diff options
| -rwxr-xr-x | configure | 8 | ||||
| -rw-r--r-- | docs/qdev-device-use.txt | 1 | ||||
| -rw-r--r-- | docs/system/usb.rst | 3 | ||||
| -rw-r--r-- | docs/u2f.txt | 110 | ||||
| -rw-r--r-- | fpu/softfloat-specialize.c.inc | 38 | ||||
| -rw-r--r-- | fpu/softfloat.c | 425 | ||||
| -rw-r--r-- | hw/usb/Kconfig | 5 | ||||
| -rw-r--r-- | hw/usb/core.c | 16 | ||||
| -rw-r--r-- | hw/usb/dev-hid.c | 26 | ||||
| -rw-r--r-- | hw/usb/dev-wacom.c | 12 | ||||
| -rw-r--r-- | hw/usb/hcd-ehci.c | 12 | ||||
| -rw-r--r-- | hw/usb/hcd-xhci.c | 5 | ||||
| -rw-r--r-- | hw/usb/host-libusb.c | 37 | ||||
| -rw-r--r-- | hw/usb/meson.build | 7 | ||||
| -rw-r--r-- | hw/usb/u2f-emulated.c | 405 | ||||
| -rw-r--r-- | hw/usb/u2f-passthru.c | 551 | ||||
| -rw-r--r-- | hw/usb/u2f.c | 352 | ||||
| -rw-r--r-- | hw/usb/u2f.h | 92 | ||||
| -rw-r--r-- | include/fpu/softfloat-types.h | 5 | ||||
| -rw-r--r-- | include/fpu/softfloat.h | 235 | ||||
| -rw-r--r-- | include/hw/usb/hid.h | 17 | ||||
| -rw-r--r-- | meson.build | 7 | ||||
| -rw-r--r-- | meson_options.txt | 1 | ||||
| -rwxr-xr-x | scripts/u2f-setup-gen.py | 170 | ||||
| -rw-r--r-- | target/riscv/vector_helper.c | 25 |
25 files changed, 2500 insertions, 65 deletions
diff --git a/configure b/configure index 6ecaff429b..8dc981684b 100755 --- a/configure +++ b/configure @@ -495,6 +495,7 @@ trace_file="trace" spice="" rbd="" smartcard="" +u2f="auto" libusb="" usb_redir="" opengl="" @@ -1415,6 +1416,10 @@ for opt do ;; --enable-smartcard) smartcard="yes" ;; + --disable-u2f) u2f="disabled" + ;; + --enable-u2f) u2f="enabled" + ;; --disable-libusb) libusb="no" ;; --enable-libusb) libusb="yes" @@ -1945,6 +1950,7 @@ disabled with --disable-FEATURE, default is enabled if available: libiscsi iscsi support libnfs nfs support smartcard smartcard support (libcacard) + u2f U2F support (u2f-emu) libusb libusb (for usb passthrough) live-block-migration Block migration in the main migration stream usb-redir usb network redirection support @@ -8229,7 +8235,7 @@ NINJA=${ninja:-$PWD/ninjatool} $meson setup \ -Db_coverage=$(if test "$gcov" = yes; then echo true; else echo false; fi) \ -Dsdl=$sdl -Dsdl_image=$sdl_image \ -Dvnc=$vnc -Dvnc_sasl=$vnc_sasl -Dvnc_jpeg=$vnc_jpeg -Dvnc_png=$vnc_png \ - -Dgettext=$gettext -Dxkbcommon=$xkbcommon \ + -Dgettext=$gettext -Dxkbcommon=$xkbcommon -Du2f=$u2f\ $cross_arg \ "$PWD" "$source_path" diff --git a/docs/qdev-device-use.txt b/docs/qdev-device-use.txt index f8d0d2fe29..9889521e3c 100644 --- a/docs/qdev-device-use.txt +++ b/docs/qdev-device-use.txt @@ -325,6 +325,7 @@ The new way is -device DEVNAME,DEV-OPTS... Details depend on DRIVER: * mouse -device usb-mouse * tablet -device usb-tablet * wacom-tablet -device usb-wacom-tablet +* u2f -device u2f-{emulated,passthru} * braille See "Character Devices" === Watchdog Devices === diff --git a/docs/system/usb.rst b/docs/system/usb.rst index ddfa828d74..9a2f1927c4 100644 --- a/docs/system/usb.rst +++ b/docs/system/usb.rst @@ -81,6 +81,9 @@ option or the ``device_add`` monitor command. Available devices are: ``usb-audio`` USB audio device +``u2f-{emulated,passthru}`` + Universal Second Factor device + .. _host_005fusb_005fdevices: Using host USB devices on a Linux host diff --git a/docs/u2f.txt b/docs/u2f.txt new file mode 100644 index 0000000000..8f44994818 --- /dev/null +++ b/docs/u2f.txt @@ -0,0 +1,110 @@ +QEMU U2F Key Device Documentation. + +Contents +1. USB U2F key device +2. Building +3. Using u2f-emulated +4. Using u2f-passthru +5. Libu2f-emu + +1. USB U2F key device + +U2F is an open authentication standard that enables relying parties +exposed to the internet to offer a strong second factor option for end +user authentication. + +The standard brings many advantages to both parties, client and server, +allowing to reduce over-reliance on passwords, it increases authentication +security and simplifies passwords. + +The second factor is materialized by a device implementing the U2F +protocol. In case of a USB U2F security key, it is a USB HID device +that implements the U2F protocol. + +In Qemu, the USB U2F key device offers a dedicated support of U2F, allowing +guest USB FIDO/U2F security keys operating in two possible modes: +pass-through and emulated. + +The pass-through mode consists of passing all requests made from the guest +to the physical security key connected to the host machine and vice versa. +In addition, the dedicated pass-through allows to have a U2F security key +shared on several guests which is not possible with a simple host device +assignment pass-through. + +The emulated mode consists of completely emulating the behavior of an +U2F device through software part. Libu2f-emu is used for that. + + +2. Building + +To ensure the build of the u2f-emulated device variant which depends +on libu2f-emu: configuring and building: + + ./configure --enable-u2f && make + +The pass-through mode is built by default on Linux. To take advantage +of the autoscan option it provides, make sure you have a working libudev +installed on the host. + + +3. Using u2f-emulated + +To work, an emulated U2F device must have four elements: + * ec x509 certificate + * ec private key + * counter (four bytes value) + * 48 bytes of entropy (random bits) + +To use this type of device, this one has to be configured, and these +four elements must be passed one way or another. + +Assuming that you have a working libu2f-emu installed on the host. +There are three possible ways of configurations: + * ephemeral + * setup directory + * manual + +Ephemeral is the simplest way to configure, it lets the device generate +all the elements it needs for a single use of the lifetime of the device. + + qemu -usb -device u2f-emulated + +Setup directory allows to configure the device from a directory containing +four files: + * certificate.pem: ec x509 certificate + * private-key.pem: ec private key + * counter: counter value + * entropy: 48 bytes of entropy + + qemu -usb -device u2f-emulated,dir=$dir + +Manual allows to configure the device more finely by specifying each +of the elements necessary for the device: + * cert + * priv + * counter + * entropy + + qemu -usb -device u2f-emulated,cert=$DIR1/$FILE1,priv=$DIR2/$FILE2,counter=$DIR3/$FILE3,entropy=$DIR4/$FILE4 + + +4. Using u2f-passthru + +On the host specify the u2f-passthru device with a suitable hidraw: + + qemu -usb -device u2f-passthru,hidraw=/dev/hidraw0 + +Alternately, the u2f-passthru device can autoscan to take the first +U2F device it finds on the host (this requires a working libudev): + + qemu -usb -device u2f-passthru + + +5. Libu2f-emu + +The u2f-emulated device uses libu2f-emu for the U2F key emulation. Libu2f-emu +implements completely the U2F protocol device part for all specified +transport given by the FIDO Alliance. + +For more information about libu2f-emu see this page: +https://github.com/MattGorko/libu2f-emu. diff --git a/fpu/softfloat-specialize.c.inc b/fpu/softfloat-specialize.c.inc index dc4ea33c09..c2f87addb2 100644 --- a/fpu/softfloat-specialize.c.inc +++ b/fpu/softfloat-specialize.c.inc @@ -266,6 +266,25 @@ bool float16_is_quiet_nan(float16 a_, float_status *status) } /*---------------------------------------------------------------------------- +| Returns 1 if the bfloat16 value `a' is a quiet +| NaN; otherwise returns 0. +*----------------------------------------------------------------------------*/ + +bool bfloat16_is_quiet_nan(bfloat16 a_, float_status *status) +{ + if (no_signaling_nans(status)) { + return bfloat16_is_any_nan(a_); + } else { + uint16_t a = a_; + if (snan_bit_is_one(status)) { + return (((a >> 6) & 0x1FF) == 0x1FE) && (a & 0x3F); + } else { + return ((a >> 6) & 0x1FF) == 0x1FF; + } + } +} + +/*---------------------------------------------------------------------------- | Returns 1 if the half-precision floating-point value `a' is a signaling | NaN; otherwise returns 0. *----------------------------------------------------------------------------*/ @@ -285,6 +304,25 @@ bool float16_is_signaling_nan(float16 a_, float_status *status) } /*---------------------------------------------------------------------------- +| Returns 1 if the bfloat16 value `a' is a signaling +| NaN; otherwise returns 0. +*----------------------------------------------------------------------------*/ + +bool bfloat16_is_signaling_nan(bfloat16 a_, float_status *status) +{ + if (no_signaling_nans(status)) { + return 0; + } else { + uint16_t a = a_; + if (snan_bit_is_one(status)) { + return ((a >> 6) & 0x1FF) == 0x1FF; + } else { + return (((a >> 6) & 0x1FF) == 0x1FE) && (a & 0x3F); + } + } +} + +/*---------------------------------------------------------------------------- | Returns 1 if the single-precision floating-point value `a' is a quiet | NaN; otherwise returns 0. *----------------------------------------------------------------------------*/ diff --git a/fpu/softfloat.c b/fpu/softfloat.c index 33abc8207b..67cfa0fd82 100644 --- a/fpu/softfloat.c +++ b/fpu/softfloat.c @@ -554,6 +554,10 @@ static const FloatFmt float16_params_ahp = { .arm_althp = true }; +static const FloatFmt bfloat16_params = { + FLOAT_PARAMS(8, 7) +}; + static const FloatFmt float32_params = { FLOAT_PARAMS(8, 23) }; @@ -580,6 +584,11 @@ static inline FloatParts float16_unpack_raw(float16 f) return unpack_raw(float16_params, f); } +static inline FloatParts bfloat16_unpack_raw(bfloat16 f) +{ + return unpack_raw(bfloat16_params, f); +} + static inline FloatParts float32_unpack_raw(float32 f) { return unpack_raw(float32_params, f); @@ -603,6 +612,11 @@ static inline float16 float16_pack_raw(FloatParts p) return make_float16(pack_raw(float16_params, p)); } +static inline bfloat16 bfloat16_pack_raw(FloatParts p) +{ + return pack_raw(bfloat16_params, p); +} + static inline float32 float32_pack_raw(FloatParts p) { return make_float32(pack_raw(float32_params, p)); @@ -820,6 +834,11 @@ static FloatParts float16_unpack_canonical(float16 f, float_status *s) return float16a_unpack_canonical(f, s, &float16_params); } +static FloatParts bfloat16_unpack_canonical(bfloat16 f, float_status *s) +{ + return sf_canonicalize(bfloat16_unpack_raw(f), &bfloat16_params, s); +} + static float16 float16a_round_pack_canonical(FloatParts p, float_status *s, const FloatFmt *params) { @@ -831,6 +850,11 @@ static float16 float16_round_pack_canonical(FloatParts p, float_status *s) return float16a_round_pack_canonical(p, s, &float16_params); } +static bfloat16 bfloat16_round_pack_canonical(FloatParts p, float_status *s) +{ + return bfloat16_pack_raw(round_canonical(p, s, &bfloat16_params)); +} + static FloatParts float32_unpack_canonical(float32 f, float_status *s) { return sf_canonicalize(float32_unpack_raw(f), &float32_params, s); @@ -1159,6 +1183,28 @@ float64_sub(float64 a, float64 b, float_status *s) } /* + * Returns the result of adding or subtracting the bfloat16 + * values `a' and `b'. + */ +bfloat16 QEMU_FLATTEN bfloat16_add(bfloat16 a, bfloat16 b, float_status *status) +{ + FloatParts pa = bfloat16_unpack_canonical(a, status); + FloatParts pb = bfloat16_unpack_canonical(b, status); + FloatParts pr = addsub_floats(pa, pb, false, status); + + return bfloat16_round_pack_canonical(pr, status); +} + +bfloat16 QEMU_FLATTEN bfloat16_sub(bfloat16 a, bfloat16 b, float_status *status) +{ + FloatParts pa = bfloat16_unpack_canonical(a, status); + FloatParts pb = bfloat16_unpack_canonical(b, status); + FloatParts pr = addsub_floats(pa, pb, true, status); + + return