FRET-qemu/hw/usb/canokey.c

/*
 * CanoKey QEMU device implementation.
 *
 * Copyright (c) 2021-2022 Canokeys.org <contact@canokeys.org>
 * Written by Hongren (Zenithal) Zheng <i@zenithal.me>
 *
 * This code is licensed under the GPL v2 or later.
 */

#include "qemu/osdep.h"
#include <canokey-qemu.h>

#include "qemu/module.h"
#include "qapi/error.h"
#include "hw/usb.h"
#include "hw/qdev-properties.h"
#include "trace.h"
#include "desc.h"
#include "canokey.h"

#define CANOKEY_EP_IN(ep) ((ep) & 0x7F)

#define CANOKEY_VENDOR_NUM     0x20a0
#define CANOKEY_PRODUCT_NUM    0x42d2

/*
 * placeholder, canokey-qemu implements its own usb desc
 * Namely we do not use usb_desc_handle_contorl
 */
enum {
    STR_MANUFACTURER = 1,
    STR_PRODUCT,
    STR_SERIALNUMBER
};

static const USBDescStrings desc_strings = {
    [STR_MANUFACTURER]     = "canokeys.org",
    [STR_PRODUCT]          = "CanoKey QEMU",
    [STR_SERIALNUMBER]     = "0"
};

static const USBDescDevice desc_device_canokey = {
    .bcdUSB                        = 0x0,
    .bMaxPacketSize0               = 16,
    .bNumConfigurations            = 0,
    .confs = NULL,
};

static const USBDesc desc_canokey = {
    .id = {
        .idVendor          = CANOKEY_VENDOR_NUM,
        .idProduct         = CANOKEY_PRODUCT_NUM,
        .bcdDevice         = 0x0100,
        .iManufacturer     = STR_MANUFACTURER,
        .iProduct          = STR_PRODUCT,
        .iSerialNumber     = STR_SERIALNUMBER,
    },
    .full = &desc_device_canokey,
    .str  = desc_strings,
};


/*
 * libcanokey-qemu.so side functions
 * All functions are called from canokey_emu_device_loop
 */
int canokey_emu_stall_ep(void *base, uint8_t ep)
{
    trace_canokey_emu_stall_ep(ep);
    CanoKeyState *key = base;
    uint8_t ep_in = CANOKEY_EP_IN(ep); /* INTR IN has ep 129 */
    key->ep_in_size[ep_in] = 0;
    key->ep_in_state[ep_in] = CANOKEY_EP_IN_STALL;
    return 0;
}

int canokey_emu_set_address(void *base, uint8_t addr)
{
    trace_canokey_emu_set_address(addr);
    CanoKeyState *key = base;
    key->dev.addr = addr;
    return 0;
}

int canokey_emu_prepare_receive(
        void *base, uint8_t ep, uint8_t *pbuf, uint16_t size)
{
    trace_canokey_emu_prepare_receive(ep, size);
    CanoKeyState *key = base;
    key->ep_out[ep] = pbuf;
    key->ep_out_size[ep] = size;
    return 0;
}

int canokey_emu_transmit(
        void *base, uint8_t ep, const uint8_t *pbuf, uint16_t size)
{
    trace_canokey_emu_transmit(ep, size);
    CanoKeyState *key = base;
    uint8_t ep_in = CANOKEY_EP_IN(ep); /* INTR IN has ep 129 */
    memcpy(key->ep_in[ep_in] + key->ep_in_size[ep_in],
            pbuf, size);
    key->ep_in_size[ep_in] += size;
    key->ep_in_state[ep_in] = CANOKEY_EP_IN_READY;
    /*
     * wake up controller if we NAKed IN token before
     * Note: this is a quirk for CanoKey CTAPHID
     */
    if (ep_in == CANOKEY_EMU_EP_CTAPHID) {
        usb_wakeup(usb_ep_get(&key->dev, USB_TOKEN_IN, ep_in), 0);
    }
    /*
     * ready for more data in device loop
     *
     * Note: this is a quirk for CanoKey CTAPHID
     * because it calls multiple emu_transmit in one device_loop
     * but w/o data_in it would stuck in device_loop
     * This has side effect for CCID since CCID can send ZLP
     * This also has side effect for Control transfer
     */
    if (ep_in == CANOKEY_EMU_EP_CTAPHID) {
        canokey_emu_data_in(ep_in);
    }
    return 0;
}

