Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CTAPHID report size incorrectly limited #153

Open
tmthrgd opened this issue Jun 15, 2021 · 0 comments
Open

CTAPHID report size incorrectly limited #153

tmthrgd opened this issue Jun 15, 2021 · 0 comments

Comments

@tmthrgd
Copy link

tmthrgd commented Jun 15, 2021

authenticator-rs imposes a maximum HID report size of MAX_HID_RPT_SIZE = 64 bytes. This limit isn't part of either the CTAP 2.0 or CTAP 2.1 specs, although the spec is a tad vague about this. (All references will be to the CTAP 2.0 spec as 2.1 is still a draft).

USB 1.x Full Speed devices are limited to just 64-byte report sizes, but USB 2.0 (from 2001) introduced High Speed devices which can have report sizes up 1024-bytes (from what I've been able to find). The Linux kernel can support HID reports up to 16KiB in size since v5.11.

§ 8.1.8. says (emphasis mine):

The description further assumes (but is not limited to) a full-speed USB device (12 Mbit/s). Although not excluded per se, USB low-speed devices are not practical to use given the 8-byte report size limitation together with the protocol overhead.

§ 8.1.8.1. says (emphasis mine):

The device implements two endpoints (except the control endpoint 0), one for IN and one for OUT transfers. The packet size is vendor defined, but the reference implementation assumes a full-speed device with two 64-byte endpoints.

The actual endpoint order, intervals, endpoint numbers and endpoint packet size may be defined freely by the vendor and the host application is responsible for querying these values and handle these accordingly. For the sake of clarity, the values listed above are used in the following examples.

§ 8.1.8.2. says:

The length values specified by the HID_INPUT_REPORT_BYTES and the HID_OUTPUT_REPORT_BYTES should typically match the respective endpoint sizes defined in the endpoint descriptors.

While § 8.1.4. does say:

With a packet size of 64 bytes (max for full-speed devices), this means that the maximum message payload length is 64 - 7 + 128 * (64 - 5) = 7609 bytes.

This is clearly only an example of how to calculate the maximum message size. There's nothing else in the spec (from what I can see) that would impose a 64-byte maximum report size.

This implementation shouldn't be imposing a limit on the maximum HID report size (except where USB might have a limit) and certainly not one as small as 64-bytes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant