FIDO HID report descriptor

sandeep kumar

unread,

May 24, 2021, 1:19:14 AM5/24/21

to FIDO Dev (fido-dev)

Hi All,

I was trying to use my FIDO device with a modified HID report descriptor.

My device worked with current descriptor, but when I added report ID to input and output reports, the microsoft security key is not able to communicate with device.

I do not see any attempt to send any output report on USB analyzer.

Could you please help to let me know if there is any restriction from FIDO that HID report should have no ID. If yes then could you please help to let me know the reason for such design.

REPORT DESCRIPTOR

0x06, 0xD0, 0xF1, /* HID_UsagePage(FIDO_USAGE_PAGE) */

0x09, 0x01, /* HID_Usage(FIDO_USAGE_CTAPHID) */

0xA1, 0x01, /* HID_Collection(HID_Application) */

0x85, 0x01, // REPORT_ID(0x01)

0x09, 0x20, /* HID_Usage(FIDO_USAGE_DATA_IN) */

0x15, 0x00, /* HID_LogicalMin(0) */

0x26, 0xFF, 0x00, /* HID_LogicalMaxS(0x00ff) */

0x75, 0x08, /* HID_ReportSize(8) */

0x95, CTAPHID_PCKT_LEN, /* HID_ReportCount(HID_INPUT_REPORT_BYTES) */

0x81, 0x02, /* HID_Input(HID_Data | HID_Absolute | HID_Variable) */

0x85, 0x02, // REPORT_ID(0x02)

0x09, 0x21, /* HID_Usage(FIDO_USAGE_DATA_OUT) */

0x15, 0x00, /* HID_LogicalMin(0) */

0x26, 0xFF, 0x00, /* HID_LogicalMaxS(0x00ff) */

0x75, 0x08, /* HID_ReportSize(8) */

0x95, CTAPHID_PCKT_LEN, /* HID_ReportCount(HID_OUTPUT_REPORT_BYTES) */

0x91, 0x02, /* HID_Output(HID_Data | HID_Absolute | HID_Variable) */

0x85, 0x03, // REPORT_ID(0x03)

0x09, 0x07, /* HID_Usage(Vendor Usage 0x07) */

0x15, 0x00, /* HID_LogicalMinimum(0) */

0x26, 0xff, 0x00, /* HID_LogicalMaximum(0xff) */

0x75, 0x08, /* HID_ReportSize(8) */

0x95, 0x08, /* HID_ReportCount(8) */

0xb1, 0x02, /* HID_Feature(Data,Var,Abs) */

0xC0, /* HID_EndCollection */

Thanks,

Sandeep

Chung Hsuan Yeh

unread,

May 25, 2021, 5:13:54 AM5/25/21

to FIDO Dev (fido-dev), sandee...@gmail.com

If you are developing with Windows PC.

You may check if the "HID-compliant fido" devices exists in the Device Manager -> Human Interface Devices.

If not, then Windows did not recognize your device as a FIDO device.

sandeep kumar

unread,

May 31, 2021, 7:59:29 AM5/31/21

to FIDO Dev (fido-dev), Chung Hsuan Yeh, sandeep kumar

Hi Chung Hsuan Yeh,

Yes I had verified that HID-compliant fido device was recognized in device manager, as HID driver was able to identify the report descriptor having USAGE_PAGE as FIDO. When I use python to send the report, it works fine, but MS security key application doesn't work. I mean I see not out packet on USB bus level.

I even tried to check the report descriptors from some other devices and I see none use report ID for reports in descriptor.

I wonder if someone tried this. I was hoping somebody in developers group might have tried or faced similar issue. If yes, I would like to know the reason for such consideration.

Thanks,

Sandeep

Tom Thorogood

unread,

Jun 16, 2021, 12:18:43 AM6/16/21

to FIDO Dev (fido-dev), sandee...@gmail.com, Chung Hsuan Yeh

Hi Sandeep,

I've been working on a FIDO2 client library and ran into this same question/problem. I even asked about it sometime back, but didn't get any replies. The spec is quite vague on this, but from my reading numbered reports aren't spec-compliant. In particular from § 8.1.8.2.: "The CTAPHID just provides two "raw" reports, which basically map directly to the IN and OUT endpoints." That's *very* vague, but seems to suggest that only two un-numbered reports are allowed.

Regardless of what the spec says you'll find that very few (if any) client libraries support numbered reports. Using numbered reports with the various operating system HID APIs can also be quite awkward.

I can't tell you exactly why Windows rejects your key, but everything open-source that I've seen will also reject your key. You'll have to either use CTAPHID or CTAP2 vendor commands or use a separate USB endpoint and HID descriptor for your other report.