emulated +4. Using u2f-passthru +5. Libu2f-emu + +1. USB U2F key device + +U2F is an open authentication standard that enables relying parties +exposed to the internet to offer a strong second factor option for end +user authentication. + +The standard brings many advantages to both parties, client and server, +allowing to reduce over-reliance on passwords, it increases authentication +security and simplifies passwords. + +The second factor is materialized by a device implementing the U2F +protocol. In case of a USB U2F security key, it is a USB HID device +that implements the U2F protocol. + +In Qemu, the USB U2F key device offers a dedicated support of U2F, allowing +guest USB FIDO/U2F security keys operating in two possible modes: +pass-through and emulated. + +The pass-through mode consists of passing all requests made from the guest +to the physical security key connected to the host machine and vice versa. +In addition, the dedicated pass-through allows to have a U2F security key +shared on several guests which is not possible with a simple host device +assignment pass-through. + +The emulated mode consists of completely emulating the behavior of an +U2F device through software part. Libu2f-emu is used for that. + + +2. Building + +To ensure the build of the u2f-emulated device variant which depends +on libu2f-emu: configuring and building: + + ./configure --enable-u2f && make + + +3. Using u2f-emulated + +To work, an emulated U2F device must have four elements: + * ec x509 certificate + * ec private key + * counter (four bytes value) + * 48 bytes of entropy (random bits) + +To use this type of device, this one has to be configured, and these +four elements must be passed one way or another. + +Assuming that you have a working libu2f-emu installed on the host. +There are three possible ways of configurations: + * ephemeral + * setup directory + * manual + +Ephemeral is the simplest way to configure, it lets the device generate +all the elements it needs for a single use of the lifetime of the device. + + qemu -usb -device u2f-emulated + +Setup directory allows to configure the device from a directory containing +four files: + * certificate.pem: ec x509 certificate + * private-key.pem: ec private key + * counter: counter value + * entropy: 48 bytes of entropy + + qemu -usb -device u2f-emulated,dir=$dir + +Manual allows to configure the device more finely by specifying each +of the elements necessary for the device: + * cert + * priv + * counter + * entropy + + qemu -usb -device u2f-emulated,cert=$DIR1/$FILE1,priv=$DIR2/$FILE2,counter=$DIR3/$FILE3,entropy=$DIR4/$FILE4 + + +4. Using u2f-passthru + +On the host specify the u2f-passthru device with a suitable hidraw: + + qemu -usb -device u2f-passthru,hidraw=/dev/hidraw0 + + +5. Libu2f-emu + +The u2f-emulated device uses libu2f-emu for the U2F key emulation. Libu2f-emu +implements completely the U2F protocol device part for all specified +transport given by the FIDO Alliance. + +For more information about libu2f-emu see this page: +https://github.com/MattGorko/libu2f-emu. From patchwork Wed Aug 12 09:41:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9sar_Belley?= X-Patchwork-Id: 276704 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8DA78C433E0 for ; Wed, 12 Aug 2020 09:47:53 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 574ED206DA for ; Wed, 12 Aug 2020 09:47:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=lse.epita.fr header.i=@lse.epita.fr header.b="lhWDm20z" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 574ED206DA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lse.epita.fr Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:50840 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5nMO-0003BR-HJ for qemu-devel@archiver.kernel.org; Wed, 12 Aug 2020 05:47:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42334) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHV-00027T-K4 for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:49 -0400 Received: from gate-2.cri.epita.net ([163.5.55.20]:40898 helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHT-0006ke-JE for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:49 -0400 Received: from MattGorko-Laptop.localdomain (unknown [78.194.154.81]) (Authenticated sender: cesar.belley) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id 6805C415D0; Wed, 12 Aug 2020 11:42:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lse.epita.fr; s=cri; t=1597225366; bh=OwWkOjwGw8qMrqElR6CbRqgks5m18RhNVLutqbUrZ10=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lhWDm20zG6hkvgf2ZsA86j8yYTktzX5X2MRqzJacoRgYDj3UACg5LpzasAb+j51YK NXCOTWBevVR8SIySVd2yHykmONOULqfJW5KKadOgqF099uOHOMqxNKzI6UHFa7CR3B P0uExhTbWloC4PEC22wmR937kA0oa7A+2zHHv8SU= From: =?utf-8?q?C=C3=A9sar_Belley?= To: qemu-devel@nongnu.org Subject: [PATCH 07/13] hw/usb: Add U2F key build recipe Date: Wed, 12 Aug 2020 11:41:29 +0200 Message-Id: <20200812094135.20550-8-cesar.belley@lse.epita.fr> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200812094135.20550-1-cesar.belley@lse.epita.fr> References: <20200812094135.20550-1-cesar.belley@lse.epita.fr> MIME-Version: 1.0 Received-SPF: pass client-ip=163.5.55.20; envelope-from=srs0=nna4=bw=lse.epita.fr=cesar.belley@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/12 05:42:10 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9sar_Belley?= , kraxel@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: César Belley --- hw/usb/Kconfig | 5 +++++ hw/usb/Makefile.objs | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/hw/usb/Kconfig b/hw/usb/Kconfig index 5e63dc75f8..3fc8fbe3c7 100644 --- a/hw/usb/Kconfig +++ b/hw/usb/Kconfig @@ -96,6 +96,11 @@ config USB_STORAGE_MTP default y depends on USB +config USB_U2F + bool + default y + depends on USB + config IMX_USBPHY bool default y diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs index e342ff59fa..7842a3175f 100644 --- a/hw/usb/Makefile.objs +++ b/hw/usb/Makefile.objs @@ -37,6 +37,13 @@ smartcard.mo-libs := $(SMARTCARD_LIBS) endif endif +ifeq ($(CONFIG_USB_U2F),y) +common-obj-y += u2f.o u2f-passthru.o +common-obj-$(CONFIG_U2F) += u2f-emulated.o +u2f-emulated.o-cflags = $(U2F_CFLAGS) +u2f-emulated.o-libs = $(U2F_LIBS) +endif + ifeq ($(CONFIG_POSIX),y) common-obj-$(CONFIG_USB_STORAGE_MTP) += dev-mtp.o endif From patchwork Wed Aug 12 09:41:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9sar_Belley?= X-Patchwork-Id: 276706 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2350FC433E0 for ; Wed, 12 Aug 2020 09:45:24 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DD83B2078B for ; Wed, 12 Aug 2020 09:45:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=lse.epita.fr header.i=@lse.epita.fr header.b="NDeLpgV6" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DD83B2078B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lse.epita.fr Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:39094 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5nJw-0006rP-Vs for qemu-devel@archiver.kernel.org; Wed, 12 Aug 2020 05:45:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42344) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHV-00027p-Qj for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:49 -0400 Received: from gate-2.cri.epita.net ([163.5.55.20]:40906 helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHU-0006kk-3P for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:49 -0400 Received: from MattGorko-Laptop.localdomain (unknown [78.194.154.81]) (Authenticated sender: cesar.belley) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id CDDBA415D1; Wed, 12 Aug 2020 11:42:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lse.epita.fr; s=cri; t=1597225366; bh=iKIh0pVXn2xcd5xyw+MbSBYuutfq5VrL5AOyRI9zABo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NDeLpgV64JD0+biihEOHvtimcV+M2KW1v4dSKw01hqlitzCFi5kwj2MHX4n2+cT/H TlqXVDDcrl0T+1IRcw0dIZ7bRbQagFiHiAyMajpGE3eztqjUP5tVhoZDc2tnmAJPH8 9LlrHbkA81W+MpGl2fb/3q5U49EKwB/F3SBsbR4s= From: =?utf-8?q?C=C3=A9sar_Belley?