FIDO HID report descriptor

76 views
Skip to first unread message

sandeep kumar

unread,
May 24, 2021, 1:19:14 AMMay 24
to FIDO Dev (fido-dev)
Hi All,
I was trying to use my FIDO device with a modified HID report descriptor.
My device worked with current descriptor, but when I added report ID to input and output reports, the microsoft security key is not able to communicate with device.
I do not see any attempt to send any output report on USB analyzer.

Could you please help to let me know if there is any restriction from FIDO that HID report should have no ID. If yes then could you please help to let me know the reason for such design.

REPORT DESCRIPTOR
0x06, 0xD0, 0xF1,  /* HID_UsagePage(FIDO_USAGE_PAGE) */
            0x09, 0x01,        /* HID_Usage(FIDO_USAGE_CTAPHID) */
            0xA1, 0x01,        /* HID_Collection(HID_Application) */
            0x85, 0x01,        // REPORT_ID(0x01)
            0x09, 0x20,        /* HID_Usage(FIDO_USAGE_DATA_IN) */
            0x15, 0x00,        /* HID_LogicalMin(0) */
            0x26, 0xFF, 0x00,  /* HID_LogicalMaxS(0x00ff) */
            0x75, 0x08,        /* HID_ReportSize(8) */
            0x95, CTAPHID_PCKT_LEN, /* HID_ReportCount(HID_INPUT_REPORT_BYTES) */
            0x81, 0x02,        /* HID_Input(HID_Data | HID_Absolute | HID_Variable) */
            0x85, 0x02,        // REPORT_ID(0x02)
            0x09, 0x21,        /* HID_Usage(FIDO_USAGE_DATA_OUT) */
            0x15, 0x00,        /* HID_LogicalMin(0) */
            0x26, 0xFF, 0x00,  /* HID_LogicalMaxS(0x00ff) */
            0x75, 0x08,        /* HID_ReportSize(8) */
            0x95, CTAPHID_PCKT_LEN, /* HID_ReportCount(HID_OUTPUT_REPORT_BYTES) */
            0x91, 0x02,        /* HID_Output(HID_Data | HID_Absolute | HID_Variable) */
            0x85, 0x03,        // REPORT_ID(0x03)
            0x09, 0x07,        /* HID_Usage(Vendor Usage 0x07) */
            0x15, 0x00,        /* HID_LogicalMinimum(0) */
            0x26, 0xff, 0x00,  /* HID_LogicalMaximum(0xff) */
            0x75, 0x08,        /* HID_ReportSize(8) */
            0x95, 0x08,        /* HID_ReportCount(8) */
            0xb1, 0x02,        /* HID_Feature(Data,Var,Abs) */
            0xC0,              /* HID_EndCollection */

Thanks,
Sandeep

Chung Hsuan Yeh

unread,
May 25, 2021, 5:13:54 AMMay 25
to FIDO Dev (fido-dev), sandee...@gmail.com
If you are developing with Windows PC. 
You may check if the "HID-compliant fido" devices exists in the Device Manager -> Human Interface Devices.
If not, then Windows did not recognize your device as a FIDO device.

sandeep kumar

unread,
May 31, 2021, 7:59:29 AMMay 31
to FIDO Dev (fido-dev), Chung Hsuan Yeh, sandeep kumar
Hi Chung Hsuan Yeh,

Yes I had verified that HID-compliant fido device was recognized in device manager, as HID driver was able to identify the report descriptor having USAGE_PAGE as FIDO. When I use python to send the report, it works fine, but MS security key application doesn't work. I mean I see not out packet on USB bus level.
I even tried to check the report descriptors from some other devices and I see none use report ID for reports in descriptor.
I wonder if someone tried this. I was hoping somebody in developers group might have tried or faced similar issue. If yes, I would like to know the reason for such consideration. 

Thanks,
Sandeep

Tom Thorogood

unread,
Jun 16, 2021, 12:18:43 AMJun 16
to FIDO Dev (fido-dev), sandee...@gmail.com, Chung Hsuan Yeh
Hi Sandeep,

I've been working on a FIDO2 client library and ran into this same question/problem. I even asked about it sometime back, but didn't get any replies. The spec is quite vague on this, but from my reading numbered reports aren't spec-compliant. In particular from § 8.1.8.2.: "The CTAPHID just provides two "raw" reports, which basically map directly to the IN and OUT endpoints." That's *very* vague, but seems to suggest that only two un-numbered reports are allowed.

Regardless of what the spec says you'll find that very few (if any) client libraries support numbered reports. Using numbered reports with the various operating system HID APIs can also be quite awkward.

I can't tell you exactly why Windows rejects your key, but everything open-source that I've seen will also reject your key. You'll have to either use CTAPHID or CTAP2 vendor commands or use a separate USB endpoint and HID descriptor for your other report.

Kindest Regards,
Tom.
Reply all
Reply to author
Forward
0 new messages