uint32_t canokey_emu_get_rx_data_size(void *base, uint8_t ep)
{
    CanoKeyState *key = base;
    return key->ep_out_size[ep];
}

/*
 * QEMU side functions
 */
static void canokey_handle_reset(USBDevice *dev)
{
    trace_canokey_handle_reset();
    CanoKeyState *key = CANOKEY(dev);
    for (int i = 0; i != CANOKEY_EP_NUM; ++i) {
        key->ep_in_state[i] = CANOKEY_EP_IN_WAIT;
        key->ep_in_pos[i] = 0;
        key->ep_in_size[i] = 0;
    }
    canokey_emu_reset();
}

static void canokey_handle_control(USBDevice *dev, USBPacket *p,
               int request, int value, int index, int length, uint8_t *data)
{
    trace_canokey_handle_control_setup(request, value, index, length);
    CanoKeyState *key = CANOKEY(dev);

    canokey_emu_setup(request, value, index, length);

    uint32_t dir_in = request & DeviceRequest;
    if (!dir_in) {
        /* OUT */
        trace_canokey_handle_control_out();
        if (key->ep_out[0] != NULL) {
            memcpy(key->ep_out[0], data, length);
        }
        canokey_emu_data_out(p->ep->nr, data);
    }

    canokey_emu_device_loop();

    /* IN */
    switch (key->ep_in_state[0]) {
    case CANOKEY_EP_IN_WAIT:
        p->status = USB_RET_NAK;
        break;
    case CANOKEY_EP_IN_STALL:
        p->status = USB_RET_STALL;
        break;
    case CANOKEY_EP_IN_READY:
        memcpy(data, key->ep_in[0], key->ep_in_size[0]);
        p->actual_length = key->ep_in_size[0];
        trace_canokey_handle_control_in(p->actual_length);
        /* reset state */
        key->ep_in_state[0] = CANOKEY_EP_IN_WAIT;
        key->ep_in_size[0] = 0;
        key->ep_in_pos[0] = 0;
        break;
    }
}

static void canokey_handle_data(USBDevice *dev, USBPacket *p)
{
    CanoKeyState *key = CANOKEY(dev);

