FIDO HID report descriptor

Skip to first unread message

sandeep kumar

May 24, 2021, 1:19:14 AMMay 24
to FIDO Dev (fido-dev)
Hi All,
I was trying to use my FIDO device with a modified HID report descriptor.
My device worked with current descriptor, but when I added report ID to input and output reports, the microsoft security key is not able to communicate with device.
I do not see any attempt to send any output report on USB analyzer.

Could you please help to let me know if there is any restriction from FIDO that HID report should have no ID. If yes then could you please help to let me know the reason for such design.

0x06, 0xD0, 0xF1,  /* HID_UsagePage(FIDO_USAGE_PAGE) */
            0x09, 0x01,        /* HID_Usage(FIDO_USAGE_CTAPHID) */
            0xA1, 0x01,        /* HID_Collection(HID_Application) */
            0x85, 0x01,        // REPORT_ID(0x01)
            0x09, 0x20,        /* HID_Usage(FIDO_USAGE_DATA_IN) */
            0x15, 0x00,        /* HID_LogicalMin(0) */
            0x26, 0xFF, 0x00,  /* HID_LogicalMaxS(0x00ff) */
            0x75, 0x08,        /* HID_ReportSize(8) */
            0x95, CTAPHID_PCKT_LEN, /* HID_ReportCount(HID_INPUT_REPORT_BYTES) */
            0x81, 0x02,        /* HID_Input(HID_Data | HID_Absolute | HID_Variable) */
            0x85, 0x02,        // REPORT_ID(0x02)
            0x09, 0x21,        /* HID_Usage(FIDO_USAGE_DATA_OUT) */
            0x15, 0x00,        /* HID_LogicalMin(0) */
            0x26, 0xFF, 0x00,  /* HID_LogicalMaxS(0x00ff) */
            0x75, 0x08,        /* HID_ReportSize(8) */
            0x95, CTAPHID_PCKT_LEN, /* HID_ReportCount(HID_OUTPUT_REPORT_BYTES) */
            0x91, 0x02,        /* HID_Output(HID_Data | HID_Absolute | HID_Variable) */
            0x85, 0x03,        // REPORT_ID(0x03)
            0x09, 0x07,        /* HID_Usage(Vendor Usage 0x07) */
            0x15, 0x00,        /* HID_LogicalMinimum(0) */
            0x26, 0xff, 0x00,  /* HID_LogicalMaximum(0xff) */
            0x75, 0x08,        /* HID_ReportSize(8) */
            0x95, 0x08,        /* HID_ReportCount(8) */
            0xb1, 0x02,        /* HID_Feature(Data,Var,Abs) */
            0xC0,              /* HID_EndCollection */


Chung Hsuan Yeh

May 25, 2021, 5:13:54 AMMay 25
to FIDO Dev (fido-dev),
If you are developing with Windows PC. 
You may check if the "HID-compliant fido" devices exists in the Device Manager -> Human Interface Devices.
If not, then Windows did not recognize your device as a FIDO device.

sandeep kumar

May 31, 2021, 7:59:29 AMMay 31
to FIDO Dev (fido-dev), Chung Hsuan Yeh, sandeep kumar
Hi Chung Hsuan Yeh,

Yes I had verified that HID-compliant fido device was recognized in device manager, as HID driver was able to identify the report descriptor having USAGE_PAGE as FIDO. When I use python to send the report, it works fine, but MS security key application doesn't work. I mean I see not out packet on USB bus level.
I even tried to check the report descriptors from some other devices and I see none use report ID for reports in descriptor.
I wonder if someone tried this. I was hoping somebody in developers group might have tried or faced similar issue. If yes, I would like to know the reason for such consideration. 


Tom Thorogood

Jun 16, 2021, 12:18:43 AMJun 16
to FIDO Dev (fido-dev),, Chung Hsuan Yeh
Hi Sandeep,

I've been working on a FIDO2 client library and ran into this same question/problem. I even asked about it sometime back, but didn't get any replies. The spec is quite vague on this, but from my reading numbered reports aren't spec-compliant. In particular from § "The CTAPHID just provides two "raw" reports, which basically map directly to the IN and OUT endpoints." That's *very* vague, but seems to suggest that only two un-numbered reports are allowed.

Regardless of what the spec says you'll find that very few (if any) client libraries support numbered reports. Using numbered reports with the various operating system HID APIs can also be quite awkward.

I can't tell you exactly why Windows rejects your key, but everything open-source that I've seen will also reject your key. You'll have to either use CTAPHID or CTAP2 vendor commands or use a separate USB endpoint and HID descriptor for your other report.

Kindest Regards,
Reply all
Reply to author
0 new messages