This patch series adds the U2F dedicated support to Qemu through a USB U2F key device that can operate in two modes: pass-through and emulated.
This work is also part of the GSoC program of this year and follows the proposal I made for the 'Virtual FIDO2/U2F security key' subject, suggested and mentored by Gerd Hoffmann. U2F is an open authentication standard. It enables relying parties exposed to the internet to offer a strong second factor option for end user authentication. The standard brings many advantages to both parties, client and server, allowing to reduce over-reliance on passwords, it increases authentication security and simplifies passwords. The second factor is materialized by a device implementing the U2F protocol. In case of a USB U2F security key, it is a USB HID device that implements the U2F protocol. The USB U2F key device given in this patch series allows to add guest U2F security keys via two possible modes: pass-through and emulated. The pass-through mode consists of passing all requests made from the guest to the physical security key connected to the host machine and vice versa. In addition, the dedicated pass-through allows to have a U2F security key shared on several guests which is not possible with a simple host device assignment pass-through. The emulated mode consists of completely emulating the behavior of an U2F device through software part. Libu2f-emu is used for that. Regards, César Belley History: v1 -> v2: - change build recipes to integrate meson build system v2 -> v3: - use meson to check libu2f-emu dependency - squash the two patchs that add u2f key to the build system César Belley (12): hw/usb: Regroup USB HID protocol values docs: Add USB U2F key device documentation hw/usb: Add U2F key base class hw/usb: Add U2F key base class implementation hw/usb: Add U2F key passthru mode hw/usb: Add U2F key emulated mode meson: Add U2F key to meson docs/system: Add U2F key to the USB devices examples docs/qdev-device-use.txt: Add USB U2F key to the QDEV devices examples scripts: Add u2f-setup-gen script hw/usb: Add U2F device check to passthru mode hw/usb: Add U2F device autoscan to passthru mode configure | 8 +- docs/qdev-device-use.txt | 1 + docs/system/usb.rst | 3 + docs/u2f.txt | 110 ++++++++ hw/usb/Kconfig | 5 + hw/usb/dev-hid.c | 26 +- hw/usb/dev-wacom.c | 12 +- hw/usb/meson.build | 7 + hw/usb/u2f-emulated.c | 405 ++++++++++++++++++++++++++++ hw/usb/u2f-passthru.c | 551 +++++++++++++++++++++++++++++++++++++++ hw/usb/u2f.c | 352 +++++++++++++++++++++++++ hw/usb/u2f.h | 92 +++++++ include/hw/usb/hid.h | 17 ++ meson.build | 7 + meson_options.txt | 1 + scripts/u2f-setup-gen.py | 170 ++++++++++++ 16 files changed, 1738 insertions(+), 29 deletions(-) create mode 100644 docs/u2f.txt create mode 100644 hw/usb/u2f-emulated.c create mode 100644 hw/usb/u2f-passthru.c create mode 100644 hw/usb/u2f.c create mode 100644 hw/usb/u2f.h create mode 100644 include/hw/usb/hid.h create mode 100755 scripts/u2f-setup-gen.py -- 2.28.0