bfloat16_round_pack_canonical(pr, status); +} + +/* * Returns the result of multiplying the floating-point values `a' and * `b'. The operation is performed according to the IEC/IEEE Standard * for Binary Floating-Point Arithmetic. @@ -1261,6 +1307,20 @@ float64_mul(float64 a, float64 b, float_status *s) } /* + * Returns the result of multiplying the bfloat16 + * values `a' and `b'. + */ + +bfloat16 QEMU_FLATTEN bfloat16_mul(bfloat16 a, bfloat16 b, float_status *status) +{ + FloatParts pa = bfloat16_unpack_canonical(a, status); + FloatParts pb = bfloat16_unpack_canonical(b, status); + FloatParts pr = mul_floats(pa, pb, status); + + return bfloat16_round_pack_canonical(pr, status); +} + +/* * Returns the result of multiplying the floating-point values `a' and * `b' then adding 'c', with no intermediate rounding step after the * multiplication. The operation is performed according to the @@ -1643,6 +1703,23 @@ float64_muladd(float64 xa, float64 xb, float64 xc, int flags, float_status *s) } /* + * Returns the result of multiplying the bfloat16 values `a' + * and `b' then adding 'c', with no intermediate rounding step after the + * multiplication. + */ + +bfloat16 QEMU_FLATTEN bfloat16_muladd(bfloat16 a, bfloat16 b, bfloat16 c, + int flags, float_status *status) +{ + FloatParts pa = bfloat16_unpack_canonical(a, status); + FloatParts pb = bfloat16_unpack_canonical(b, status); + FloatParts pc = bfloat16_unpack_canonical(c, status); + FloatParts pr = muladd_floats(pa, pb, pc, flags, status); + + return bfloat16_round_pack_canonical(pr, status); +} + +/* * Returns the result of dividing the floating-point value `a' by the * corresponding value `b'. The operation is performed according to * the IEC/IEEE Standard for Binary Floating-Point Arithmetic. @@ -1809,6 +1886,20 @@ float64_div(float64 a, float64 b, float_status *s) } /* + * Returns the result of dividing the bfloat16 + * value `a' by the corresponding value `b'. + */ + +bfloat16 bfloat16_div(bfloat16 a, bfloat16 b, float_status *status) +{ + FloatParts pa = bfloat16_unpack_canonical(a, status); + FloatParts pb = bfloat16_unpack_canonical(b, status); + FloatParts pr = div_floats(pa, pb, status); + + return bfloat16_round_pack_canonical(pr, status); +} + +/* * Float to Float conversions * * Returns the result of converting one float format to another. The @@ -1923,6 +2014,34 @@ float32 float64_to_float32(float64 a, float_status *s) return float32_round_pack_canonical(pr, s); } +float32 bfloat16_to_float32(bfloat16 a, float_status *s) +{ + FloatParts p = bfloat16_unpack_canonical(a, s); + FloatParts pr = float_to_float(p, &float32_params, s); + return float32_round_pack_canonical(pr, s); +} + +float64 bfloat16_to_float64(bfloat16 a, float_status *s) +{ + FloatParts p = bfloat16_unpack_canonical(a, s); + FloatParts pr = float_to_float(p, &float64_params, s); + return float64_round_pack_canonical(pr, s); +} + +bfloat16 float32_to_bfloat16(float32 a, float_status *s) +{ + FloatParts p = float32_unpack_canonical(a, s); + FloatParts pr = float_to_float(p, &bfloat16_params, s); + return bfloat16_round_pack_canonical(pr, s); +} + +bfloat16 float64_to_bfloat16(float64 a, float_status *s) +{ + FloatParts p = float64_unpack_canonical(a, s); + FloatParts pr = float_to_float(p, &bfloat16_params, s); + return bfloat16_round_pack_canonical(pr, s); +} + /* * Rounds the floating-point value `a' to an integer, and returns the * result as a floating-point value. The operation is performed @@ -2053,6 +2172,18 @@ float64 float64_round_to_int(float64 a, float_status *s) } /* + * Rounds the bfloat16 value `a' to an integer, and returns the + * result as a bfloat16 value. + */ + +bfloat16 bfloat16_round_to_int(bfloat16 a, float_status *s) +{ + FloatParts pa = bfloat16_unpack_canonical(a, s); + FloatParts pr = round_to_int(pa, s->float_rounding_mode, 0, s); + return bfloat16_round_pack_canonical(pr, s); +} + +/* * Returns the result of converting the floating-point value `a' to * the two's complement integer format. The conversion is performed * according to the IEC/IEEE Standard for Binary Floating-Point @@ -2109,6 +2240,13 @@ static int64_t round_to_int_and_pack(FloatParts in, FloatRoundMode rmode, } } +int8_t float16_to_int8_scalbn(float16 a, FloatRoundMode rmode, int scale, + float_status *s) +{ + return round_to_int_and_pack(float16_unpack_canonical(a, s), + rmode, scale, INT8_MIN, INT8_MAX, s); +} + int16_t float16_to_int16_scalbn(float16 a, FloatRoundMode rmode, int scale, float_status *s) { @@ -2172,6 +2310,11 @@ int64_t float64_to_int64_scalbn(float64 a, FloatRoundMode rmode, int scale, rmode, scale, INT64_MIN, INT64_MAX, s); } +int8_t float16_to_int8(float16 a, float_status *s) +{ + return float16_to_int8_scalbn(a, s->float_rounding_mode, 0, s); +} + int16_t float16_to_int16(float16 a, float_status *s) { return float16_to_int16_scalbn(a, s->float_rounding_mode, 0, s); @@ -2263,6 +2406,62 @@ int64_t float64_to_int64_round_to_zero(float64 a, float_status *s) } /* + * Returns the result of converting the floating-point value `a' to + * the two's complement integer format. + */ + +int16_t bfloat16_to_int16_scalbn(bfloat16 a, FloatRoundMode rmode, int scale, + float_status *s) +{ + return round_to_int_and_pack(bfloat16_unpack_canonical(a, s), + rmode, scale, INT16_MIN, INT16_MAX, s); +} + +int32_t bfloat16_to_int32_scalbn(bfloat16 a, FloatRoundMode rmode, int scale, + float_status *s) +{ + return round_to_int_and_pack(bfloat16_unpack_canonical(a, s), + rmode, scale, INT32_MIN, INT32_MAX, s); +} + +int64_t bfloat16_to_int64_scalbn(bfloat16 a, FloatRoundMode rmode, int scale, + float_status *s) +{ + return round_to_int_and_pack(bfloat16_unpack_canonical(a, s), + rmode, scale, INT64_MIN, INT64_MAX, s); +} + +int16_t bfloat16_to_int16(bfloat16 a, float_status *s) +{ + return bfloat16_to_int16_scalbn(a, s->float_rounding_mode, 0, s); +} + +int32_t bfloat16_to_int32(bfloat16 a, float_status *s) +{ + return bfloat16_to_int32_scalbn(a, s->float_rounding_mode, 0, s); +} + +int64_t bfloat16_to_int64(bfloat16 a, float_status *s) +{ + return bfloat16_to_int64_scalbn(a, s->float_rounding_mode, 0, s); +} + +int16_t bfloat16_to_int16_round_to_zero(bfloat16 a, float_status *s) +{ + return bfloat16_to_int16_scalbn(a, float_round_to_zero, 0, s); +} + +int32_t bfloat16_to_int32_round_to_zero(bfloat16 a, float_status *s) +{ + return bfloat16_to_int32_scalbn(a, float_round_to_zero, 0, s); +} + +int64_t bfloat16_to_int64_round_to_zero(bfloat16 a, float_status *s) +{ + return bfloat16_to_int64_scalbn(a, float_round_to_zero, 0, s); +} + +/* * Returns the result of converting the floating-point value `a' to * the unsigned integer format. The conversion is performed according * to the IEC/IEEE Standard for Binary Floating-Point @@ -2322,6 +2521,13 @@ static uint64_t round_to_uint_and_pack(FloatParts in, FloatRoundMode rmode, } } +uint8_t float16_to_uint8_scalbn(float16 a, FloatRoundMode rmode, int scale, + float_status *s) +{ + return round_to_uint_and_pack(float16_unpack_canonical(a, s), + rmode, scale, UINT8_MAX, s); +} + uint16_t float16_to_uint16_scalbn(float16 a, FloatRoundMode rmode, int scale, float_status *s) { @@ -2385,6 +2591,11 @@ uint64_t float64_to_uint64_scalbn(float64 a, FloatRoundMode rmode, int scale, rmode, scale, UINT64_MAX, s); } +uint8_t float16_to_uint8(float16 a, float_status *s) +{ + return float16_to_uint8_scalbn(a, s->float_rounding_mode, 0, s); +} + uint16_t float16_to_uint16(float16 a, float_status *s) { return float16_to_uint16_scalbn(a, s->float_rounding_mode, 0, s); @@ -2476,6 +2687,62 @@ uint64_t float64_to_uint64_round_to_zero(float64 a, float_status *s) } /* + * Returns the result of converting the bfloat16 value `a' to + * the unsigned integer format. + */ + +uint16_t bfloat16_to_uint16_scalbn(bfloat16 a, FloatRoundMode rmode, + int scale, float_status *s) +{ + return round_to_uint_and_pack(bfloat16_unpack_canonical(a, s), + rmode, scale, UINT16_MAX, s); +} + +uint32_t bfloat16_to_uint32_scalbn(bfloat16 a, FloatRoundMode rmode, + int scale, float_status *s) +{ + return round_to_uint_and_pack(bfloat16_unpack_canonical(a, s), + rmode, scale, UINT32_MAX, s); +} + +uint64_t bfloat16_to_uint64_scalbn(bfloat16 a, FloatRoundMode rmode, + int scale, float_status *s) +{ + return round_to_uint_and_pack(bfloat16_unpack_canonical(a, s), + rmode, scale, UINT64_MAX, s); +} + +uint16_t bfloat16_to_uint16(bfloat16 a, float_status *s) +{ + return bfloat16_to_uint16_scalbn(a, s->float_rounding_mode, 0, s); +} + +uint32_t bfloat16_to_uint32(bfloat16 a, float_status *s) +{ + return bfloat16_to_uint32_scalbn(a, s->float_rounding_mode, 0, s); +} + +uint64_t bfloat16_to_uint64(bfloat16 a, float_status *s) +{ + return bfloat16_to_uint64_scalbn(a, s->float_rounding_mode, 0, s); +} + +uint16_t bfloat16_to_uint16_round_to_zero(bfloat16 a, float_status *s) +{ + return bfloat16_to_uint16_scalbn(a, float_round_to_zero, 0, s); +} + +uint32_t bfloat16_to_uint32_round_to_zero(bfloat16 a, float_status *s) +{ + return bfloat16_to_uint32_scalbn(a, float_round_to_zero, 0, s); +} + +uint64_t bfloat16_to_uint64_round_to_zero(bfloat16 a, float_status *s) +{ + return bfloat16_to_uint64_scalbn(a, float_round_to_zero, 0, s); +} + +/* * Integer to float conversions * * Returns the result of converting the two's complement integer `a' @@ -2539,6 +2806,11 @@ float16 int16_to_float16(int16_t a, float_status *status) return int64_to_float16_scalbn(a, 0, status); } +float16 int8_to_float16(int8_t a, float_status *status) +{ + return int64_to_float16_scalbn(a, 0, status); +} + float32 int64_to_float32_scalbn(int64_t a, int scale, float_status *status) { FloatParts pa = int_to_float(a, scale, status); @@ -2601,6 +2873,41 @@ float64 int16_to_float64(int16_t a, float_status *status) return int64_to_float64_scalbn(a, 0, status); } +/* + * Returns the result of converting the two's complement integer `a' + * to the bfloat16 format. + */ + +bfloat16 int64_to_bfloat16_scalbn(int64_t a, int scale, float_status *status) +{ + FloatParts pa = int_to_float(a, scale, status); + return bfloat16_round_pack_canonical(pa, status); +} + +bfloat16 int32_to_bfloat16_scalbn(int32_t a, int scale, float_status *status) +{ + return int64_to_bfloat16_scalbn(a, scale, status); +} + +bfloat16 int16_to_bfloat16_scalbn(int16_t a, int scale, float_status *status) +{ + return int64_to_bfloat16_scalbn(a, scale, status); +} + +bfloat16 int64_to_bfloat16(int64_t a, float_status *status) +{ + return int64_to_bfloat16_scalbn(a, 0, status); +} + +bfloat16 int32_to_bfloat16(int32_t a, float_status *status) +{ + return int64_to_bfloat16_scalbn(a, 0, status); +} + +bfloat16 int16_to_bfloat16(int16_t a, float_status *status) +{ + return int64_to_bfloat16_scalbn(a, 0, status); +} /* * Unsigned Integer to float conversions @@ -2664,6 +2971,11 @@ float16 uint16_to_float16(uint16_t a, float_status *status) return uint64_to_float16_scalbn(a, 0, status); } +float16 uint8_to_float16(uint8_t a, float_status *status) +{ + return uint64_to_float16_scalbn(a, 0, status); +} + float32 uint64_to_float32_scalbn(uint64_t a, int scale, float_status *status) { FloatParts pa = uint_to_float(a, scale, status); @@ -2726,6 +3038,42 @@ float64 uint16_to_float64(uint16_t a, float_status *status) return uint64_to_float64_scalbn(a, 0, status); } +/* + * Returns the result of converting the unsigned integer `a' to the + * bfloat16 format. + */ + +bfloat16 uint64_to_bfloat16_scalbn(uint64_t a, int scale, float_status *status) +{ + FloatParts pa = uint_to_float(a, scale, status); + return bfloat16_round_pack_canonical(pa, status); +} + +bfloat16 uint32_to_bfloat16_scalbn(uint32_t a, int scale, float_status *status) +{ + return uint64_to_bfloat16_scalbn(a, scale, status); +} + +bfloat16 uint16_to_bfloat16_scalbn(uint16_t a, int scale, float_status *status) +{ + return uint64_to_bfloat16_scalbn(a, scale, status); +} + +bfloat16 uint64_to_bfloat16(uint64_t a, float_status *status) +{ + return uint64_to_bfloat16_scalbn(a, 0, status); +} + +bfloat16 uint32_to_bfloat16(uint32_t a, float_status *status) +{ + return uint64_to_bfloat16_scalbn(a, 0, status); +} + +bfloat16 uint16_to_bfloat16(uint16_t a, float_status *status) +{ + return uint64_to_bfloat16_scalbn(a, 0, status); +} + /* Float Min/Max */ /* min() and max() functions. These can't be implemented as * 'compare and pick one input' because that would mishandle @@ -2847,6 +3195,25 @@ MINMAX(64, maxnummag, false, true, true) #undef MINMAX +#define BF16_MINMAX(name, ismin, isiee, ismag) \ +bfloat16 bfloat16_ ## name(bfloat16 a, bfloat16 b, float_status *s) \ +{ \ + FloatParts pa = bfloat16_unpack_canonical(a, s); \ + FloatParts pb = bfloat16_unpack_canonical(b, s); \ + FloatParts pr = minmax_floats(pa, pb, ismin, isiee, ismag, s); \ + \ + return bfloat16_round_pack_canonical(pr, s); \ +} + +BF16_MINMAX(min, true, false, false) +BF16_MINMAX(minnum, true, true, false) +BF16_MINMAX(minnummag, true, true, true) +BF16_MINMAX(max, false, false, false) +BF16_MINMAX(maxnum, false, true, false) +BF16_MINMAX(maxnummag, false, true, true) + +#undef BF16_MINMAX + /* Floating point compare */ static FloatRelation compare_floats(FloatParts a, FloatParts b, bool is_quiet, float_status *s) @@ -3008,6 +3375,24 @@ FloatRelation float64_compare_quiet(float64 a, float64 b, float_status *s) return f64_compare(a, b, true, s); } +static FloatRelation QEMU_FLATTEN +soft_bf16_compare(bfloat16 a, bfloat16 b, bool is_quiet, float_status *s) +{ + FloatParts pa = bfloat16_unpack_canonical(a, s); + FloatParts pb = bfloat16_unpack_canonical(b, s); + return compare_floats(pa, pb, is_quiet, s); +} + +FloatRelation bfloat16_compare(bfloat16 a, bfloat16 b, float_status *s) +{ + return soft_bf16_compare(a, b, false, s); +} + +FloatRelation bfloat16_compare_quiet(bfloat16 a, bfloat16 b, float_status *s) +{ + return soft_bf16_compare(a, b, true, s); +} + /* Multiply A by 2 raised to the power N. */ static FloatParts scalbn_decomposed(FloatParts a, int n, float_status *s) { @@ -3047,6 +3432,13 @@ float64 float64_scalbn(float64 a, int n, float_status *status) return float64_round_pack_canonical(pr, status); } +bfloat16 bfloat16_scalbn(bfloat16 a, int n, float_status *status) +{ + FloatParts pa = bfloat16_unpack_canonical(a, status); + FloatParts pr = scalbn_decomposed(pa, n, status); + return bfloat16_round_pack_canonical(pr, status); +} + /* * Square Root * @@ -3197,6 +3589,13 @@ float64 QEMU_FLATTEN float64_sqrt(float64 xa, float_status *s) return soft_f64_sqrt(ua.s, s); } +bfloat16 QEMU_FLATTEN bfloat16_sqrt(bfloat16 a, float_status *status) +{ + FloatParts pa = bfloat16_unpack_canonical(a, status); + FloatParts pr = sqrt_float(pa, status, &bfloat16_params); + return bfloat16_round_pack_canonical(pr, status); +} + /*---------------------------------------------------------------------------- | The pattern for a default generated NaN. *----------------------------------------------------------------------------*/ @@ -3239,6 +3638,13 @@ float128 float128_default_nan(float_status *status) return r; } +bfloat16 bfloat16_default_nan(float_status *status) +{ + FloatParts p = parts_default_nan(status); + p.frac >>= bfloat16_params.frac_shift; + return bfloat16_pack_raw(p); +} + /*---------------------------------------------------------------------------- | Returns a quiet NaN from a signalling NaN for the floating point value `a'. *----------------------------------------------------------------------------*/ @@ -3270,6 +3676,14 @@ float64 float64_silence_nan(float64 a, float_status *status) return float64_pack_raw(p); } +bfloat16 bfloat16_silence_nan(bfloat16 a, float_status *status) +{ + FloatParts p = bfloat16_unpack_raw(a); + p.frac <<= bfloat16_params.frac_shift; + p = parts_silence_nan(p, status); + p.frac >>= bfloat16_params.frac_shift; + return bfloat16_pack_raw(p); +} /*---------------------------------------------------------------------------- | If `a' is denormal and we are in flush-to-zero mode then set the @@ -3319,6 +3733,17 @@ float64 float64_squash_input_denormal(float64 a, float_status *status) return a; } +bfloat16 bfloat16_squash_input_denormal(bfloat16 a, float_status *status) +{ + if (status->flush_inputs_to_zero) { + FloatParts p = bfloat16_unpack_raw(a); + if (parts_squash_denormal(p, status)) { + return bfloat16_set_sign(bfloat16_zero, p.sign); + } + } + return a; +} + /*---------------------------------------------------------------------------- | Takes a 64-bit fixed-point value `absZ' with binary point between bits 6 | and 7, and returns the properly rounded 32-bit integer corresponding to the diff --git a/hw/usb/Kconfig b/hw/usb/Kconfig index 5e63dc75f8..3fc8fbe3c7 100644 --- a/hw/usb/Kconfig +++ b/hw/usb/Kconfig @@ -96,6 +96,11 @@ config USB_STORAGE_MTP default y depends on USB +config USB_U2F + bool + default y + depends on USB + config IMX_USBPHY bool default y diff --git a/hw/usb/core.c b/hw/usb/core.c index 5abd128b6b..5234dcc73f 100644 --- a/hw/usb/core.c +++ b/hw/usb/core.c @@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream) static void do_token_setup(USBDevice *s, USBPacket *p) { int request, value, index; + unsigned int setup_len; if (p->iov.size != 8) { p->status = USB_RET_STALL; @@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p) usb_packet_copy(p, s->setup_buf, p->iov.size); s->setup_index = 0; p->actual_length = 0; - s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; - if (s->setup_len > sizeof(s->data_buf)) { + setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; + if (setup_len > sizeof(s->data_buf)) { fprintf(stderr, "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", - s->setup_len, sizeof(s->data_buf)); + setup_len, sizeof(s->data_buf)); p->status = USB_RET_STALL; return; } + s->setup_len = setup_len; request = (s->setup_buf[0] << 8) | s->setup_buf[1]; value = (s->setup_buf[3] << 8) | s->setup_buf[2]; @@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p) static void do_parameter(USBDevice *s, USBPacket *p) { int i, request, value, index; + unsigned int setup_len; for (i = 0; i < 8; i++) { s->setup_buf[i] = p->parameter >> (i*8); } s->setup_state = SETUP_STATE_PARAM; - s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; s->setup_index = 0; request = (s->setup_buf[0] << 8) | s->setup_buf[1]; value = (s->setup_buf[3] << 8) | s->setup_buf[2]; index = (s->setup_buf[5] << 8) | s->setup_buf[4]; - if (s->setup_len > sizeof(s->data_buf)) { + setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; + if (setup_len > sizeof(s->data_buf)) { fprintf(stderr, "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", - s->setup_len, sizeof(s->data_buf)); + setup_len, sizeof(s->data_buf)); p->status = USB_RET_STALL; return; } + s->setup_len = setup_len; if (p->pid == USB_TOKEN_OUT) { usb_packet_copy(p, s->data_buf, s->setup_len); diff --git a/hw/usb/dev-hid.c b/hw/usb/dev-hid.c index 89f63b698b..c73f7b2fe2 100644 --- a/hw/usb/dev-hid.c +++ b/hw/usb/dev-hid.c @@ -32,21 +32,9 @@ #include "qemu/module.h" #include "qemu/timer.h" #include "hw/input/hid.h" +#include "hw/usb/hid.h" #include "hw/qdev-properties.h" -/* HID interface requests */ -#define GET_REPORT 0xa101 -#define GET_IDLE 0xa102 -#define GET_PROTOCOL 0xa103 -#define SET_REPORT 0x2109 -#define SET_IDLE 0x210a -#define SET_PROTOCOL 0x210b - -/* HID descriptor types */ -#define USB_DT_HID 0x21 -#define USB_DT_REPORT 0x22 -#define USB_DT_PHY 0x23 - typedef struct USBHIDState { USBDevice dev; USBEndpoint *intr; @@ -618,38 +606,38 @@ static void usb_hid_handle_control(USBDevice *dev, USBPacket *p, goto fail; } break; - case GET_REPORT: + case HID_GET_REPORT: if (hs->kind == HID_MOUSE || hs->kind == HID_TABLET) { p->actual_length = hid_pointer_poll(hs, data, length); } else if (hs->kind == HID_KEYBOARD) { p->actual_length = hid_keyboard_poll(hs, data, length); } break; - case SET_REPORT: + case HID_SET_REPORT: if (hs->kind == HID_KEYBOARD) { p->actual_length = hid_keyboard_write(hs, data, length); } else { goto fail; } break; - case GET_PROTOCOL: + case HID_GET_PROTOCOL: if (hs->kind != HID_KEYBOARD && hs->kind != HID_MOUSE) { goto fail; } data[0] = hs->protocol; p->actual_length = 1; break; - case SET_PROTOCOL: + case HID_SET_PROTOCOL: if (hs->kind != HID_KEYBOARD && hs->kind != HID_MOUSE) { goto fail; } hs->protocol = value; break; - case GET_IDLE: + case HID_GET_IDLE: data[0] = hs->idle; p->actual_length = 1; break; - case SET_IDLE: + case HID_SET_IDLE: hs->idle = (uint8_t) (value >> 8); hid_set_next_idle(hs); if (hs->kind == HID_MOUSE || hs->kind == HID_TABLET) { diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c index 8aba44b8bc..76fc5a5dab 100644 --- a/hw/usb/dev-wacom.c +++ b/hw/usb/dev-wacom.c @@ -29,6 +29,7 @@ #include "qemu/osdep.h" #include "ui/console.h" #include "hw/usb.h" +#include "hw/usb/hid.h" #include "migration/vmstate.h" #include "qemu/module.h" #include "desc.h" @@ -37,13 +38,6 @@ #define WACOM_GET_REPORT 0x2101 #define WACOM_SET_REPORT 0x2109 -/* HID interface requests */ -#define HID_GET_REPORT 0xa101 -#define HID_GET_IDLE 0xa102 -#define HID_GET_PROTOCOL 0xa103 -#define HID_SET_IDLE 0x210a -#define HID_SET_PROTOCOL 0x210b - typedef struct USBWacomState { USBDevice dev; USBEndpoint *intr; @@ -86,11 +80,11 @@ static const USBDescIface desc_iface_wacom = { /* HID descriptor */ .data = (uint8_t[]) { 0x09, /* u8 bLength */ - 0x21, /* u8 bDescriptorType */ + USB_DT_HID, /* u8 bDescriptorType */ 0x01, 0x10, /* u16 HID_class */ 0x00, /* u8 country_code */ 0x01, /* u8 num_descriptors */ - 0x22, /* u8 type: Report */ + USB_DT_REPORT, /* u8 type: Report */ 0x6e, 0, /* u16 len */ }, }, diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 1495e8f7fa..2b995443fb 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -352,7 +352,6 @@ static void ehci_trace_sitd(EHCIState *s, hwaddr addr, static void ehci_trace_guest_bug(EHCIState *s, const char *message) { trace_usb_ehci_guest_bug(message); - warn_report("%s", message); } static inline bool ehci_enabled(EHCIState *s) @@ -1373,7 +1372,10 @@ static int ehci_execute(EHCIPacket *p, const char *action) spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0); usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd, (p->qtd.token & QTD_TOKEN_IOC) != 0); - usb_packet_map(&p->packet, &p->sgl); + if (usb_packet_map(&p->packet, &p->sgl)) { + qemu_sglist_destroy(&p->sgl); + return -1; + } p->async = EHCI_ASYNC_INITIALIZED; } @@ -1445,6 +1447,7 @@ static int ehci_process_itd(EHCIState *ehci, dev = ehci_find_device(ehci, devaddr); if (dev == NULL) { ehci_trace_guest_bug(ehci, "no device found"); + qemu_sglist_destroy(&ehci->isgl); return -1; } pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT; @@ -1452,7 +1455,10 @@ static int ehci_process_itd(EHCIState *ehci, if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) { usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false, (itd->transact[i] & ITD_XACT_IOC) != 