= To: qemu-devel@nongnu.org Subject: [PATCH 08/13] configure: Add USB U2F key device Date: Wed, 12 Aug 2020 11:41:30 +0200 Message-Id: <20200812094135.20550-9-cesar.belley@lse.epita.fr> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200812094135.20550-1-cesar.belley@lse.epita.fr> References: <20200812094135.20550-1-cesar.belley@lse.epita.fr> MIME-Version: 1.0 Received-SPF: pass client-ip=163.5.55.20; envelope-from=srs0=nna4=bw=lse.epita.fr=cesar.belley@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/12 05:42:10 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9sar_Belley?= , kraxel@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: César Belley --- configure | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/configure b/configure index 2acc4d1465..3ea5e561ff 100755 --- a/configure +++ b/configure @@ -447,6 +447,7 @@ trace_file="trace" spice="" rbd="" smartcard="" +u2f="" libusb="" usb_redir="" opengl="" @@ -1390,6 +1391,10 @@ for opt do ;; --enable-smartcard) smartcard="yes" ;; + --disable-u2f) u2f="no" + ;; + --enable-u2f) u2f="yes" + ;; --disable-libusb) libusb="no" ;; --enable-libusb) libusb="yes" @@ -1899,6 +1904,7 @@ disabled with --disable-FEATURE, default is enabled if available: libiscsi iscsi support libnfs nfs support smartcard smartcard support (libcacard) + u2f U2F support (u2f-emu) libusb libusb (for usb passthrough) live-block-migration Block migration in the main migration stream usb-redir usb network redirection support @@ -5250,6 +5256,20 @@ if test "$smartcard" != "no"; then fi fi +# check for u2f support +if test "$u2f" != "no"; then + if $pkg_config --atleast-version=0.0.0 u2f-emu; then + u2f_emu_cflags=$($pkg_config --cflags u2f-emu) + u2f_emu_libs=$($pkg_config --libs u2f-emu) + u2f="yes" + else + if test "$u2f" = "yes"; then + feature_not_found "u2f" "Install u2f-emu" + fi + u2f="no" + fi +fi + # check for libusb if test "$libusb" != "no" ; then if $pkg_config --atleast-version=1.0.13 libusb-1.0; then @@ -6965,6 +6985,7 @@ echo "spice support $spice $(echo_version $spice $spice_protocol_version/$sp echo "rbd support $rbd" echo "xfsctl support $xfs" echo "smartcard support $smartcard" +echo "U2F support $u2f" echo "libusb $libusb" echo "usb net redir $usb_redir" echo "OpenGL support $opengl" @@ -7543,6 +7564,12 @@ if test "$smartcard" = "yes" ; then echo "SMARTCARD_LIBS=$libcacard_libs" >> $config_host_mak fi +if test "$u2f" = "yes" ; then + echo "CONFIG_U2F=y" >> $config_host_mak + echo "U2F_CFLAGS=$u2f_emu_cflags" >> $config_host_mak + echo "U2F_LIBS=$u2f_emu_libs" >> $config_host_mak +fi + if test "$libusb" = "yes" ; then echo "CONFIG_USB_LIBUSB=y" >> $config_host_mak echo "LIBUSB_CFLAGS=$libusb_cflags" >> $config_host_mak From patchwork Wed Aug 12 09:41:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9sar_Belley?= X-Patchwork-Id: 276703 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42465C433E0 for ; Wed, 12 Aug 2020 09:48:56 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 199D0206DA for ; Wed, 12 Aug 2020 09:48:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=lse.epita.fr header.i=@lse.epita.fr header.b="Q5UC67kC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 199D0206DA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lse.epita.fr Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:55238 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5nNN-0004wL-Dg for qemu-devel@archiver.kernel.org; Wed, 12 Aug 2020 05:48:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42360) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHW-0002A0-OM for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:50 -0400 Received: from gate-2.cri.epita.net ([163.5.55.20]:40914 helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHU-0006kv-Iw for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:50 -0400 Received: from MattGorko-Laptop.localdomain (unknown [78.194.154.81]) (Authenticated sender: cesar.belley) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id 46881415D3; Wed, 12 Aug 2020 11:42:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lse.epita.fr; s=cri; t=1597225367; bh=nQhKuNn3MwH4gOHTPOjyBvj9K5iVBhe1uEtgY1+8Dds=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Q5UC67kC3sPeKVpsvMKfubX7sxVYbflAj2bIxZXQ41jMkeHavtdjgbmnrARCORPuk OfWuDNpIZ2x/om5ShUTXFO/CblzJpl1ve7g1+Au2HDQLY35/DBaAA7WpBiyv7GkAS0 J54jEE7udcmn6pvfayZj9lvptkwvSwNdXre79npo= From: =?utf-8?q?C=C3=A9sar_Belley?