    uint8_t ep_in = CANOKEY_EP_IN(p->ep->nr);
    uint8_t ep_out = p->ep->nr;
    uint32_t in_len;
    uint32_t out_pos;
    uint32_t out_len;
    switch (p->pid) {
    case USB_TOKEN_OUT:
        trace_canokey_handle_data_out(ep_out, p->iov.size);
        usb_packet_copy(p, key->ep_out_buffer[ep_out], p->iov.size);
        out_pos = 0;
        while (out_pos != p->iov.size) {
            /*
             * key->ep_out[ep_out] set by prepare_receive
             * to be a buffer inside libcanokey-qemu.so
             * key->ep_out_size[ep_out] set by prepare_receive
             * to be the buffer length
             */
            out_len = MIN(p->iov.size - out_pos, key->ep_out_size[ep_out]);
            memcpy(key->ep_out[ep_out],
                    key->ep_out_buffer[ep_out] + out_pos, out_len);
            out_pos += out_len;
            /* update ep_out_size to actual len */
            key->ep_out_size[ep_out] = out_len;
            canokey_emu_data_out(ep_out, NULL);
        }
        /*
         * Note: this is a quirk for CanoKey CTAPHID
         *
         * There is one code path that uses this device loop
         * INTR IN -> useful data_in and useless device_loop -> NAKed
         * INTR OUT -> useful device loop -> transmit -> wakeup
         *   (useful thanks to both data_in and data_out having been called)
         * the next INTR IN -> actual data to guest
         *
         * if there is no such device loop, there would be no further
         * INTR IN, no device loop, no transmit hence no usb_wakeup
         * then qemu would hang
         */
        if (ep_in == CANOKEY_EMU_EP_CTAPHID) {
            canokey_emu_device_loop(); /* may call transmit multiple times */
        }
        break;
    case USB_TOKEN_IN:
        if (key->ep_in_pos[ep_in] == 0) { /* first time IN */
            canokey_emu_data_in(ep_in);
            canokey_emu_device_loop(); /* may call transmit multiple times */
        }
        switch (key->ep_in_state[ep_in]) {
        case CANOKEY_EP_IN_WAIT:
            /* NAK for early INTR IN */
            p->status = USB_RET_NAK;
            break;
        case CANOKEY_EP_IN_STALL:
            p->status = USB_RET_STALL;
            break;
        case CANOKEY_EP_IN_READY:
            /* submit part of ep_in buffer to USBPacket */
            in_len = MIN(key->ep_in_size[ep_in] - key->ep_in_pos[ep_in],
                    p->iov.size);
            usb_packet_copy(p,
                    key->ep_in[ep_in] + key->ep_in_pos[ep_in], in_len);
            key->ep_in_pos[ep_in] += in_len;
            /* reset state if all data submitted */
            if (key->ep_in_pos[ep_in] == key->ep_in_size[ep_in]) {
                key->ep_in_state[ep_in] = CANOKEY_EP_IN_WAIT;
                key->ep_in_size[ep_in] = 0;
                key->ep_in_pos[ep_in] = 0;
            }
            trace_canokey_handle_data_in(ep_in, in_len);
            break;
        }
        break;
    default:
        p->status = USB_RET_STALL;
        break;
    }
}

static void canokey_realize(USBDevice *base, Error **errp)
{
    trace_canokey_realize();
    CanoKeyState *key = CANOKEY(base);

    if (key->file == NULL) {
        error_setg(errp, "You must provide file=/path/to/canokey-file");
        return;
    }

    usb_desc_init(base);

    for (int i = 0; i != CANOKEY_EP_NUM; ++i) {
        key->ep_in_state[i] = CANOKEY_EP_IN_WAIT;
        key->ep_in_size[i] = 0;
        key->ep_in_pos[i] = 0;
    }

    if (canokey_emu_init(key, key->file)) {
        error_setg(errp, "canokey can not create or read %s", key->file);
        return;
    }
}

static void canokey_unrealize(USBDevice *base)
{
    trace_canokey_unrealize();
}

static Property canokey_properties[] = {
    DEFINE_PROP_STRING("file", CanoKeyState, file),
    DEFINE_PROP_END_OF_LIST(),
};

static void canokey_class_init(ObjectClass *klass, void *data)
{
    DeviceClass *dc = DEVICE_CLASS(klass);
    USBDeviceClass *uc = USB_DEVICE_CLASS(klass);

    uc->product_desc   = "CanoKey QEMU";
    uc->usb_desc       = &desc_canokey;
    uc->handle_reset   = canokey_handle_reset;
    uc->handle_control = canokey_handle_control;
    uc->handle_data    = canokey_handle_data;
    uc->handle_attach  = usb_desc_attach;
    uc->realize        = canokey_realize;
    uc->unrealize      = canokey_unrealize;
    dc->desc           = "CanoKey QEMU";
    device_class_set_props(dc, canokey_properties);
    set_bit(DEVICE_CATEGORY_MISC, dc->categories);
}

static const TypeInfo canokey_info = {
    .name = TYPE_CANOKEY,
    .parent = TYPE_USB_DEVICE,
    .instance_size = sizeof(CanoKeyState),
    .class_init = canokey_class_init
};

static void canokey_register_types(void)
{
    type_register_static(&canokey_info);
}

type_init(canokey_register_types)