Bridging FIDO2 BLE devices to the HID bus via /dev/uhid so they can be used in browsers
For development on the python code you need to run
pip install uhid dbus-fast
Run the following command in a new shell:
fido2ble_to_uhid/fido2ble_to_uhid.py
The above needs some elevated privileges, either through running as root, sudo or by granting python the capabilities needed.
The code can also be built as a debian package and installed that way. It requires a minimum of Debian Bullseye (11) or Ubuntu Manic Minotaur (23) to build and install.
Running debuild in the base folder will create the needed files.
The system can be verified to work through either libfido2 or just testing it in a browser. Below is an example of how this would be done
$ fido2-token -L
/dev/hidraw0: vendor=0xaaaa, product=0xaaaa ( )
$ fido2-token -I /dev/hidraw0
proto: 0x02
major: 0x00
minor: 0x01
build: 0x01
caps: 0x0c (nowink, cbor, nomsg)
version strings: FIDO_2_0, FIDO_2_1
extension strings: hmac-secret, credProtect
transport strings: ble
algorithms: es256 (public-key), rs256 (public-key)
aaguid: 69700f79d1fb472ebd9ba3a3b9a9eda0
options: rk, up, uv, noplat, noalwaysUv, credMgmt, clientPin, pinUvAuthToken, makeCredUvNotRqd
maxmsgsiz: 1024
maxcredcntlst: 0
maxcredlen: 0
maxlargeblob: 0
fwversion: 0x1
pin protocols: 1, 2
pin retries: 8
uv retries: 8
A complete registration cycle would look like this
echo credential challenge | openssl sha256 -binary | base64 > cred_param
echo my-party >> cred_param
echo my-user >> cred_param
dd if=/dev/urandom bs=1 count=32 | base64 >> cred_param
fido2-cred -M -i cred_param /dev/hidraw0 | fido2-cred -V -o cred
echo assertion challenge | openssl sha256 -binary | base64 > assert_param
echo my-party >> assert_param
head -1 cred >> assert_param
tail -n +2 cred > pubkey
fido2-assert -G -i assert_param /dev/hidraw0 | fido2-assert -V pubkey es256
It currently only works, if the OFFPAD is previously paired. The code is also set to find OFFPADs as FIDO devices only.
/dev/uhid handling took a lot of notes from https://github.com/BryanJacobs/fido2-hid-bridge but was rewritten significantly.