= To: qemu-devel@nongnu.org Subject: [PATCH 09/13] docs/system: Add U2F key to the USB devices examples Date: Wed, 12 Aug 2020 11:41:31 +0200 Message-Id: <20200812094135.20550-10-cesar.belley@lse.epita.fr> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200812094135.20550-1-cesar.belley@lse.epita.fr> References: <20200812094135.20550-1-cesar.belley@lse.epita.fr> MIME-Version: 1.0 Received-SPF: pass client-ip=163.5.55.20; envelope-from=srs0=nna4=bw=lse.epita.fr=cesar.belley@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/12 05:42:10 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9sar_Belley?= , kraxel@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: César Belley --- docs/system/usb.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/system/usb.rst b/docs/system/usb.rst index ddfa828d74..9a2f1927c4 100644 --- a/docs/system/usb.rst +++ b/docs/system/usb.rst @@ -81,6 +81,9 @@ option or the ``device_add`` monitor command. Available devices are: ``usb-audio`` USB audio device +``u2f-{emulated,passthru}`` + Universal Second Factor device + .. _host_005fusb_005fdevices: Using host USB devices on a Linux host From patchwork Wed Aug 12 09:41:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9sar_Belley?= X-Patchwork-Id: 276705 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4B42C433DF for ; Wed, 12 Aug 2020 09:46:56 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7F968206DA for ; Wed, 12 Aug 2020 09:46:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=lse.epita.fr header.i=@lse.epita.fr header.b="PctUKOVZ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7F968206DA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lse.epita.fr Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:46968 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5nLT-0001co-OF for qemu-devel@archiver.kernel.org; Wed, 12 Aug 2020 05:46:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42364) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHX-0002AZ-1G for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:51 -0400 Received: from gate-2.cri.epita.net ([163.5.55.20]:40922 helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHV-0006l3-0u for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:42:50 -0400 Received: from MattGorko-Laptop.localdomain (unknown [78.194.154.81]) (Authenticated sender: cesar.belley) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id B6C1D41626; Wed, 12 Aug 2020 11:42:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lse.epita.fr; s=cri; t=1597225367; bh=/33EairxGlE32NvdntSN+rcwZBT7otF2vHwM46qIMbY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PctUKOVZwaaSLZJF7LvJIZgANaYBau6S1A31MCklsIDmWsu0GCf8IUgtennr11Oxb TBrGY6Aw+WWYNKdIla58JVdgw0yYdGbbjqDG5VNRd2OArZPtCdZs9sxlqa45EGNOsC GV3uEVFI6RuFGNAAgjL6ZZQVqzwAnIsuji8wyCE4= From: =?utf-8?q?C=C3=A9sar_Belley?= To: qemu-devel@nongnu.org Subject: [PATCH 10/13] docs/qdev-device-use.txt: Add USB U2F key to the QDEV devices examples Date: Wed, 12 Aug 2020 11:41:32 +0200 Message-Id: <20200812094135.20550-11-cesar.belley@lse.epita.fr> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200812094135.20550-1-cesar.belley@lse.epita.fr> References: <20200812094135.20550-1-cesar.belley@lse.epita.fr> MIME-Version: 1.0 Received-SPF: pass client-ip=163.5.55.20; envelope-from=srs0=nna4=bw=lse.epita.fr=cesar.belley@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/12 05:42:10 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9sar_Belley?= , kraxel@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: César Belley --- docs/qdev-device-use.