0); - usb_packet_map(&ehci->ipacket, &ehci->isgl); + if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) { + qemu_sglist_destroy(&ehci->isgl); + return -1; + } usb_handle_packet(dev, &ehci->ipacket); usb_packet_unmap(&ehci->ipacket, &ehci->isgl); } else { diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 67a18fe2b6..46a2186d91 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -1615,7 +1615,10 @@ static int xhci_setup_packet(XHCITransfer *xfer) xhci_xfer_create_sgl(xfer, dir == USB_TOKEN_IN); /* Also sets int_req */ usb_packet_setup(&xfer->packet, dir, ep, xfer->streamid, xfer->trbs[0].addr, false, xfer->int_req); - usb_packet_map(&xfer->packet, &xfer->sgl); + if (usb_packet_map(&xfer->packet, &xfer->sgl)) { + qemu_sglist_destroy(&xfer->sgl); + return -1; + } DPRINTF("xhci: setup packet pid 0x%x addr %d ep %d\n", xfer->packet.pid, ep->dev->addr, ep->nr); return 0; diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index c474551d84..08604f787f 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -39,6 +39,11 @@ #endif #include <libusb.h> +#ifdef CONFIG_LINUX +#include <sys/ioctl.h> +#include <linux/usbdevice_fs.h> +#endif + #include "qapi/error.h" #include "migration/vmstate.h" #include "monitor/monitor.h" @@ -885,6 +890,7 @@ static void usb_host_ep_update(USBHostDevice *s) static int usb_host_open(USBHostDevice *s, libusb_device *dev, int hostfd) { USBDevice *udev = USB_DEVICE(s); + int libusb_speed; int bus_num = 0; int addr = 0; int rc; @@ -935,7 +941,36 @@ static int usb_host_open(USBHostDevice *s, libusb_device *dev, int hostfd) usb_ep_init(udev); usb_host_ep_update(s); - udev->speed = speed_map[libusb_get_device_speed(dev)]; + libusb_speed = libusb_get_device_speed(dev); +#ifdef CONFIG_LINUX + if (hostfd && libusb_speed == 0) { + /* + * Workaround libusb bug: libusb_get_device_speed() does not + * work for libusb_wrap_sys_device() devices in v1.0.23. + * + * Speeds are defined in linux/usb/ch9.h, file not included + * due to name conflicts. + */ + int rc = ioctl(hostfd, USBDEVFS_GET_SPEED, NULL); + switch (rc) { + case 1: /* low */ + libusb_speed = LIBUSB_SPEED_LOW; + break; + case 2: /* full */ + libusb_speed = LIBUSB_SPEED_FULL; + break; + case 3: /* high */ + case 4: /* wireless */ + libusb_speed = LIBUSB_SPEED_HIGH; + break; + case 5: /* super */ + case 6: /* super plus */ + libusb_speed = LIBUSB_SPEED_SUPER; + break; + } + } +#endif + udev->speed = speed_map[libusb_speed]; usb_host_speed_compat(s); if (s->ddesc.iProduct) { diff --git a/hw/usb/meson.build b/hw/usb/meson.build index 3c44a1b069..b7c7ff23bf 100644 --- a/hw/usb/meson.build +++ b/hw/usb/meson.build @@ -50,6 +50,13 @@ if config_host.has_key('CONFIG_SMARTCARD') hw_usb_modules += {'smartcard': usbsmartcard_ss} endif +# U2F +softmmu_ss.add(when: 'CONFIG_USB_U2F', if_true: files('u2f.c')) +softmmu_ss.add(when: ['CONFIG_LINUX', 'CONFIG_USB_U2F'], if_true: [libudev, files('u2f-passthru.c')]) +if u2f.found() + softmmu_ss.add(when: 'CONFIG_USB_U2F', if_true: [u2f, files('u2f-emulated.c')]) +endif + # usb redirect if config_host.has_key('CONFIG_USB_REDIR') usbredir_ss = ss.source_set() diff --git a/hw/usb/u2f-emulated.c b/hw/usb/u2f-emulated.c new file mode 100644 index 0000000000..9e1b829f3d --- /dev/null +++ b/hw/usb/u2f-emulated.c @@ -0,0 +1,405 @@ +/* + * U2F USB Emulated device. + * + * Copyright (c) 2020 César Belley <cesar.belley@lse.epita.fr> + * Written by César Belley <cesar.belley@lse.epita.fr> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qemu/module.h" +#include "qemu/thread.h" +#include "qemu/main-loop.h" +#include "qapi/error.h" +#include "hw/usb.h" +#include "hw/qdev-properties.h" + +#include <u2f-emu/u2f-emu.h> + +#include "u2f.h" + +/* Counter which sync with a file */ +struct synced_counter { + /* Emulated device counter */ + struct u2f_emu_vdev_counter vdev_counter; + + /* Private attributes */ + uint32_t value; + FILE *fp; +}; + +static void counter_increment(struct u2f_emu_vdev_counter *vdev_counter) +{ + struct synced_counter *counter = (struct synced_counter *)vdev_counter; + ++counter->value; + + /* Write back */ + if (fseek(counter->fp, 0, SEEK_SET) == -1) { + return; + } + fprintf(counter->fp, "%u\n", counter->value); +} + +static uint32_t counter_read(struct u2f_emu_vdev_counter *vdev_counter) +{ + struct synced_counter *counter = (struct synced_counter *)vdev_counter; + return counter->value; +} + +typedef struct U2FEmulatedState U2FEmulatedState; + +#define PENDING_OUT_NUM 32 + +struct U2FEmulatedState { + U2FKeyState base; + + /* U2F virtual emulated device */ + u2f_emu_vdev *vdev; + QemuMutex vdev_mutex; + + /* Properties */ + char *dir; + char *cert; + char *privkey; + char *entropy; + char *counter; + struct synced_counter synced_counter; + + /* Pending packets received from the guest */ + uint8_t pending_out[PENDING_OUT_NUM][U2FHID_PACKET_SIZE]; + uint8_t pending_out_start; + uint8_t pending_out_end; + uint8_t pending_out_num; + QemuMutex pending_out_mutex; + + /* Emulation thread and sync */ + QemuCond key_cond; + QemuMutex key_mutex; + QemuThread key_thread; + bool stop_thread; + EventNotifier notifier; +}; + +#define TYPE_U2F_EMULATED "u2f-emulated" +#define EMULATED_U2F_KEY(obj) \ + OBJECT_CHECK(U2FEmulatedState, (obj), TYPE_U2F_EMULATED) + +static void u2f_emulated_reset(U2FEmulatedState *key) +{ + key->pending_out_start = 0; + key->pending_out_end = 0; + key->pending_out_num = 0; +} + +static void u2f_pending_out_add(U2FEmulatedState *key, + const uint8_t packet[U2FHID_PACKET_SIZE]) +{ + int index; + + if (key->pending_out_num >= PENDING_OUT_NUM) { + return; + } + + index = key->pending_out_end; + key->pending_out_end = (index + 1) % PENDING_OUT_NUM; + ++key->pending_out_num; + + memcpy(&key->pending_out[index], packet, U2FHID_PACKET_SIZE); +} + +static uint8_t *u2f_pending_out_get(U2FEmulatedState *key) +{ + int index; + + if (key->pending_out_num == 0) { + return NULL; + } + + index = key->pending_out_start; + key->pending_out_start = (index + 1) % PENDING_OUT_NUM; + --key->pending_out_num; + + return key->pending_out[index]; +} + +static void u2f_emulated_recv_from_guest(U2FKeyState *base, + const uint8_t packet[U2FHID_PACKET_SIZE]) +{ + U2FEmulatedState *key = EMULATED_U2F_KEY(base); + + qemu_mutex_lock(&key->pending_out_mutex); + u2f_pending_out_add(key, packet); + qemu_mutex_unlock(&key->pending_out_mutex); + + qemu_mutex_lock(&key->key_mutex); + qemu_cond_signal(&key->key_cond); + qemu_mutex_unlock(&key->key_mutex); +} + +static void *u2f_emulated_thread(void* arg) +{ + U2FEmulatedState *key = arg; + uint8_t packet[U2FHID_PACKET_SIZE]; + uint8_t *packet_out = NULL; + + + while (true) { + /* Wait signal */ + qemu_mutex_lock(&key->key_mutex); + qemu_cond_wait(&key->key_cond, &key->key_mutex); + qemu_mutex_unlock(&key->key_mutex); + + /* Exit thread check */ + if (key->stop_thread) { + key->stop_thread = false; + break; + } + + qemu_mutex_lock(&key->pending_out_mutex); + packet_out = u2f_pending_out_get(key); + if (packet_out == NULL) { + qemu_mutex_unlock(&key->pending_out_mutex); + continue; + } + memcpy(packet, packet_out, U2FHID_PACKET_SIZE); + qemu_mutex_unlock(&key->pending_out_mutex); + + qemu_mutex_lock(&key->vdev_mutex); + u2f_emu_vdev_send(key->vdev, U2F_EMU_USB, packet, + U2FHID_PACKET_SIZE); + + /* Notify response */ + if (u2f_emu_vdev_has_response(key->vdev, U2F_EMU_USB)) { + event_notifier_set(&key->notifier); + } + qemu_mutex_unlock(&key->vdev_mutex); + } + return NULL; +} + +static ssize_t u2f_emulated_read(const char *path, char *buffer, + size_t buffer_len) +{ + int fd; + ssize_t ret; + + fd = qemu_open(path, O_RDONLY); + if (fd < 0) { + return -1; + } + + ret = read(fd, buffer, buffer_len); + close(fd); + + return ret; +} + +static bool u2f_emulated_setup_counter(const char *path, + struct synced_counter *counter) +{ + int fd, ret; + FILE *fp; + + fd = qemu_open(path, O_RDWR); + if (fd < 0) { + return false; + } + fp = fdopen(fd, "r+"); + if (fp == NULL) { + close(fd); + return false; + } + ret = fscanf(fp, "%u", &counter->value); + if (ret == EOF) { + fclose(fp); + return false; + } + counter->fp = fp; + counter->vdev_counter.counter_increment = counter_increment; + counter->vdev_counter.counter_read = counter_read; + + return true; +} + +static u2f_emu_rc u2f_emulated_setup_vdev_manualy(U2FEmulatedState *key) +{ + ssize_t ret; + char cert_pem[4096], privkey_pem[2048]; + struct u2f_emu_vdev_setup setup_info; + + /* Certificate */ + ret = u2f_emulated_read(key->cert, cert_pem, sizeof(cert_pem)); + if (ret < 0) { + return -1; + } + + /* Private key */ + ret = u2f_emulated_read(key->privkey, privkey_pem, sizeof(privkey_pem)); + if (ret < 0) { + return -1; + } + + /* Entropy */ + ret = u2f_emulated_read(key->entropy, (char *)&setup_info.entropy, + sizeof(setup_info.entropy)); + if (ret < 0) { + return -1; + } + + /* Counter */ + if (!u2f_emulated_setup_counter(key->counter, &key->synced_counter)) { + return -1; + } + + /* Setup */ + setup_info.certificate = cert_pem; + setup_info.private_key = privkey_pem; + setup_info.counter = (struct u2f_emu_vdev_counter *)&key->synced_counter; + + return u2f_emu_vdev_new(&key->vdev, &setup_info); +} + +static void u2f_emulated_event_handler(EventNotifier *notifier) +{ + U2FEmulatedState *key = container_of(notifier, U2FEmulatedState, notifier); + size_t packet_size; + uint8_t *packet_in = NULL; + + event_notifier_test_and_clear(&key->notifier); + qemu_mutex_lock(&key->vdev_mutex); + while (u2f_emu_vdev_has_response(key->vdev, U2F_EMU_USB)) { + packet_size = u2f_emu_vdev_get_response(key->vdev, U2F_EMU_USB, + &packet_in); + if (packet_size == U2FHID_PACKET_SIZE) { + u2f_send_to_guest(&key->base, packet_in); + } + u2f_emu_vdev_free_response(packet_in); + } + qemu_mutex_unlock(&key->vdev_mutex); +} + +static void u2f_emulated_realize(U2FKeyState *base, Error **errp) +{ + U2FEmulatedState *key = EMULATED_U2F_KEY(base); + u2f_emu_rc rc; + + if (key->cert != NULL || key->privkey != NULL || key->entropy != NULL + || key->counter != NULL) { + if (key->cert != NULL && key->privkey != NULL + && key->entropy != NULL && key->counter != NULL) { + rc = u2f_emulated_setup_vdev_manualy(key); + } else { + error_setg(errp, "%s: cert, priv, entropy and counter " + "parameters must be provided to manualy configure " + "the emulated device", TYPE_U2F_EMULATED); + return; + } + } else if (key->dir != NULL) { + rc = u2f_emu_vdev_new_from_dir(&key->vdev, key->dir); + } else { + rc = u2f_emu_vdev_new_ephemeral(&key->vdev); + } + + if (rc != U2F_EMU_OK) { + error_setg(errp, "%s: Failed to setup the key", TYPE_U2F_EMULATED); + return; + } + + if (event_notifier_init(&key->notifier, false) < 0) { + error_setg(errp, "%s: Failed to initialize notifier", + TYPE_U2F_EMULATED); + return; + } + /* Notifier */ + event_notifier_set_handler(&key->notifier, u2f_emulated_event_handler); + + /* Synchronization */ + qemu_cond_init(&key->key_cond); + qemu_mutex_init(&key->vdev_mutex); + qemu_mutex_init(&key->pending_out_mutex); + qemu_mutex_init(&key->key_mutex); + u2f_emulated_reset(key); + + /* Thread */ + key->stop_thread = false; + qemu_thread_create(&key->key_thread, "u2f-key", u2f_emulated_thread, + key, QEMU_THREAD_JOINABLE); +} + +static void u2f_emulated_unrealize(U2FKeyState *base) +{ + U2FEmulatedState *key = EMULATED_U2F_KEY(base); + + /* Thread */ + key->stop_thread = true; + qemu_cond_signal(&key->key_cond); + qemu_thread_join(&key->key_thread); + + /* Notifier */ + event_notifier_set_handler(&key->notifier, NULL); + event_notifier_cleanup(&key->notifier); + + /* Synchronization */ + qemu_cond_destroy(&key->key_cond); + qemu_mutex_destroy(&key->vdev_mutex); + qemu_mutex_destroy(&key->key_mutex); + qemu_mutex_destroy(&key->pending_out_mutex); + + /* Vdev */ + u2f_emu_vdev_free(key->vdev); + if (key->synced_counter.fp != NULL) { + fclose(key->synced_counter.fp); + } +} + +static Property u2f_emulated_properties[] = { + DEFINE_PROP_STRING("dir", U2FEmulatedState, dir), + DEFINE_PROP_STRING("cert", U2FEmulatedState, cert), + DEFINE_PROP_STRING("privkey", U2FEmulatedState, privkey), + DEFINE_PROP_STRING("entropy", U2FEmulatedState, entropy), + DEFINE_PROP_STRING("counter", U2FEmulatedState, counter), + DEFINE_PROP_END_OF_LIST(), +}; + +static void u2f_emulated_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + U2FKeyClass *kc = U2F_KEY_CLASS(klass); + + kc->realize = u2f_emulated_realize; + kc->unrealize = u2f_emulated_unrealize; + kc->recv_from_guest = u2f_emulated_recv_from_guest; + dc->desc = "QEMU U2F emulated key"; + device_class_set_props(dc, u2f_emulated_properties); +} + +static const TypeInfo u2f_key_emulated_info = { + .name = TYPE_U2F_EMULATED, + .parent = TYPE_U2F_KEY, + .instance_size = sizeof(U2FEmulatedState), + .class_init = u2f_emulated_class_init +}; + +static void u2f_key_emulated_register_types(void) +{ + type_register_static(&u2f_key_emulated_info); +} + +type_init(u2f_key_emulated_register_types) diff --git a/hw/usb/u2f-passthru.c b/hw/usb/u2f-passthru.c new file mode 100644 index 0000000000..e9c8aa4595 --- /dev/null +++ b/hw/usb/u2f-passthru.c @@ -0,0 +1,551 @@ +/* + * U2F USB Passthru device. + * + * Copyright (c) 2020 César Belley <cesar.belley@lse.epita.fr> + * Written by César Belley <cesar.belley@lse.epita.fr> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qemu/module.h" +#include "qemu/main-loop.h" +#include "qemu/error-report.h" +#include "qapi/error.h" +#include "hw/qdev-properties.h" +#include "hw/usb.h" +#include "migration/vmstate.h" + +#include "u2f.h" + +#ifdef CONFIG_LIBUDEV +#include <libudev.h> +#endif +#include <linux/hidraw.h> +#include <sys/ioctl.h> + +#define NONCE_SIZE 8 +#define BROADCAST_CID 0xFFFFFFFF +#define TRANSACTION_TIMEOUT 120000 + +struct transaction { + uint32_t cid; + uint16_t resp_bcnt; + uint16_t resp_size; + + /* Nonce for broadcast isolation */ + uint8_t nonce[NONCE_SIZE]; +}; + +typedef struct U2FPassthruState U2FPassthruState; + +#define CURRENT_TRANSACTIONS_NUM 4 + +struct U2FPassthruState { + U2FKeyState base; + + /* Host device */ + char *hidraw; + int hidraw_fd; + + /* Current Transactions */ + struct transaction current_transactions[CURRENT_TRANSACTIONS_NUM]; + uint8_t current_transactions_start; + uint8_t current_transactions_end; + uint8_t current_transactions_num; + + /* Transaction time checking */ + int64_t last_transaction_time; + QEMUTimer timer; +}; + +#define TYPE_U2F_PASSTHRU "u2f-passthru" +#define PASSTHRU_U2F_KEY(obj) \ + OBJECT_CHECK(U2FPassthruState, (obj), TYPE_U2F_PASSTHRU) + +/* Init packet sizes */ +#define PACKET_INIT_HEADER_SIZE 7 +#define PACKET_INIT_DATA_SIZE (U2FHID_PACKET_SIZE - PACKET_INIT_HEADER_SIZE) + +/* Cont packet sizes */ +#define PACKET_CONT_HEADER_SIZE 5 +#define PACKET_CONT_DATA_SIZE (U2FHID_PACKET_SIZE - PACKET_CONT_HEADER_SIZE) + +struct packet_init { + uint32_t cid; + uint8_t cmd; + uint8_t bcnth; + uint8_t bcntl; + uint8_t data[PACKET_INIT_DATA_SIZE]; +} QEMU_PACKED; + +static inline uint32_t packet_get_cid(const void *packet) +{ + return *((uint32_t *)packet); +} + +static inline bool packet_is_init(const void *packet) +{ + return ((uint8_t *)packet)[4] & (1 << 7); +} + +static inline uint16_t packet_init_get_bcnt( + const struct packet_init *packet_init) +{ + uint16_t bcnt = 0; + bcnt |= packet_init->bcnth << 8; + bcnt |= packet_init->bcntl; + + return bcnt; +} + +static void u2f_passthru_reset(U2FPassthruState *key) +{ + timer_del(&key->timer); + qemu_set_fd_handler(key->hidraw_fd, NULL, NULL, key); + key->last_transaction_time = 0; + key->current_transactions_start = 0; + key->current_transactions_end = 0; + key->current_transactions_num = 0; +} + +static void u2f_timeout_check(void *opaque) +{ + U2FPassthruState *key = opaque; + int64_t time = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL); + + if (time > key->last_transaction_time + TRANSACTION_TIMEOUT) { + u2f_passthru_reset(key); + } else { + timer_mod(&key->timer, time + TRANSACTION_TIMEOUT / 4); + } +} + +static int u2f_transaction_get_index(U2FPassthruState *key, uint32_t cid) +{ + for (int i = 0; i < key->current_transactions_num; ++i) { + int index = (key->current_transactions_start + i) + % CURRENT_TRANSACTIONS_NUM; + if (cid == key->current_transactions[index].cid) { + return index; + } + } + return -1; +} + +static struct transaction *u2f_transaction_get(U2FPassthruState *key, + uint32_t cid) +{ + int index = u2f_transaction_get_index(key, cid); + if (index < 0) { + return NULL; + } + return &key->current_transactions[index]; +} + +static struct transaction *u2f_transaction_get_from_nonce(U2FPassthruState *key, + const uint8_t nonce[NONCE_SIZE]) +{ + for (int i = 0; i < key->current_transactions_num; ++i) { + int index = (key->current_transactions_start + i) + % CURRENT_TRANSACTIONS_NUM; + if (key->current_transactions[index].cid == BROADCAST_CID + && memcmp(nonce, key->current_transactions[index].nonce, + NONCE_SIZE) == 0) { + return &key->current_transactions[index]; + } + } + return NULL; +} + +static void u2f_transaction_close(U2FPassthruState *key, uint32_t cid) +{ + int index, next_index; + index = u2f_transaction_get_index(key, cid); + if (index < 0) { + return; + } + next_index = (index + 1) % CURRENT_TRANSACTIONS_NUM; + + /* Rearrange to ensure the oldest is at the start position */ + while (next_index != key->current_transactions_end) { + memcpy(&key->current_transactions[index], + &key->current_transactions[next_index], + sizeof(struct transaction)); + + index = next_index; + next_index = (index + 1) % CURRENT_TRANSACTIONS_NUM; + } + + key->current_transactions_end = index; + --key->current_transactions_num; + + if (key->current_transactions_num == 0) { + u2f_passthru_reset(key); + } +} + +static void u2f_transaction_add(U2FPassthruState *key, uint32_t cid, + const uint8_t nonce[NONCE_SIZE]) +{ + uint8_t index; + struct transaction *transaction; + + if (key->current_transactions_num >= CURRENT_TRANSACTIONS_NUM) { + /* Close the oldest transaction */ + index = key->current_transactions_start; + transaction = &key->current_transactions[index]; + u2f_transaction_close(key, transaction->cid); + } + + /* Index */ + index = key->current_transactions_end; + key->current_transactions_end = (index + 1) % CURRENT_TRANSACTIONS_NUM; + ++key->current_transactions_num; + + /* Transaction */ + transaction = &key->current_transactions[index]; + transaction->cid = cid; + transaction->resp_bcnt = 0; + transaction->resp_size = 0; + + /* Nonce */ + if (nonce != NULL) { + memcpy(transaction->nonce, nonce, NONCE_SIZE); + } +} + +static void u2f_passthru_read(void *opaque); + +static void u2f_transaction_start(U2FPassthruState *key, + const struct packet_init *packet_init) +{ + int64_t time; + + /* Transaction */ + if (packet_init->cid == BROADCAST_CID) { + u2f_transaction_add(key, packet_init->cid, packet_init->data); + } else { + u2f_transaction_add(key, packet_init->cid, NULL); + } + + /* Time */ + time = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL); + if (key->last_transaction_time == 0) { + qemu_set_fd_handler(key->hidraw_fd, u2f_passthru_read, NULL, key); + timer_init_ms(&key->timer, QEMU_CLOCK_VIRTUAL, u2f_timeout_check, key); + timer_mod(&key->timer, time + TRANSACTION_TIMEOUT / 4); + } + key->last_transaction_time = time; +} + +static void u2f_passthru_recv_from_host(U2FPassthruState *key, + const uint8_t packet[U2FHID_PACKET_SIZE]) +{ + struct transaction *transaction; + uint32_t cid; + + /* Retrieve transaction */ + cid = packet_get_cid(packet); + if (cid == BROADCAST_CID) { + struct packet_init *packet_init; + if (!packet_is_init(packet)) { + return; + } + packet_init = (struct packet_init *)packet; + transaction = u2f_transaction_get_from_nonce(key, packet_init->data); + } else { + transaction = u2f_transaction_get(key, cid); + } + + /* Ignore no started transaction */ + if (transaction == NULL) { + return; + } + + if (packet_is_init(packet)) { + struct packet_init *packet_init = (struct packet_init *)packet; + transaction->resp_bcnt = packet_init_get_bcnt(packet_init); + transaction->resp_size = PACKET_INIT_DATA_SIZE; + + if (packet_init->cid == BROADCAST_CID) { + /* Nonce checking for legitimate response */ + if (memcmp(transaction->nonce, packet_init->data, NONCE_SIZE) + != 0) { + return; + } + } + } else { + transaction->resp_size += PACKET_CONT_DATA_SIZE; + } + + /* Transaction end check */ + if (transaction->resp_size >= transaction->resp_bcnt) { + u2f_transaction_close(key, cid); + } + u2f_send_to_guest(&key->base, packet); +} + +static void u2f_passthru_read(void *opaque) +{ + U2FPassthruState *key = opaque; + U2FKeyState *base = &key->base; + uint8_t packet[2 * U2FHID_PACKET_SIZE]; + int ret; + + /* Full size base queue check */ + if (base->pending_in_num >= U2FHID_PENDING_IN_NUM) { + return; + } + + ret = read(key->hidraw_fd, packet, sizeof(packet)); + if (ret < 0) { + /* Detach */ + if (base->dev.attached) { + usb_device_detach(&base->dev); + u2f_passthru_reset(key); + } + return; + } + if (ret != U2FHID_PACKET_SIZE) { + return; + } + u2f_passthru_recv_from_host(key, packet); +} + +static void u2f_passthru_recv_from_guest(U2FKeyState *base, + const uint8_t packet[U2FHID_PACKET_SIZE]) +{ + U2FPassthruState *key = PASSTHRU_U2F_KEY(base); + uint8_t host_packet[U2FHID_PACKET_SIZE + 1]; + ssize_t written; + + if (packet_is_init(packet)) { + u2f_transaction_start(key, (struct packet_init *)packet); + } + + host_packet[0] = 0; + memcpy(host_packet + 1, packet, U2FHID_PACKET_SIZE); + + written = write(key->hidraw_fd, host_packet, sizeof(host_packet)); + if (written != sizeof(host_packet)) { + error_report("%s: Bad written size (req 0x%zu, val 0x%zd)", + TYPE_U2F_PASSTHRU, sizeof(host_packet), written); + } +} + +static bool u2f_passthru_is_u2f_device(int fd) +{ + int ret, rdesc_size; + struct hidraw_report_descriptor rdesc; + const uint8_t u2f_hid_report_desc_header[] = { + 0x06, 0xd0, 0xf1, /* Usage Page (FIDO) */ + 0x09, 0x01, /* Usage (FIDO) */ + }; + + /* Get report descriptor size */ + ret = ioctl(fd, HIDIOCGRDESCSIZE, &rdesc_size); + if (ret < 0 || rdesc_size < sizeof(u2f_hid_report_desc_header)) { + return false; + } + + /* Get report descriptor */ + memset(&rdesc, 0x0, sizeof(rdesc)); + rdesc.size = rdesc_size; + ret = ioctl(fd, HIDIOCGRDESC, &rdesc); + if (ret < 0) { + return false; + } + + /* Header bytes cover specific U2F rdesc values */ + return memcmp(u2f_hid_report_desc_header, rdesc.value, + sizeof(u2f_hid_report_desc_header)) == 0; +} + +#ifdef CONFIG_LIBUDEV +static int u2f_passthru_open_from_device(struct udev_device *device) +{ + const char *devnode = udev_device_get_devnode(device); + + int fd = qemu_open(devnode, O_RDWR); + if (fd < 0) { + return -1; + } else if (!u2f_passthru_is_u2f_device(fd)) { + qemu_close(fd); + return -1; + } + return fd; +} + +static int u2f_passthru_open_from_enumerate(struct udev *udev, + struct udev_enumerate *enumerate) +{ + struct udev_list_entry *devices, *entry; + int ret, fd; + + ret = udev_enumerate_scan_devices(enumerate); + if (ret < 0) { + return -1; + } + + devices = udev_enumerate_get_list_entry(enumerate); + udev_list_entry_foreach(entry, devices) { + struct udev_device *device; + const char *syspath = udev_list_entry_get_name(entry); + + if (syspath == NULL) { + continue; + } + + device = udev_device_new_from_syspath(udev, syspath); + if (device == NULL) { + continue; + } + + fd = u2f_passthru_open_from_device(device); + udev_device_unref(device); + if (fd >= 0) { + return fd; + } + } + return -1; +} + +static int u2f_passthru_open_from_scan(void) +{ + struct udev *udev; + struct udev_enumerate *enumerate; + int ret, fd = -1; + + udev = udev_new(); + if (udev == NULL) { + return -1; + } + + enumerate = udev_enumerate_new(udev); + if (enumerate == NULL) { + udev_unref(udev); + return -1; + } + + ret = udev_enumerate_add_match_subsystem(enumerate, "hidraw"); + if (ret >= 0) { + fd = u2f_passthru_open_from_enumerate(udev, enumerate); + } + + udev_enumerate_unref(enumerate); + udev_unref(udev); + + return fd; +} +#endif + +static void u2f_passthru_unrealize(U2FKeyState *base) +{ + U2FPassthruState *key = PASSTHRU_U2F_KEY(base); + + u2f_passthru_reset(key); + qemu_close(key->hidraw_fd); +} + +static void u2f_passthru_realize(U2FKeyState *base, Error **errp) +{ + U2FPassthruState *key = PASSTHRU_U2F_KEY(base); + int fd; + + if (key->hidraw == NULL) { +#ifdef CONFIG_LIBUDEV + fd = u2f_passthru_open_from_scan(); + if (fd < 0) { + error_setg(errp, "%s: Failed to find a U2F USB device", + TYPE_U2F_PASSTHRU); + return; + } +#else + error_setg(errp, "%s: Missing hidraw", TYPE_U2F_PASSTHRU); + return; +#endif + } else { + fd = qemu_open(key->hidraw, O_RDWR); + if (fd < 0) { + error_setg(errp, "%s: Failed to open %s", TYPE_U2F_PASSTHRU, + key->hidraw); + return; + } + + if (!u2f_passthru_is_u2f_device(fd)) { + qemu_close(fd); + error_setg(errp, "%s: Passed hidraw does not represent " + "a U2F HID device", TYPE_U2F_PASSTHRU); + return; + } + } + key->hidraw_fd = fd; + u2f_passthru_reset(key); +} + +static int u2f_passthru_post_load(void *opaque, int version_id) +{ + U2FPassthruState *key = opaque; + u2f_passthru_reset(key); + return 0; +} + +static const VMStateDescription u2f_passthru_vmstate = { + .name = "u2f-key-passthru", + .version_id = 1, + .minimum_version_id = 1, + .post_load = u2f_passthru_post_load, + .fields = (VMStateField[]) { + VMSTATE_U2F_KEY(base, U2FPassthruState), + VMSTATE_END_OF_LIST() + } +}; + +static Property u2f_passthru_properties[] = { + DEFINE_PROP_STRING("hidraw", U2FPassthruState, hidraw), + DEFINE_PROP_END_OF_LIST(), +}; + +static void u2f_passthru_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + U2FKeyClass *kc = U2F_KEY_CLASS(klass); + + kc->realize = u2f_passthru_realize; + kc->unrealize = u2f_passthru_unrealize; + kc->recv_from_guest = u2f_passthru_recv_from_guest; + dc->desc = "QEMU U2F passthrough key"; + dc->vmsd = &u2f_passthru_vmstate; + device_class_set_props(dc, u2f_passthru_properties); +} + +static const TypeInfo u2f_key_passthru_info = { + .name = TYPE_U2F_PASSTHRU, + .parent = TYPE_U2F_KEY, + .instance_size = sizeof(U2FPassthruState), + .class_init = u2f_passthru_class_init +}; + +static void u2f_key_passthru_register_types(void) +{ + type_register_static(&u2f_key_passthru_info); +} + +type_init(u2f_key_passthru_register_types) diff --git a/hw/usb/u2f.c b/hw/usb/u2f.c new file mode 100644 index 0000000000..bc09191f06 --- /dev/null +++ b/hw/usb/u2f.c @@ -0,0 +1,352 @@ +/* + * U2F USB device. + * + * Copyright (c) 2020 César Belley <cesar.belley@lse.epita.fr> + * Written by César Belley <cesar.belley@lse.epita.fr> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qemu/module.h" +#include "qapi/error.h" +#include "hw/usb.h" +#include "hw/usb/hid.h" +#include "migration/vmstate.h" +#include "desc.h" + +#include "u2f.h" + +/* U2F key Vendor / Product */ +#define U2F_KEY_VENDOR_NUM 0x46f4 /* CRC16() of "QEMU" */ +#define U2F_KEY_PRODUCT_NUM 0x0005 + +enum { + STR_MANUFACTURER = 1, + STR_PRODUCT, + STR_SERIALNUMBER, + STR_CONFIG, + STR_INTERFACE +}; + +static const USBDescStrings desc_strings = { + [STR_MANUFACTURER] = "QEMU", + [STR_PRODUCT] = "U2F USB key", + [STR_SERIALNUMBER] = "0", + [STR_CONFIG] = "U2F key config", + [STR_INTERFACE] = "U2F key interface" +}; + +static const USBDescIface desc_iface_u2f_key = { + .bInterfaceNumber = 0, + .bNumEndpoints = 2, + .bInterfaceClass = USB_CLASS_HID, + .bInterfaceSubClass = 0x0, + .bInterfaceProtocol = 0x0, + .ndesc = 1, + .descs = (USBDescOther[]) { + { + /* HID descriptor */ + .data = (uint8_t[]) { + 0x09, /* u8 bLength */ + USB_DT_HID, /* u8 bDescriptorType */ + 0x10, 0x01, /* u16 HID_class */ + 0x00, /* u8 country_code */ + 0x01, /* u8 num_descriptors */ + USB_DT_REPORT, /* u8 type: Report */ + 0x22, 0, /* u16 len */ + }, + }, + }, + .eps = (USBDescEndpoint[]) { + { + .bEndpointAddress = USB_DIR_IN | 0x01, + .bmAttributes = USB_ENDPOINT_XFER_INT, + .wMaxPacketSize = U2FHID_PACKET_SIZE, + .bInterval = 0x05, + }, { + .bEndpointAddress = USB_DIR_OUT | 0x01, + .bmAttributes = USB_ENDPOINT_XFER_INT, + .wMaxPacketSize = U2FHID_PACKET_SIZE, + .bInterval = 0x05, + }, + }, + +}; + +static const USBDescDevice desc_device_u2f_key = { + .bcdUSB = 0x0100, + .bMaxPacketSize0 = U2FHID_PACKET_SIZE, + .bNumConfigurations = 1, + .confs = (USBDescConfig[]) { + { + .bNumInterfaces = 1, + .bConfigurationValue = 1, + .iConfiguration = STR_CONFIG, + .bmAttributes = USB_CFG_ATT_ONE, + .bMaxPower = 15, + .nif = 1, + .ifs = &desc_iface_u2f_key, + }, + }, +}; + +static const USBDesc desc_u2f_key = { + .id = { + .idVendor = U2F_KEY_VENDOR_NUM, + .idProduct = U2F_KEY_PRODUCT_NUM, + .bcdDevice = 0, + .iManufacturer = STR_MANUFACTURER, + .iProduct = STR_PRODUCT, + .iSerialNumber = STR_SERIALNUMBER, + }, + .full = &desc_device_u2f_key, + .str = desc_strings, +}; + +static const uint8_t u2f_key_hid_report_desc[] = { + 0x06, 0xd0, 0xf1, /* Usage Page (FIDO) */ + 0x09, 0x01, /* Usage (FIDO) */ + 0xa1, 0x01, /* Collection (HID Application) */ + 0x09, 0x20, /* Usage (FIDO data in) */ + 0x15, 0x00, /* Logical Minimum (0) */ + 0x26, 0xFF, 0x00, /* Logical Maximum (0xff) */ + 0x75, 0x08, /* Report Size (8) */ + 0x95, 0x40, /* Report Count (0x40) */ + 0x81, 0x02, /* Input (Data, Variable, Absolute) */ + 0x09, 0x21, /* Usage (FIDO data out) */ + 0x15, 0x00, /* Logical Minimum (0) */ + 0x26, 0xFF, 0x00, /* Logical Maximum (0xFF) */ + 0x75, 0x08, /* Report Size (8) */ + 0x95, 0x40, /* Report Count (0x40) */ + 0x91, 0x02, /* Output (Data, Variable, Absolute) */ + 0xC0 /* End Collection */ +}; + +static void u2f_key_reset(U2FKeyState *key) +{ + key->pending_in_start = 0; + key->pending_in_end = 0; + key->pending_in_num = 0; +} + +static void u2f_key_handle_reset(USBDevice *dev) +{ + U2FKeyState *key = U2F_KEY(dev); + + u2f_key_reset(key); +} + +static void u2f_key_handle_control(USBDevice *dev, USBPacket *p, + int request, int value, int index, int length, uint8_t *data) +{ + U2FKeyState *key = U2F_KEY(dev); + int ret; + + ret = usb_desc_handle_control(dev, p, request, value, index, length, data); + if (ret >= 0) { + return; + } + + switch (request) { + case InterfaceRequest | USB_REQ_GET_DESCRIPTOR: + switch (value >> 8) { + case 0x22: + memcpy(data, u2f_key_hid_report_desc, + sizeof(u2f_key_hid_report_desc)); + p->actual_length = sizeof(u2f_key_hid_report_desc); + break; + default: + goto fail; + } + break; + case HID_GET_IDLE: + data[0] = key->idle; + p->actual_length = 1; + break; + case HID_SET_IDLE: + key->idle = (uint8_t)(value >> 8); + break; + default: + fail: + p->status = USB_RET_STALL; + break; + } + +} + +static void u2f_key_recv_from_guest(U2FKeyState *key, USBPacket *p) +{ + U2FKeyClass *kc = U2F_KEY_GET_CLASS(key); + uint8_t packet[U2FHID_PACKET_SIZE]; + + if (kc->recv_from_guest == NULL || p->iov.size != U2FHID_PACKET_SIZE) { + return; + } + + usb_packet_copy(p, packet, p->iov.size); + kc->recv_from_guest(key, packet); +} + +static void u2f_pending_in_add(U2FKeyState *key, + const uint8_t packet[U2FHID_PACKET_SIZE]) +{ + uint8_t index; + + if (key->pending_in_num >= U2FHID_PENDING_IN_NUM) { + return; + } + + index = key->pending_in_end; + key->pending_in_end = (index + 1) % U2FHID_PENDING_IN_NUM; + ++key->pending_in_num; + + memcpy(key->pending_in[index], packet, U2FHID_PACKET_SIZE); +} + +static uint8_t *u2f_pending_in_get(U2FKeyState *key) +{ + uint8_t index; + + if (key->pending_in_num == 0) { + return NULL; + } + + index = key->pending_in_start; + key->pending_in_start = (index + 1) % U2FHID_PENDING_IN_NUM; + --key->pending_in_num; + + return key->pending_in[index]; +} + +static void u2f_key_handle_data(USBDevice *dev, USBPacket *p) +{ + U2FKeyState *key = U2F_KEY(dev); + uint8_t *packet_in; + + /* Endpoint number check */ + if (p->ep->nr != 1) { + p->status = USB_RET_STALL; + return; + } + + switch (p->pid) { + case USB_TOKEN_OUT: + u2f_key_recv_from_guest(key, p); + break; + case USB_TOKEN_IN: + packet_in = u2f_pending_in_get(key); + if (packet_in == NULL) { + p->status = USB_RET_NAK; + return; + } + usb_packet_copy(p, packet_in, U2FHID_PACKET_SIZE); + break; + default: + p->status = USB_RET_STALL; + break; + } +} + +void u2f_send_to_guest(U2FKeyState *key, + const uint8_t packet[U2FHID_PACKET_SIZE]) +{ + u2f_pending_in_add(key, packet); + usb_wakeup(key->ep, 0); +} + +static void u2f_key_unrealize(USBDevice *dev) +{ + U2FKeyState *key = U2F_KEY(dev); + U2FKeyClass *kc = U2F_KEY_GET_CLASS(key); + + if (kc->unrealize != NULL) { + kc->unrealize(key); + } +} + +static void u2f_key_realize(USBDevice *dev, Error **errp) +{ + U2FKeyState *key = U2F_KEY(dev); + U2FKeyClass *kc = U2F_KEY_GET_CLASS(key); + Error *local_err = NULL; + + usb_desc_create_serial(dev); + usb_desc_init(dev); + u2f_key_reset(key); + + if (kc->realize != NULL) { + kc->realize(key, &local_err); + if (local_err != NULL) { + error_propagate(errp, local_err); + return; + } + } + key->ep = usb_ep_get(dev, USB_TOKEN_IN, 1); +} + +const VMStateDescription vmstate_u2f_key = { + .name = "u2f-key", + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_USB_DEVICE(dev, U2FKeyState), + VMSTATE_UINT8(idle, U2FKeyState), + VMSTATE_UINT8_2DARRAY(pending_in, U2FKeyState, + U2FHID_PENDING_IN_NUM, U2FHID_PACKET_SIZE), + VMSTATE_UINT8(pending_in_start, U2FKeyState), + VMSTATE_UINT8(pending_in_end, U2FKeyState), + VMSTATE_UINT8(pending_in_num, U2FKeyState), + VMSTATE_END_OF_LIST() + } +}; + +static void u2f_key_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + USBDeviceClass *uc = USB_DEVICE_CLASS(klass); + + uc->product_desc = "QEMU U2F USB key"; + uc->usb_desc = &desc_u2f_key; + uc->handle_reset = u2f_key_handle_reset; + uc->handle_control = u2f_key_handle_control; + uc->handle_data = u2f_key_handle_data; + uc->handle_attach = usb_desc_attach; + uc->realize = u2f_key_realize; + uc->unrealize = u2f_key_unrealize; + dc->desc = "QEMU U2F key"; + dc->vmsd = &vmstate_u2f_key; +} + +static const TypeInfo u2f_key_info = { + .name = TYPE_U2F_KEY, + .parent = TYPE_USB_DEVICE, + .instance_size = sizeof(U2FKeyState), + .abstract = true, + .class_size = sizeof(U2FKeyClass), + .class_init = u2f_key_class_init, +}; + +static void u2f_key_register_types(void) +{ + type_register_static(&u2f_key_info); + usb_legacy_register(TYPE_U2F_KEY, "u2f-key", NULL); +} + +type_init(u2f_key_register_types) diff --git a/hw/usb/u2f.h b/hw/usb/u2f.h new file mode 100644 index 0000000000..db30f3586b --- /dev/null +++ b/hw/usb/u2f.h @@ -0,0 +1,92 @@ +/* + * U2F USB