Support for HID gadgets on Linux #122

rgerganov · 2019-02-27T14:55:19Z

I wonder if anyone is interested into using an emulated HID device on Linux which is acting as FIDO2 authenticator. This can be done with the HID gadget driver and could be very useful for doing tests without real hardware. Instead of patching libraries to send HID messages over UDP, one can create a HID device and then read/write to /dev/hidg0. I had to patch only pc/device.c and it works like a charm.

If anyone is interested into something like this, I may start working on a PR.

The text was updated successfully, but these errors were encountered:

ghost · 2019-03-04T18:07:08Z

I have compiled it, when I open main, I see the following error:
hidg open: No such file or directory
There is no /dev/hidg*
Update:
uname -r
4.20.10-gnu-1-xtreme
I'm running Parabola GNU/Linux-libre
Update 2: /dev/hidraw*? Doesn't work.

rgerganov · 2019-03-05T08:56:13Z

I am using the following script which creates a HID device (/dev/hidg0) on the local machine:

MANUFACTURER="Solo"
SERIAL="1234567890"
IDVENDOR="0x0483"
IDPRODUCT="0xa2ca"
PRODUCT="Solo Software Authenticator"
CONFIGFS=/sys/kernel/config

modprobe libcomposite                                             
modprobe dummy_hcd
mount none $CONFIGFS -t configfs                                  
mkdir $CONFIGFS/usb_gadget/fido2
cd $CONFIGFS/usb_gadget/fido2
mkdir configs/c.1
mkdir functions/hid.usb0
echo 0 > functions/hid.usb0/protocol
echo 0 > functions/hid.usb0/subclass
echo 64 > functions/hid.usb0/report_length
echo -ne "\x06\xd0\xf1\x09\x01\xa1\x01\x09\x20\x15\x00\x26\xff\x00\x75\x08\x95\x40\x81\x02\x09\x21\x15\x00\x26\xff\x00\x75\x08\x95\x40\x91\x02\xc0" > functions/hid.usb0/report_desc
mkdir strings/0x409
mkdir configs/c.1/strings/0x409
echo $IDPRODUCT > idProduct
echo $IDVENDOR > idVendor
echo $SERIAL > strings/0x409/serialnumber
echo $MANUFACTURER > strings/0x409/manufacturer
echo $PRODUCT > strings/0x409/product
echo "Configuration 1" > configs/c.1/strings/0x409/configuration
echo 120 > configs/c.1/MaxPower
ln -s functions/hid.usb0 configs/c.1
echo "dummy_udc.0" > UDC

Note that you need to have built libcomposite and dummy_hcd kernel modules.

Will submit the corresponding solo patch for this soon.

ghost · 2019-03-05T14:35:17Z

It hanged my computer or disabled all input devices after testing on WebAuthn website. Also, mount command reports that configfs is already mounted (there must be a check).
Distribution: Parabola GNU/Linux-libre, based on Arch Linux.
Note: REISUB did not work, I was forced to use reset button.

Update: looks like it does not have button to approve authentication. I think there should be some output like https://github.com/concise/v2f.py

I think it should also be detected as USB device if it isn't. Haven't checked.

rgerganov · 2019-03-05T14:46:55Z

It hanged my computer or disabled all input devices after testing on WebAuthn website. Also, mount command reports that filesystem is already mounted.

Yeah, unfortunately there is kernel bug which causes a deadlock when usb_f_hid is used with dummy_hcd. I have submitted a patch. You can either apply the patch and recompile usb_f_hid or use an older kernel (e.g. 4.8.17) which doesn't have this problem.

ghost · 2019-03-05T14:47:57Z

Also, I was forced to run Solo as root because otherwise I saw "Permission denied".

rgerganov · 2019-03-05T14:52:34Z

Also, I was forced to run Solo as root because otherwise I saw "Permission denied".

You need to install udev rules for non-root users to be able to access the device

There is a HID gadget driver on Linux which provides emulation of USB HID devices. This could be very useful for testing the Solo firmware without actual hardware, using only a Linux box. This patch adds a command line argument which specifies whether the existing UDP backing should be used or the new one which reads and writes to /dev/hidg0. Testing done: 1. Created HID device with configfs 2. Started "./main -b hidg" as root 3. Successfully executed Webauthn registration and authentication on the same Linux machine Closes: solokeys#122

ghost · 2019-03-06T14:38:51Z

Does not work on https://fido2.azurewebsites.net/ if "User Verification" is "Required". Is it expected behaviour? Is it same for soft and hardware token?
Update: The same on Yubico website if "Passwordless" is enabled.

rgerganov · 2019-03-06T15:05:40Z

Does not work on https://fido2.azurewebsites.net/ if "User Verification" is "Required". Is it expected behaviour? Is it same for soft and hardware token?
Update: The same on Yubico website if "Passwordless" is enabled.

AFAIK, only Microsoft Edge supports user verification with client PIN at the moment. What browser are you using?

ghost · 2019-03-06T15:07:14Z

Does not work on https://fido2.azurewebsites.net/ if "User Verification" is "Required". Is it expected behaviour? Is it same for soft and hardware token?
Update: The same on Yubico website if "Passwordless" is enabled.

AFAIK, only Microsoft Edge supports user verification with client PIN at the moment. What browser are you using?

Tor Browser Bundle, which is based on Mozilla Firefox.

There is a HID gadget driver on Linux which provides emulation of USB HID devices. This could be very useful for testing the Solo firmware without actual hardware, using only a Linux box. This patch adds a command line argument which specifies whether the existing UDP backing should be used or the new one which reads and writes to /dev/hidg0. Testing done: 1. Created HID device with configfs 2. Started "./main -b hidg" as root 3. Successfully executed Webauthn registration and authentication on the same Linux machine Closes: solokeys#122

alphathegeek · 2019-07-08T03:00:07Z

Hi, great thought adding hidg support. I tried this on my Raspberry Pi, and it worked perfectly, in both the testcases, and in actual Use.

I would suggest, that instead of /dev/urandom, for Raspberry Pi's at least, to use /dev/hwrng, since the Pi has a good Hardware random number generator.

There is a HID gadget driver on Linux which provides emulation of USB HID devices. This could be very useful for testing the Solo firmware without actual hardware, using only a Linux box. This patch adds a command line argument which specifies whether the existing UDP backing should be used or the new one which reads and writes to /dev/hidg0. Testing done: 1. Created HID device with configfs 2. Started "./main -b hidg" as root 3. Successfully executed Webauthn registration and authentication on the same Linux machine Closes: solokeys#122

nickray mentioned this issue Mar 4, 2019

Solo key emulation #130

Closed

rgerganov mentioned this issue Mar 6, 2019

Add support for hidg devices on Linux #131

Merged

conorpp closed this as completed in #131 Apr 24, 2019

nickray mentioned this issue Aug 7, 2019

Recognizing all contributors #244

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Support for HID gadgets on Linux #122

Support for HID gadgets on Linux #122

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Support for HID gadgets on Linux #122

Support for HID gadgets on Linux #122

Comments

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!