Rust library to interact with U2F Security Keys over USB HID
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

A Rust HID library for interacting with U2F Security Keys

Build Status Maturity Level

This is a cross-platform library for interacting with U2F Security Key-type devices via Rust.

  • Supported Platforms: Windows, Linux, FreeBSD, and macOS.
  • Supported HID Transports: USB.
  • Supported Protocols: FIDO U2F over USB.

This library currently focuses on U2F security keys, but is expected to be extended to support additional protocols and transports.


There's only a simple example function that tries to register and sign right now. It uses env_logger for logging, which you configure with the RUST_LOG environment variable:

cargo build --example main
RUST_LOG=debug cargo run --example main

Proper usage should be to call into this library from something else - e.g., Firefox. There are some C headers exposed for the purpose.


There are some tests of the cross-platform runloop logic and the protocol decoder:

cargo test


There are fuzzers for the USB protocol reader, basically fuzzing inputs from the HID layer. There are not (yet) fuzzers for the C API used by callers (such as Gecko).

To fuzz, you will need cargo-fuzz (the latest version from GitHub) as well as Rust Nightly.

rustup install nightly
cargo install --git

cargo +nightly fuzz run u2f_read -- -max_len=512
cargo +nightly fuzz run u2f_read_write -- -max_len=512