device. + * + * Copyright (c) 2020 César Belley <cesar.belley@lse.epita.fr> + * Written by César Belley <cesar.belley@lse.epita.fr> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef U2F_H +#define U2F_H + +#include "hw/qdev-core.h" + +#define U2FHID_PACKET_SIZE 64 +#define U2FHID_PENDING_IN_NUM 32 + +typedef struct U2FKeyState U2FKeyState; +typedef struct U2FKeyInfo U2FKeyInfo; + +#define TYPE_U2F_KEY "u2f-key" +#define U2F_KEY(obj) \ + OBJECT_CHECK(U2FKeyState, (obj), TYPE_U2F_KEY) +#define U2F_KEY_CLASS(klass) \ + OBJECT_CLASS_CHECK(U2FKeyClass, (klass), TYPE_U2F_KEY) +#define U2F_KEY_GET_CLASS(obj) \ + OBJECT_GET_CLASS(U2FKeyClass, (obj), TYPE_U2F_KEY) + +/* + * Callbacks to be used by the U2F key base device (i.e. hw/u2f.c) + * to interact with its variants (i.e. hw/u2f-*.c) + */ +typedef struct U2FKeyClass { + /*< private >*/ + USBDeviceClass parent_class; + + /*< public >*/ + void (*recv_from_guest)(U2FKeyState *key, + const uint8_t packet[U2FHID_PACKET_SIZE]); + void (*realize)(U2FKeyState *key, Error **errp); + void (*unrealize)(U2FKeyState *key); +} U2FKeyClass; + +/* + * State of the U2F key base device (i.e. hw/u2f.c) + */ +typedef struct U2FKeyState { + USBDevice dev; + USBEndpoint *ep; + uint8_t idle; + + /* Pending packets to be send to the guest */ + uint8_t pending_in[U2FHID_PENDING_IN_NUM][U2FHID_PACKET_SIZE]; + uint8_t pending_in_start; + uint8_t pending_in_end; + uint8_t pending_in_num; +} U2FKeyState; + +/* + * API to be used by the U2F key device variants (i.e. hw/u2f-*.c) + * to interact with the the U2F key base device (i.e. hw/u2f.c) + */ +void u2f_send_to_guest(U2FKeyState *key, + const uint8_t packet[U2FHID_PACKET_SIZE]); + +extern const VMStateDescription vmstate_u2f_key; + +#define VMSTATE_U2F_KEY(_field, _state) { \ + .name = (stringify(_field)), \ + .size = sizeof(U2FKeyState), \ + .vmsd = &vmstate_u2f_key, \ + .flags = VMS_STRUCT, \ + .offset = vmstate_offset_value(_state, _field, U2FKeyState), \ +} + +#endif /* U2F_H */ diff --git a/include/fpu/softfloat-types.h b/include/fpu/softfloat-types.h index c7ddcab8ca..8a3f20fae9 100644 --- a/include/fpu/softfloat-types.h +++ b/include/fpu/softfloat-types.h @@ -113,6 +113,11 @@ typedef struct { #define make_float128_init(high_, low_) { .high = high_, .low = low_ } /* + * Software neural-network floating-point types. + */ +typedef uint16_t bfloat16; + +/* * Software IEC/IEEE floating-point underflow tininess-detection mode. */ diff --git a/include/fpu/softfloat.h b/include/fpu/softfloat.h index 659218b5c7..78ad5ca738 100644 --- a/include/fpu/softfloat.h +++ b/include/fpu/softfloat.h @@ -109,6 +109,7 @@ void float_raise(uint8_t flags, float_status *status); float16 float16_squash_input_denormal(float16 a, float_status *status); float32 float32_squash_input_denormal(float32 a, float_status *status); float64 float64_squash_input_denormal(float64 a, float_status *status); +bfloat16 bfloat16_squash_input_denormal(bfloat16 a, float_status *status); /*---------------------------------------------------------------------------- | Options to indicate which negations to perform in float*_muladd() @@ -136,9 +137,11 @@ float16 uint16_to_float16_scalbn(uint16_t a, int, float_status *status); float16 uint32_to_float16_scalbn(uint32_t a, int, float_status *status); float16 uint64_to_float16_scalbn(uint64_t a, int, float_status *status); +float16 int8_to_float16(int8_t a, float_status *status); float16 int16_to_float16(int16_t a, float_status *status); float16 int32_to_float16(int32_t a, float_status *status); float16 int64_to_float16(int64_t a, float_status *status); +float16 uint8_to_float16(uint8_t a, float_status *status); float16 uint16_to_float16(uint16_t a, float_status *status); float16 uint32_to_float16(uint32_t a, float_status *status); float16 uint64_to_float16(uint64_t a, float_status *status); @@ -187,10 +190,13 @@ float32 float16_to_float32(float16, bool ieee, float_status *status); float16 float64_to_float16(float64 a, bool ieee, float_status *status); float64 float16_to_float64(float16 a, bool ieee, float_status *status); +int8_t float16_to_int8_scalbn(float16, FloatRoundMode, int, + float_status *status); int16_t float16_to_int16_scalbn(float16, FloatRoundMode, int, float_status *); int32_t float16_to_int32_scalbn(float16, FloatRoundMode, int, float_status *); int64_t float16_to_int64_scalbn(float16, FloatRoundMode, int, float_status *); +int8_t float16_to_int8(float16, float_status *status); int16_t float16_to_int16(float16, float_status *status); int32_t float16_to_int32(float16, float_status *status); int64_t float16_to_int64(float16, float_status *status); @@ -199,6 +205,8 @@ int16_t float16_to_int16_round_to_zero(float16, float_status *status); int32_t float16_to_int32_round_to_zero(float16, float_status *status); int64_t float16_to_int64_round_to_zero(float16, float_status *status); +uint8_t float16_to_uint8_scalbn(float16 a, FloatRoundMode, + int, float_status *status); uint16_t float16_to_uint16_scalbn(float16 a, FloatRoundMode, int, float_status *status); uint32_t float16_to_uint32_scalbn(float16 a, FloatRoundMode, @@ -206,6 +214,7 @@ uint32_t float16_to_uint32_scalbn(float16 a, FloatRoundMode, uint64_t float16_to_uint64_scalbn(float16 a, FloatRoundMode, int, float_status *status); +uint8_t float16_to_uint8(float16 a, float_status *status); uint16_t float16_to_uint16(float16 a, float_status *status); uint32_t float16_to_uint32(float16 a, float_status *status); uint64_t float16_to_uint64(float16 a, float_status *status); @@ -264,6 +273,11 @@ static inline bool float16_is_zero_or_denormal(float16 a) return (float16_val(a) & 0x7c00) == 0; } +static inline bool float16_is_normal(float16 a) +{ + return (((float16_val(a) >> 10) + 1) & 0x1f) >= 2; +} + static inline float16 float16_abs(float16 a) { /* Note that abs does *not* handle NaN specially, nor does @@ -285,6 +299,47 @@ static inline float16 float16_set_sign(float16 a, int sign) return make_float16((float16_val(a) & 0x7fff) | (sign << 15)); } +static inline bool float16_eq(float16 a, float16 b, float_status *s) +{ + return float16_compare(a, b, s) == float_relation_equal; +} + +static inline bool float16_le(float16 a, float16 b, float_status *s) +{ + return float16_compare(a, b, s) <= float_relation_equal; +} + +static inline bool float16_lt(float16 a, float16 b, float_status *s) +{ + return float16_compare(a, b, s) < float_relation_equal; +} + +static inline bool float16_unordered(float16 a, float16 b, float_status *s) +{ + return float16_compare(a, b, s) == float_relation_unordered; +} + +static inline bool float16_eq_quiet(float16 a, float16 b, float_status *s) +{ + return float16_compare_quiet(a, b, s) == float_relation_equal; +} + +static inline bool float16_le_quiet(float16 a, float16 b, float_status *s) +{ + return float16_compare_quiet(a, b, s) <= float_relation_equal; +} + +static inline bool float16_lt_quiet(float16 a, float16 b, float_status *s) +{ + return float16_compare_quiet(a, b, s) < float_relation_equal; +} + +static inline bool float16_unordered_quiet(float16 a, float16 b, + float_status *s) +{ + return float16_compare_quiet(a, b, s) == float_relation_unordered; +} + #define float16_zero make_float16(0) #define float16_half make_float16(0x3800) #define float16_one make_float16(0x3c00) @@ -294,6 +349,186 @@ static inline float16 float16_set_sign(float16 a, int sign) #define float16_infinity make_float16(0x7c00) /*---------------------------------------------------------------------------- +| Software bfloat16 conversion routines. +*----------------------------------------------------------------------------*/ + +bfloat16 bfloat16_round_to_int(bfloat16, float_status *status); +bfloat16 float32_to_bfloat16(float32, float_status *status); +float32 bfloat16_to_float32(bfloat16, float_status *status); +bfloat16 float64_to_bfloat16(float64 a, float_status *status); +float64 bfloat16_to_float64(bfloat16 a, float_status *status); + +int16_t bfloat16_to_int16_scalbn(bfloat16, FloatRoundMode, + int, float_status *status); +int32_t bfloat16_to_int32_scalbn(bfloat16, FloatRoundMode, + int, float_status *status); +int64_t bfloat16_to_int64_scalbn(bfloat16, FloatRoundMode, + int, float_status *status); + +int16_t bfloat16_to_int16(bfloat16, float_status *status); +int32_t bfloat16_to_int32(bfloat16, float_status *status); +int64_t bfloat16_to_int64(bfloat16, float_status *status); + +int16_t bfloat16_to_int16_round_to_zero(bfloat16, float_status *status); +int32_t bfloat16_to_int32_round_to_zero(bfloat16, float_status *status); +int64_t bfloat16_to_int64_round_to_zero(bfloat16, float_status *status); + +uint16_t bfloat16_to_uint16_scalbn(bfloat16 a, FloatRoundMode, + int, float_status *status); +uint32_t bfloat16_to_uint32_scalbn(bfloat16 a, FloatRoundMode, + int, float_status *status); +uint64_t bfloat16_to_uint64_scalbn(bfloat16 a, FloatRoundMode, + int, float_status *status); + +uint16_t bfloat16_to_uint16(bfloat16 a, float_status *status); +uint32_t bfloat16_to_uint32(bfloat16 a, float_status *status); +uint64_t bfloat16_to_uint64(bfloat16 a, float_status *status); + +uint16_t bfloat16_to_uint16_round_to_zero(bfloat16 a, float_status *status); +uint32_t bfloat16_to_uint32_round_to_zero(bfloat16 a, float_status *status); +uint64_t bfloat16_to_uint64_round_to_zero(bfloat16 a, float_status *status); + +bfloat16 int16_to_bfloat16_scalbn(int16_t a, int, float_status *status); +bfloat16 int32_to_bfloat16_scalbn(int32_t a, int, float_status *status); +bfloat16 int64_to_bfloat16_scalbn(int64_t a, int, float_status *status); +bfloat16 uint16_to_bfloat16_scalbn(uint16_t a, int, float_status *status); +bfloat16 uint32_to_bfloat16_scalbn(uint32_t a, int, float_status *status); +bfloat16 uint64_to_bfloat16_scalbn(uint64_t a, int, float_status *status); + +bfloat16 int16_to_bfloat16(int16_t a, float_status *status); +bfloat16 int32_to_bfloat16(int32_t a, float_status *status); +bfloat16 int64_to_bfloat16(int64_t a, float_status *status); +bfloat16 uint16_to_bfloat16(uint16_t a, float_status *status); +bfloat16 uint32_to_bfloat16(uint32_t a, float_status *status); +bfloat16 uint64_to_bfloat16(uint64_t a, float_status *status); + +/*---------------------------------------------------------------------------- +| Software bfloat16 operations. +*----------------------------------------------------------------------------*/ + +bfloat16 bfloat16_add(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_sub(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_mul(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_div(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_muladd(bfloat16, bfloat16, bfloat16, int, + float_status *status); +float16 bfloat16_scalbn(bfloat16, int, float_status *status); +bfloat16 bfloat16_min(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_max(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_minnum(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_maxnum(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_minnummag(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_maxnummag(bfloat16, bfloat16, float_status *status); +bfloat16 bfloat16_sqrt(bfloat16, float_status *status); +FloatRelation bfloat16_compare(bfloat16, bfloat16, float_status *status); +FloatRelation bfloat16_compare_quiet(bfloat16, bfloat16, float_status *status); + +bool bfloat16_is_quiet_nan(bfloat16, float_status *status); +bool bfloat16_is_signaling_nan(bfloat16, float_status *status); +bfloat16 