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/qdev-device-use.txt b/docs/qdev-device-use.txt index f8d0d2fe29..9889521e3c 100644 --- a/docs/qdev-device-use.txt +++ b/docs/qdev-device-use.txt @@ -325,6 +325,7 @@ The new way is -device DEVNAME,DEV-OPTS... Details depend on DRIVER: * mouse -device usb-mouse * tablet -device usb-tablet * wacom-tablet -device usb-wacom-tablet +* u2f -device u2f-{emulated,passthru} * braille See "Character Devices" === Watchdog Devices === From patchwork Wed Aug 12 09:41:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9sar_Belley?= X-Patchwork-Id: 276702 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C87B0C433DF for ; Wed, 12 Aug 2020 09:50:44 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9540320656 for ; Wed, 12 Aug 2020 09:50:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=lse.epita.fr header.i=@lse.epita.fr header.b="AQfasbRM" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9540320656 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lse.epita.fr Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:60870 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5nP9-0007C5-SZ for qemu-devel@archiver.kernel.org; Wed, 12 Aug 2020 05:50:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42426) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHi-0002cE-T4 for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:43:02 -0400 Received: from gate-2.cri.epita.net ([163.5.55.20]:40946 helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHh-0006lg-6E for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:43:02 -0400 Received: from MattGorko-Laptop.localdomain (unknown [78.194.154.81]) (Authenticated sender: cesar.belley) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id E6E374164D; Wed, 12 Aug 2020 11:42:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lse.epita.fr; s=cri; t=1597225370; bh=RLnUtD/+mod6UMn4qFWenlCvbunKQ/1rGU60kiDcrQU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AQfasbRM4XbmbdIw32fVm5DD01tlKZ+tBywFpznWQ2+Ufs0e56HTMKUORg2YcLG3f g2XQSl4jDl+l2aGLBEzLhZjFaxf+l4y/TY4vY7Kyt03BlrCfU7edCX2UgzYP2H5icR ZMyO8wlsb3qev0SxfWBb4gNM429SQz2wPUlNRSgk= From: =?utf-8?q?C=C3=A9sar_Belley?= To: qemu-devel@nongnu.org Subject: [PATCH 12/13] hw/usb: Add U2F device check to passthru mode Date: Wed, 12 Aug 2020 11:41:34 +0200 Message-Id: <20200812094135.20550-13-cesar.belley@lse.epita.fr> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200812094135.20550-1-cesar.belley@lse.epita.fr> References: <20200812094135.20550-1-cesar.belley@lse.epita.fr> MIME-Version: 1.0 Received-SPF: pass client-ip=163.5.55.20; envelope-from=srs0=nna4=bw=lse.epita.fr=cesar.belley@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/12 05:42:10 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9sar_Belley?= , kraxel@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This patchs adds a check to verify that the device passed through the hidraw property is a U2F device. The check is done by ensuring that the first values of the report descriptor (USAGE PAGE and USAGE) correspond to those of a U2F device. Signed-off-by: César Belley --- hw/usb/Makefile.objs | 3 ++- hw/usb/u2f-passthru.c | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs index 7842a3175f..9e7e1f33a5 100644 --- a/hw/usb/Makefile.objs +++ b/hw/usb/Makefile.objs @@ -38,7 +38,8 @@ endif endif ifeq ($(CONFIG_USB_U2F),y) -common-obj-y += u2f.o u2f-passthru.o +common-obj-y += u2f.o +common-obj-$(CONFIG_LINUX) += u2f-passthru.o common-obj-$(CONFIG_U2F) += u2f-emulated.o u2f-emulated.o-cflags = $(U2F_CFLAGS) u2f-emulated.o-libs = $(U2F_LIBS) diff --git a/hw/usb/u2f-passthru.c b/hw/usb/u2f-passthru.c index 106b5abf9e..f8771966c7 100644 --- a/hw/usb/u2f-passthru.c +++ b/hw/usb/u2f-passthru.c @@ -34,6 +34,12 @@ #include "u2f.h" +#ifdef CONFIG_LIBUDEV +#include +#endif +#include +#include + #define NONCE_SIZE 8 #define BROADCAST_CID 0xFFFFFFFF #define TRANSACTION_TIMEOUT 120000 @@ -344,6 +350,34 @@ static void u2f_passthru_recv_from_guest(U2FKeyState *base, } } +static bool u2f_passthru_is_u2f_device(int fd) +{ + int ret, rdesc_size; + struct hidraw_report_descriptor rdesc; + const uint8_t