Closed
Bug 1298838
Opened 8 years ago
Closed 7 years ago
Implement (initial) USB HID support for U2F Security Keys
Categories
(Core :: DOM: Device Interfaces, enhancement, P2)
Core
DOM: Device Interfaces
Tracking
()
RESOLVED
FIXED
People
(Reporter: jcj, Assigned: ttaubert)
References
Details
(Whiteboard: [webauthn])
USB Human-Interface Device support is necessary for FIDO and WebAuthn USB token support. This is a redirection of Bug 1198330 which sought to implement this support by integrating the hidapi library into Gecko; :grobinson deemed that inappropriate, after experimentation, and so this bug is to implement per-platform hooks for the USB HID API for Gecko. This bug should implement a single platform, and further platforms should be follow-on bugs. There is some initial work for OSX available here: https://github.com/mozilla/gecko-dev/compare/master...garrettr:hid-stubs Requirements: * Device enumeration and add/remove listeners * Enough feature discovery to detect FIDO U2F * Send and Receive APDU methods * Multiple device, multiple thread semantics
Reporter | ||
Updated•8 years ago
|
Reporter | ||
Comment 1•8 years ago
|
||
Apologies; the correct link for initial OSX native stubs is actually this one: https://github.com/mozilla/gecko-dev/compare/master...garrettr:hid-native
Comment 3•8 years ago
|
||
Hi :jcj, I guess this is something around P2, i.e. planning to fix it in a few months/next release. Am I right?
Flags: needinfo?(jjones)
Reporter | ||
Comment 4•8 years ago
|
||
(In reply to Hsin-Yi Tsai [:hsinyi] from comment #3) > Hi :jcj, > I guess this is something around P2, i.e. planning to fix it in a few > months/next release. Am I right? That's correct. Marking P2.
Flags: needinfo?(jjones)
Priority: -- → P2
Updated•8 years ago
|
Assignee: nobody → kyle
Comment 5•8 years ago
|
||
qdot: Does this have a dependency on any UI that we need to plan for?
Flags: needinfo?(kyle)
Comment 6•8 years ago
|
||
No idea, I'm just doing the low level platform USB stuff. Forwarding to :jcj.
Flags: needinfo?(kyle) → needinfo?(jjones)
Reporter | ||
Comment 7•8 years ago
|
||
(In reply to Peter Dolanjski [:pdol] from comment #5) > qdot: Does this have a dependency on any UI that we need to plan for? No; U2F doesn't have a user-facing UI. The Relying Party provides prompts themselves, so no op for UI on our side. :)
Flags: needinfo?(jjones)
Comment 8•8 years ago
|
||
We occasionally get feedback about lack of FIDO support or similar: https://twitter.com/DrSynAck/status/783957757053562880 While clearly the number of users who use these types of 2FA are small, they are also clearly lead users, potentially influential, and quite often involved in the security industry. P2 Sounds about right to me.
Comment 9•8 years ago
|
||
(In reply to J.C. Jones [:jcj] from comment #7) > (In reply to Peter Dolanjski [:pdol] from comment #5) > > qdot: Does this have a dependency on any UI that we need to plan for? > > No; U2F doesn't have a user-facing UI. The Relying Party provides prompts > themselves, so no op for UI on our side. :) Great, carry on then :)
Reporter | ||
Updated•8 years ago
|
Whiteboard: [webauthn]
Updated•7 years ago
|
Summary: Implement (initial) USB HID support → Implement (initial) USB HID support for U2F Security Keys
Reporter | ||
Updated•7 years ago
|
Comment 10•7 years ago
|
||
I'm really just doing reviews on this now and either :ttaubert or :jcj are heading this up, so handing off to :ttaubert for now.
Assignee: kyle → ttaubert
Reporter | ||
Comment 11•7 years ago
|
||
Enable by setting these prefs to true: security.webauth.u2f security.webauth.webauthn_enable_usbtoken and setting this one to false: security.webauth.webauthn_enable_softtoken
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Comment 12•7 years ago
|
||
Does security.webauth.webauthn need to be set to true as well?
Reporter | ||
Comment 13•7 years ago
|
||
(In reply to Richard Soderberg [:atoll] [:�] from comment #12) > Does security.webauth.webauthn need to be set to true as well? Not for U2F support. That adds our (currently) Draft 5 support for W3C Web Authentication, the spiritual successor to U2F.
Comment 14•6 years ago
|
||
Is work for a generic HID API being tracked? This works for U2F, but for features like HMAC-SHA1 Challenge Response eg. https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html, an API like https://developer.chrome.com/apps/hid would be necessary. It appears this exists but is abstracted by window.u2f - are there plans to expose this as well? Thank you.
You need to log in
before you can comment on or make changes to this bug.
Description
•