Support discovering USB HID devices on linux

Question

Support discovering USB HID devices on linux

marshallbrekka opened this issue 8 years ago · comments

Use this firefox extension as a reference.

https://github.com/prefiks/u2f4moz/blob/master/c_src/libu2f-host/devs.c#L117-L142

Victor Denisov · Answer 1 · Fri Apr 24 2020 06:40:58 GMT+0800 (China Standard Time)

I'm trying to use this library on linux, but it filters out my keys due to this line: https://github.com/marshallbrekka/go-u2fhost/blob/master/hid/hid.go#L46
If you look at the doc for UsagePage and Usage you can see that those values are only for mac and windows. On linux they are zeroes. Why are you using those values?

Marshall Brekka · Answer 2 · Tue Apr 28 2020 10:30:20 GMT+0800 (China Standard Time)

@VictorDenisov this has been long on my personal backlog of issues to resolve.
I'd love some help on this, as it appears the solve exists outside the context of just this project.

Short answer:

usage and usage page are available on linux, but they are not accessible given the current way that hidapi uses libusb.

Longer Answer

I had done some research a while ago, but can't seem to find it, so sorry if my notes are a little sparse, or not as correct as they should be.

libusb currently has the code disabled for grabbing the full usage page. This is probably a fine choice as most users may not need it. In our case it would be ideal to be able to access it when needed to validate the device is u2f compatible.

There is another usability issue. The karalabe/hid project chooses to use the libusb backend on linux, as opposed to the hidraw backend.
As far as I remember, the hidraw backend could interact with the u2f devices without any special permissions, but the libusb backend required the end user to add udev rules.

Fortunately we can look at what Firefox has done, via their rust library.

Linux: hidraw
FreeBSD: uhid

I'm not 100% sure what the best path is to move forward, as it seems some decent changes would be required outside of this project.

Can the usage page check just be removed entirely?

Honestly I'm not sure what kind of dangers might arise by issuing commands to non-u2f devices. I'd be very open to exploring that if you have the bandwidth to do that research.

Victor Denisov · Answer 3 · Wed Apr 29 2020 11:13:31 GMT+0800 (China Standard Time)

Thanks for your reply. I'll be looking into this problem as it's a more or less pressing issue for me. Though it looks like if I want a tool that works just for me I can just do the custom build of the tool that is using your library.

Marshall Brekka · Answer 4 · Thu Apr 30 2020 01:08:24 GMT+0800 (China Standard Time)

Also looks like there is some progress on making it more accessible on linux libusb/hidapi#139