Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Android support #247

Open
jpalus opened this issue Dec 8, 2020 · 9 comments
Open

Android support #247

jpalus opened this issue Dec 8, 2020 · 9 comments
Labels
feature request New feature or request

Comments

@jpalus
Copy link

jpalus commented Dec 8, 2020

Is there any chance on adding Android to supported platforms? It would be really cool to use it with openssh inside Termux in a similar fashion to TermBot. Not sure if Android + NFC is in scope of this library though.

@jpalus jpalus added the feature request New feature or request label Dec 8, 2020
@martelletto
Copy link
Contributor

NFC on Linux is being worked on, and may land before the end of the year. Whether it will be enough to support Android is unclear. Android as a supported platform is unlikely to happen unless there is code contribution (and maintenance) by a third party.

@martelletto
Copy link
Contributor

Unfortunately, no. I can try to have a look at NFC on macOS at some point next year, but can't promise anything. Sorry.

@martelletto
Copy link
Contributor

Experimental support for NFC on Linux has been merged in 0a1a5ce.

@awakecoding
Copy link

Any update on this? I noticed that the Linux port requires libudev, which is not available on Android AFAIK. If libudev could be fixed, what else would be required to get libfido2 up and running on Android? Are there devices that should normally work with an Android phone?

@martelletto
Copy link
Contributor

We are not aware of efforts in this area. I don't know enough about Android to say what would be required, but I expect libudev not to be a problem, even if it isn't available. As to devices, any USB-C or NFC device should work, at least in theory.

@awakecoding
Copy link

@martelletto I'll cleanup my patches another day, but I just wanted to report that I've managed to get it build for Android using libudev-zero. explicit_bzero / bzero is missing on Android, but explicit_bzero is defined in libcrypto, so I've tweaked the code a little bit. Other than that, it's really like a Linux build. My CMake build system patches are here: https://github.com/awakecoding/libfido2/tree/devolutions

@martelletto
Copy link
Contributor

@awakecoding That's great news! Don't worry about cleaning up too much; anything that works is a good start, and we will happily take it from there. Did you get to test the resulting build? I was under the impression that Android applications would not be able to access /dev/hidraw* due to sandboxing.

@awakecoding
Copy link

@martelletto my primary goal at this point is just to get Win32-OpenSSH built for all platforms, even if libfido2 isn't actually used. I'm not sure what would be truly required to get FIDO2 support through libfido2 in a generic manner, and if libudev-zero would be sufficient. If not, how does FIDO2 work on Android? Are there higher-level APIs that should be used instead?

My patches were made on top of the PowerShell/libfido2 fork, so I remade them on top of the upstream repository. I've had to patch the CMake build system to accept non-default dependencies passed explicitly at generation time, and I see Microsoft made a few changes there as well. I kept my changes small, excluding dependency management for a first pull request upstream: #571

I could refactor the way the current build system detects dependencies to make it work properly with both globally-installed dependencies and explicitly-provided dependencies, but I would keep this for another pull request.

@viric
Copy link

viric commented May 13, 2023

@awakecoding FIDO2 works in Android usually through Google Apps, which talks to the device and offers an API to applications. MicroG (google apps open replacement) implemented that for USB/NFC (not blueooth): microg/GmsCore#849

Besides that, individual apps could also access the device by an android sdk like https://www.nitrokey.com/products/android-fido2-sdk

Another interesting point could be to use libfido2 in termux (linux as android app) through its "termux-usb", that allows launching a process with a fd handle to a usb device.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature request New feature or request
Development

No branches or pull requests

5 participants
@viric @awakecoding @jpalus @martelletto and others