u2f_hid_report_desc_header[] = { + 0x06, 0xd0, 0xf1, /* Usage Page (FIDO) */ + 0x09, 0x01, /* Usage (FIDO) */ + }; + + /* Get report descriptor size */ + ret = ioctl(fd, HIDIOCGRDESCSIZE, &rdesc_size); + if (ret < 0 || rdesc_size < sizeof(u2f_hid_report_desc_header)) { + return false; + } + + /* Get report descriptor */ + memset(&rdesc, 0x0, sizeof(rdesc)); + rdesc.size = rdesc_size; + ret = ioctl(fd, HIDIOCGRDESC, &rdesc); + if (ret < 0) { + return false; + } + + /* Header bytes cover specific U2F rdesc values */ + return memcmp(u2f_hid_report_desc_header, rdesc.value, + sizeof(u2f_hid_report_desc_header)) == 0; +} + static void u2f_passthru_unrealize(U2FKeyState *base) { U2FPassthruState *key = PASSTHRU_U2F_KEY(base); @@ -368,6 +402,13 @@ static void u2f_passthru_realize(U2FKeyState *base, Error **errp) key->hidraw); return; } + + if (!u2f_passthru_is_u2f_device(fd)) { + qemu_close(fd); + error_setg(errp, "%s: Passed hidraw does not represent " + "a U2F HID device", TYPE_U2F_PASSTHRU); + return; + } key->hidraw_fd = fd; u2f_passthru_reset(key); } From patchwork Wed Aug 12 09:41:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?C=C3=A9sar_Belley?= X-Patchwork-Id: 276707 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4312FC433E0 for ; Wed, 12 Aug 2020 09:44:14 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0640F2076B for ; Wed, 12 Aug 2020 09:44:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=lse.epita.fr header.i=@lse.epita.fr header.b="K65okR0d" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0640F2076B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lse.epita.fr Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:60944 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k5nIr-0004JE-5e for qemu-devel@archiver.kernel.org; Wed, 12 Aug 2020 05:44:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42436) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHk-0002fH-6W for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:43:04 -0400 Received: from gate-2.cri.epita.net ([163.5.55.20]:40958 helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5nHi-0006m0-Cn for qemu-devel@nongnu.org; Wed, 12 Aug 2020 05:43:03 -0400 Received: from MattGorko-Laptop.localdomain (unknown [78.194.154.81]) (Authenticated sender: cesar.belley) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id 1C0F841650; Wed, 12 Aug 2020 11:42:51 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lse.epita.fr; s=cri; t=1597225371; bh=Ow7xcEFoIVZtKJHJ+ktqJJGcAh/fPblGHYCgJTwkcXc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K65okR0dK0nJdLRbL0BfgKynviQlyA3rLQLOHOI3ptuCraxQ9uZKs8mmkg4AmTDlb HzRaBKJL3bg/Yb+60sq2WKKOrBWWGixzQgJSGuJCAMxAeimTOAjhBaw5Rn8JC7fIrB EvwCWS08l1b+/o7XZ/JbWaTq8Hfo3rjkCwXD8x88= From: =?utf-8?q?C=C3=A9sar_Belley?= To: qemu-devel@nongnu.org Subject: [PATCH 13/13] hw/usb: Add U2F device autoscan to passthru mode Date: Wed, 12 Aug 2020 11:41:35 +0200 Message-Id: <20200812094135.20550-14-cesar.belley@lse.epita.fr> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200812094135.20550-1-cesar.belley@lse.epita.fr> References: <20200812094135.20550-1-cesar.belley@lse.epita.fr> MIME-Version: 1.0 Received-SPF: pass client-ip=163.5.55.20; envelope-from=srs0=nna4=bw=lse.epita.fr=cesar.belley@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/12 05:42:10 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?C=C3=A9sar_Belley?= , kraxel@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This patch adds an autoscan to let u2f-passthru choose the first U2F device it finds. The autoscan is performed using libudev with an enumeration of all the hidraw devices present on the host. The first device which happens to be a U2F device is taken to do the pass-through. Signed-off-by: César Belley --- docs/u2f.txt | 9 ++++ hw/usb/Makefile.objs | 1 + hw/usb/u2f-passthru.c | 113 +++++++++++++++++++++++++++++++++++++----- 3 files changed, 110 insertions(+), 13 deletions(-) diff --git a/docs/u2f.txt b/docs/u2f.txt index f60052882e..8f44994818 100644 --- a/docs/u2f.txt +++ b/docs/u2f.txt @@ -42,6 +42,10 @@ on libu2f-emu: configuring and building: ./configure --enable-u2f && make +The pass-through mode is built by default on Linux. To take advantage +of the autoscan option it provides, make sure you have a working libudev +installed on the host. + 3. Using u2f-emulated @@ -90,6 +94,11 @@ On the host specify the u2f-passthru device with a suitable hidraw: qemu -usb -device u2f-passthru,hidraw=/dev/hidraw0 +Alternately, the u2f-passthru device can autoscan to take the first +U2F device it finds on the host (this requires a working libudev): + + qemu -usb -device u2f-passthru + 5. Libu2f-emu diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs index 9e7e1f33a5..7c0ee92ca4 100644 --- a/hw/usb/Makefile.objs +++ b/hw/usb/Makefile.objs @@ -41,6 +41,7 @@ ifeq ($(CONFIG_USB_U2F),y) common-obj-y += u2f.o common-obj-$(CONFIG_LINUX) += u2f-passthru.o common-obj-$(CONFIG_U2F) += u2f-emulated.o +u2f-passthru.o-libs = $(LIBUDEV_LIBS) u2f-emulated.o-cflags = $(U2F_CFLAGS) u2f-emulated.o-libs = $(U2F_LIBS) endif diff --git a/hw/usb/u2f-passthru.c b/hw/usb/u2f-passthru.c index f8771966c7..1311530ee5 100644 --- a/hw/usb/u2f-passthru.c +++ b/hw/usb/u2f-passthru.c @@ -378,6 +378,84 @@ static bool u2f_passthru_is_u2f_device(int fd) sizeof(u2f_hid_report_desc_header)) == 0; } +#ifdef CONFIG_LIBUDEV +static int u2f_passthru_open_from_device(struct udev_device *device) +{ + const char *devnode = udev_device_get_devnode(device); + + int fd = qemu_open(devnode, O_RDWR); + if (fd < 0) { + return -1; + } else if (!u2f_passthru_is_u2f_device(fd)) { + qemu_close(fd); + return -1; + } + return fd; +} + +static int u2f_passthru_open_from_enumerate(struct udev *udev, + struct udev_enumerate *enumerate) +{ + struct udev_list_entry *devices, *entry; + int ret, fd; + + ret = udev_enumerate_scan_devices(enumerate); + if (ret < 0) { + return -1; + } + + devices = udev_enumerate_get_list_entry(enumerate); + udev_list_entry_foreach(entry, devices) { + struct udev_device *device; + const char *syspath = udev_list_entry_get_name(entry); + + if (syspath == NULL) { + continue; + } + + device = udev_device_new_from_syspath(udev, syspath); + if (device == NULL) { + continue; + } + + fd = u2f_passthru_open_from_device(device); + udev_device_unref(device); + if (fd >= 0) { + return fd; + } + } + return -1; +} + +static int u2f_passthru_open_from_scan(void) +{ + struct udev *udev; + struct udev_enumerate *enumerate; + int ret, fd = -1; + + udev = udev_new(); + if (udev == NULL) { + return -1; + } + + enumerate = udev_enumerate_new(udev); + if (enumerate == NULL) { + udev_unref(udev); + return -1; + } + + ret = udev_enumerate_add_match_subsystem(enumerate, "hidraw"); + if (ret >= 0) { + fd = u2f_passthru_open_from_enumerate(udev, enumerate); + } + + udev_enumerate_unref(enumerate); + udev_unref(udev); + + return fd; +} +#endif + static void u2f_passthru_unrealize(U2FKeyState *base) { U2FPassthruState *key = PASSTHRU_U2F_KEY(base); @@ -392,22 +470,31 @@ static void u2f_passthru_realize(U2FKeyState *base, Error **errp) int fd; if (key->hidraw == NULL) { +#ifdef CONFIG_LIBUDEV + fd = u2f_passthru_open_from_scan(); + if (fd < 0) { + error_setg(errp, "%s: Failed to find a U2F USB device", + TYPE_U2F_PASSTHRU); + return; + } +#else error_setg(errp, "%s: Missing hidraw", TYPE_U2F_PASSTHRU); return; - } - - fd = qemu_open(key->hidraw, O_RDWR); - if (fd < 0) { - error_setg(errp, "%s: Failed to open %s", TYPE_U2F_PASSTHRU, - key->hidraw); - return; - } +#endif + } else { + fd = qemu_open(key->hidraw, O_RDWR); + if (fd < 0) { + error_setg(errp, "%s: Failed to open %s", TYPE_U2F_PASSTHRU, + key->hidraw); + return; + } - if (!u2f_passthru_is_u2f_device(fd)) { - qemu_close(fd); - error_setg(errp, "%s: Passed hidraw does not represent " - "a U2F HID device", TYPE_U2F_PASSTHRU); - return; + if (!u2f_passthru_is_u2f_device(fd)) { + qemu_close(fd); + error_setg(errp, "%s: Passed hidraw does not represent " + "a U2F HID device", TYPE_U2F_PASSTHRU); + return; + } } key->hidraw_fd = fd; u2f_passthru_reset(key);