Is it possible to use libfido2 for other fido token brands except YubiKey?

[ehsanr1366]

I had a c++ code to assert. It use winhello to comiuncate with my fido token. It was OK.

I had to use from other lib without winhello so I get libfido2 and build it.

The brand of my fido token is 'thetis'. So I encountered the following.

I have to change condition of is_fido on fido_hid_manifest():

//if (is_fido(d) == false)
if (wcscmp(d->product_string, L"FIDO2 Security Key") != 0)

Now I get this output:

   run_manifest: found 1 hid device
   fido_tx: dev=000002A60511C050, cmd=0x86
   fido_tx: buf=000002A60511C050, len=8
   0000: 5a ab b6 54 5c 5d 7e 23
   tx: tx_preamble
   fido_dev_open_tx: fido_tx

My problem is when I run fido_dev_open(dev, path); so ofter trace it I found error is here:

if ((sent = tx_preamble(d, cmd, buf, count, ms)) == 0) {
	fido_log_debug("%s: tx_preamble", __func__);
	return (-1);
}

Of course, I must say that the device is discovered with the following path:

\\?\HID#VID_1EA8&PID_FC25&MI_00#7&29aed109&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}\KBD

At the beginning of my question is, can I use libfido2 to use another brand's token or not?
And the next question is where should I change so that this token is supported?

[LDVG]

Hi,

I have to change condition of is_fido on fido_hid_manifest():

//if (is_fido(d) == false)
if (wcscmp(d->product_string, L"FIDO2 Security Key") != 0)

You should not have to change this line.

Do note that if you want to use the HID backend on Windows, you have to run your application as an administrator. Otherwise, you must use the winhello backend.

At the beginning of my question is, can I use libfido2 to use another brand's token or not?

You should be able to use any CTAP-compliant authenticator with libfido2.

And the next question is where should I change so that this token is supported?

You should not have to change anything.

[ehsanr1366]

Thank you for your answer to my question.

I don't want to use winhello to communicate with Fido token. In fact, I want to show the user on the dialog of my program that Faido token is connected and the user should touch it.

It is better to add that because I am developing a windows credential provider to login to windows and due to the limitation of the operating system, I cannot show the winhello dialog to the user when logging in to windows. So I decide to communicate with the token myself with the hid protocol.

[LDVG]

OK. Windows requires administrator access to communicate with authenticators using HID. Running the application as a privileged user should work out of the box, with no modifications to libfido2.

If this did not answer your question or if it does not work as described, please let us know by providing full debug logs when running the program as a privileged user. Thanks!