bfloat16_silence_nan(bfloat16, float_status *status); +bfloat16 bfloat16_default_nan(float_status *status); + +static inline bool bfloat16_is_any_nan(bfloat16 a) +{ + return ((a & ~0x8000) > 0x7F80); +} + +static inline bool bfloat16_is_neg(bfloat16 a) +{ + return a >> 15; +} + +static inline bool bfloat16_is_infinity(bfloat16 a) +{ + return (a & 0x7fff) == 0x7F80; +} + +static inline bool bfloat16_is_zero(bfloat16 a) +{ + return (a & 0x7fff) == 0; +} + +static inline bool bfloat16_is_zero_or_denormal(bfloat16 a) +{ + return (a & 0x7F80) == 0; +} + +static inline bool bfloat16_is_normal(bfloat16 a) +{ + return (((a >> 7) + 1) & 0xff) >= 2; +} + +static inline bfloat16 bfloat16_abs(bfloat16 a) +{ + /* Note that abs does *not* handle NaN specially, nor does + * it flush denormal inputs to zero. + */ + return a & 0x7fff; +} + +static inline bfloat16 bfloat16_chs(bfloat16 a) +{ + /* Note that chs does *not* handle NaN specially, nor does + * it flush denormal inputs to zero. + */ + return a ^ 0x8000; +} + +static inline bfloat16 bfloat16_set_sign(bfloat16 a, int sign) +{ + return (a & 0x7fff) | (sign << 15); +} + +static inline bool bfloat16_eq(bfloat16 a, bfloat16 b, float_status *s) +{ + return bfloat16_compare(a, b, s) == float_relation_equal; +} + +static inline bool bfloat16_le(bfloat16 a, bfloat16 b, float_status *s) +{ + return bfloat16_compare(a, b, s) <= float_relation_equal; +} + +static inline bool bfloat16_lt(bfloat16 a, bfloat16 b, float_status *s) +{ + return bfloat16_compare(a, b, s) < float_relation_equal; +} + +static inline bool bfloat16_unordered(bfloat16 a, bfloat16 b, float_status *s) +{ + return bfloat16_compare(a, b, s) == float_relation_unordered; +} + +static inline bool bfloat16_eq_quiet(bfloat16 a, bfloat16 b, float_status *s) +{ + return bfloat16_compare_quiet(a, b, s) == float_relation_equal; +} + +static inline bool bfloat16_le_quiet(bfloat16 a, bfloat16 b, float_status *s) +{ + return bfloat16_compare_quiet(a, b, s) <= float_relation_equal; +} + +static inline bool bfloat16_lt_quiet(bfloat16 a, bfloat16 b, float_status *s) +{ + return bfloat16_compare_quiet(a, b, s) < float_relation_equal; +} + +static inline bool bfloat16_unordered_quiet(bfloat16 a, bfloat16 b, + float_status *s) +{ + return bfloat16_compare_quiet(a, b, s) == float_relation_unordered; +} + +#define bfloat16_zero 0 +#define bfloat16_half 0x3f00 +#define bfloat16_one 0x3f80 +#define bfloat16_one_point_five 0x3fc0 +#define bfloat16_two 0x4000 +#define bfloat16_three 0x4040 +#define bfloat16_infinity 0x7f80 + +/*---------------------------------------------------------------------------- | The pattern for a default generated half-precision NaN. *----------------------------------------------------------------------------*/ float16 float16_default_nan(float_status *status); diff --git a/include/hw/usb/hid.h b/include/hw/usb/hid.h new file mode 100644 index 0000000000..1c142584ff --- /dev/null +++ b/include/hw/usb/hid.h @@ -0,0 +1,17 @@ +#ifndef HW_USB_HID_H +#define HW_USB_HID_H + +/* HID interface requests */ +#define HID_GET_REPORT 0xa101 +#define HID_GET_IDLE 0xa102 +#define HID_GET_PROTOCOL 0xa103 +#define HID_SET_REPORT 0x2109 +#define HID_SET_IDLE 0x210a +#define HID_SET_PROTOCOL 0x210b + +/* HID descriptor types */ +#define USB_DT_HID 0x21 +#define USB_DT_REPORT 0x22 +#define USB_DT_PHY 0x23 + +#endif diff --git a/meson.build b/meson.build index 74f8ea0c2e..1e7aee85e3 100644 --- a/meson.build +++ b/meson.build @@ -377,6 +377,12 @@ if 'CONFIG_SMARTCARD' in config_host cacard = declare_dependency(compile_args: config_host['SMARTCARD_CFLAGS'].split(), link_args: config_host['SMARTCARD_LIBS'].split()) endif +u2f = not_found +if have_system + u2f = dependency('u2f-emu', required: get_option('u2f'), + method: 'pkg-config', + static: enable_static) +endif usbredir = not_found if 'CONFIG_USB_REDIR' in config_host usbredir = declare_dependency(compile_args: config_host['USB_REDIR_CFLAGS'].split(), @@ -1375,6 +1381,7 @@ summary_info += {'spice support': config_host.has_key('CONFIG_SPICE')} summary_info += {'rbd support': config_host.has_key('CONFIG_RBD')} summary_info += {'xfsctl support': config_host.has_key('CONFIG_XFS')} summary_info += {'smartcard support': config_host.has_key('CONFIG_SMARTCARD')} +summary_info += {'U2F support': u2f.found()} summary_info += {'libusb': config_host.has_key('CONFIG_USB_LIBUSB')} summary_info += {'usb net redir': config_host.has_key('CONFIG_USB_REDIR')} summary_info += {'OpenGL support': config_host.has_key('CONFIG_OPENGL')} diff --git a/meson_options.txt b/meson_options.txt index c55f9cd94c..aef2de6523 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -1,6 +1,7 @@ option('gettext', type : 'boolean', value : true) option('sdl', type : 'feature', value : 'auto') option('sdl_image', type : 'feature', value : 'auto') +option('u2f', type : 'feature', value : 'auto') option('vnc', type : 'feature', value : 'enabled') option('vnc_jpeg', type : 'feature', value : 'auto') option('vnc_png', type : 'feature', value : 'auto') diff --git a/scripts/u2f-setup-gen.py b/scripts/u2f-setup-gen.py new file mode 100755 index 0000000000..2122598fed --- /dev/null +++ b/scripts/u2f-setup-gen.py @@ -0,0 +1,170 @@ +#!/usr/bin/env python3 +# +# Libu2f-emu setup directory generator for USB U2F key emulation. +# +# Copyright (c) 2020 César Belley <cesar.belley@lse.epita.fr> +# Written by César Belley <cesar.belley@lse.epita.fr> +# +# This work is licensed under the terms of the GNU GPL, version 2 +# or, at your option, any later version. See the COPYING file in +# the top-level directory. + +import sys +import os +from random import randint +from typing import Tuple + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives.serialization import Encoding, \ + NoEncryption, PrivateFormat, PublicFormat +from OpenSSL import crypto + + +def write_setup_dir(dirpath: str, privkey_pem: bytes, cert_pem: bytes, + entropy: bytes, counter: int) -> None: + """ + Write the setup directory. + + Args: + dirpath: The directory path. + key_pem: The private key PEM. + cert_pem: The certificate PEM. + entropy: The 48 bytes of entropy. + counter: The counter value. + """ + # Directory + os.mkdir(dirpath) + + # Private key + with open(f'{dirpath}/private-key.pem', 'bw') as f: + f.write(privkey_pem) + + # Certificate + with open(f'{dirpath}/certificate.pem', 'bw') as f: + f.write(cert_pem) + + # Entropy + with open(f'{dirpath}/entropy', 'wb') as f: + f.write(entropy) + + # Counter + with open(f'{dirpath}/counter', 'w') as f: + f.write(f'{str(counter)}\n') + + +def generate_ec_key_pair() -> Tuple[str, str]: + """ + Generate an ec key pair. + + Returns: + The private and public key PEM. + """ + # Key generation + privkey = ec.generate_private_key(ec.SECP256R1, default_backend()) + pubkey = privkey.public_key() + + # PEM serialization + privkey_pem = privkey.private_bytes(encoding=Encoding.PEM, + format=PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=NoEncryption()) + pubkey_pem = pubkey.public_bytes(encoding=Encoding.PEM, + format=PublicFormat.SubjectPublicKeyInfo) + return privkey_pem, pubkey_pem + + +def generate_certificate(privkey_pem: str, pubkey_pem: str) -> str: + """ + Generate a x509 certificate from a key pair. + + Args: + privkey_pem: The private key PEM. + pubkey_pem: The public key PEM. + + Returns: + The certificate PEM. + """ + # Convert key pair + privkey = crypto.load_privatekey(crypto.FILETYPE_PEM, privkey_pem) + pubkey = crypto.load_publickey(crypto.FILETYPE_PEM, pubkey_pem) + + # New x509v3 certificate + cert = crypto.X509() + cert.set_version(0x2) + + # Serial number + cert.set_serial_number(randint(1, 2 ** 64)) + + # Before / After + cert.gmtime_adj_notBefore(0) + cert.gmtime_adj_notAfter(4 * (365 * 24 * 60 * 60)) + + # Public key + cert.set_pubkey(pubkey) + + # Subject name and issueer + cert.get_subject().CN = "U2F emulated" + cert.set_issuer(cert.get_subject()) + + # Extensions + cert.add_extensions([ + crypto.X509Extension(b"subjectKeyIdentifier", + False, b"hash", subject=cert), + ]) + cert.add_extensions([ + crypto.X509Extension(b"authorityKeyIdentifier", + False, b"keyid:always", issuer=cert), + ]) + cert.add_extensions([ + crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE") + ]) + + # Signature + cert.sign(privkey, 'sha256') + + return crypto.dump_certificate(crypto.FILETYPE_PEM, cert) + + +def generate_setup_dir(dirpath: str) -> None: + """ + Generates the setup directory. + + Args: + dirpath: The directory path. + """ + # Key pair + privkey_pem, pubkey_pem = generate_ec_key_pair() + + # Certificate + certificate_pem = generate_certificate(privkey_pem, pubkey_pem) + + # Entropy + entropy = os.urandom(48) + + # Counter + counter = 0 + + # Write + write_setup_dir(dirpath, privkey_pem, certificate_pem, entropy, counter) + + +def main() -> None: + """ + Main function + """ + # Dir path + if len(sys.argv) != 2: + sys.stderr.write(f'Usage: {sys.argv[0]} <setup_dir>\n') + exit(2) + dirpath = sys.argv[1] + + # Dir non existence + if os.path.exists(dirpath): + sys.stderr.write(f'Directory: {dirpath} already exists.\n') + exit(1) + + generate_setup_dir(dirpath) + + +if __name__ == '__main__': + main() diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c index 793af99067..a156573d28 100644 --- a/target/riscv/vector_helper.c +++ b/target/riscv/vector_helper.c @@ -3955,12 +3955,6 @@ void HELPER(NAME)(void *vd, void *v0, void *vs1, void *vs2, \ } \ } -static bool float16_eq_quiet(uint16_t a, uint16_t b, float_status *s) -{ - FloatRelation compare = float16_compare_quiet(a, b, s); - return compare == float_relation_equal; -} - GEN_VEXT_CMP_VV_ENV(vmfeq_vv_h, uint16_t, H2, float16_eq_quiet) GEN_VEXT_CMP_VV_ENV(vmfeq_vv_w, uint32_t, H4, float32_eq_quiet) GEN_VEXT_CMP_VV_ENV(vmfeq_vv_d, uint64_t, H8, float64_eq_quiet) @@ -4017,12 +4011,6 @@ GEN_VEXT_CMP_VF(vmfne_vf_h, uint16_t, H2, vmfne16) GEN_VEXT_CMP_VF(vmfne_vf_w, uint32_t, H4, vmfne32) GEN_VEXT_CMP_VF(vmfne_vf_d, uint64_t, H8, vmfne64) -static bool float16_lt(uint16_t a, uint16_t b, float_status *s) -{ - FloatRelation compare = float16_compare(a, b, s); - return compare == float_relation_less; -} - GEN_VEXT_CMP_VV_ENV(vmflt_vv_h, uint16_t, H2, float16_lt) GEN_VEXT_CMP_VV_ENV(vmflt_vv_w, uint32_t, H4, float32_lt) GEN_VEXT_CMP_VV_ENV(vmflt_vv_d, uint64_t, H8, float64_lt) @@ -4030,13 +4018,6 @@ GEN_VEXT_CMP_VF(vmflt_vf_h, uint16_t, H2, float16_lt) GEN_VEXT_CMP_VF(vmflt_vf_w, uint32_t, H4, float32_lt) GEN_VEXT_CMP_VF(vmflt_vf_d, uint64_t, H8, float64_lt) -static bool float16_le(uint16_t a, uint16_t b, float_status *s) -{ - FloatRelation compare = float16_compare(a, b, s); - return compare == float_relation_less || - compare == float_relation_equal; -} - GEN_VEXT_CMP_VV_ENV(vmfle_vv_h, uint16_t, H2, float16_le) GEN_VEXT_CMP_VV_ENV(vmfle_vv_w, uint32_t, H4, float32_le) GEN_VEXT_CMP_VV_ENV(vmfle_vv_d, uint64_t, H8, float64_le) @@ -4091,12 +4072,6 @@ GEN_VEXT_CMP_VF(vmfge_vf_h, uint16_t, H2, vmfge16) GEN_VEXT_CMP_VF(vmfge_vf_w, uint32_t, H4, vmfge32) GEN_VEXT_CMP_VF(vmfge_vf_d, uint64_t, H8, vmfge64) -static bool float16_unordered_quiet(uint16_t a, uint16_t b, float_status *s) -{ - FloatRelation compare = float16_compare_quiet(a, b, s); - return compare == float_relation_unordered; -} - GEN_VEXT_CMP_VV_ENV(vmford_vv_h, uint16_t, H2, !float16_unordered_quiet) GEN_VEXT_CMP_VV_ENV(vmford_vv_w, uint32_t, H4, !float32_unordered_quiet) GEN_VEXT_CMP_VV_ENV(vmford_vv_d, uint64_t, H8, !float64_unordered_quiet) |