Use Electron HID instead of node-hid

dicekeys / dicekeys-app-typescript

The DiceKeys App for Electron and Web

16 stars 3 forks source link

Use Electron HID instead of node-hid #107

Closed UppaJung closed 2 years ago

UppaJung commented 3 years ago

As of Electron 15.1, there is now WebHID support. https://www.electronjs.org/releases/stable#features-1510

Using it will require overriding the blocklist on FIDO.

Switching from node-hid would allow us to remove dependencies on not only node-hid but also electron-build (which is currently not supporting Electron 15, per the concern from @angelix).

So, this task is to investigate and, if possible, implement a move the the internal Electron API if it's possible to overcome the FIDO blocklist and any issues involving which process needs to be running as administrator on Windows.

UppaJung commented 3 years ago

@angelix, the new electron WebHID features are built on the assumption that a script running in a browser will be communicating with the HID device. To get a device list, you need to go through navigator.hid, which doesn't exist outside the code running in the browser.

So, to make this work, we'd need to launch a browser in the admin process used to write to FIDO keys (run the code in SeedHardwareKey.ts), send messages into the browser telling it what to do, and then get messages back out. There's an engineering complexity cost to write the code, a resource cost for memory/cpu/latency for launching that browser and the extra communication layers. It's much less efficient on the user's computer than the current implementation, but it would liberate us from two dependencies.

Thoughts?

UppaJung commented 3 years ago

(See branch https://github.com/dicekeys/dicekeys-app-typescript/tree/electron-hid)

UppaJung commented 3 years ago

Alternative: we use HID in the main process, scrap the second process, and anyone who wants to use the DiceKeys app on Windows for seeding should run it as administrator.

angelix commented 3 years ago

The easiest is to inform users to launch the app with admin rights. Those with Solokey should be comfortable to do that. We can also have some instructions to do so.

We currently have the mechanism to launch an executable with admin rights, we could also re-launch the app with admin rights. Needs some changes so that we can exit the previous process and open a new one with admin rights.

UppaJung commented 3 years ago

Alas, I've hit a wall due to the Electron implementation having a hidden barrier against talking to FIDO keys.

https://github.com/electron/electron/pull/30213/files#diff-b7bbb2d7e43829a5ff7e3193f64460dda1eb26e9c4f8fe07a1e8dcfd9208c599R105

I could report a bug and ask them to make it configurable, but likely not fixable in short order.

If not for that flag, my hope is that this would actually work. We're successfully enumerating the FIDO keys. We just can't send data to them or request data from them.

UppaJung commented 3 years ago

I have filed a bug against the Electron implementation and suggested a one-line fix that I hope would solve the issue.

https://github.com/electron/electron/issues/31595

UppaJung commented 3 years ago

Awaiting nightly electron build to test.