microg
Add regular fido service
It adds support for regular FIDO service.
Edit: This PR is not based on the other PR (#2183) any more. Old branch can be found here: p1gp1g:feat/regular_fido_v1
I have updated the feature for the privileged fido api and use static features. I have not yet tested the later change, I'll do it later if I've time (and if no one else can)
I have seen that the libraries doesn't use the features for the request.
Side note: Some actions I have seen that aren't in microG:
- com.google.android.gms.fido.fido2.zeroparty.START
- com.google.android.gms.fido.fido2.firstparty.START
- com.google.android.gms.fido.u2f.privileged.START
- com.google.android.gms.fido.u2f.thirdparty.START
- com.google.android.gms.fido.u2f.zeroparty.START
@p1gp1g You have defined 4 features in FidoFeatures.java but you have used only 3 in Fido2PrivilegedService.kt, is it an oversight?
@ale5000-git 3 features for the privileged service, 2 for the regular one, 1 in common : there are 4 features :)
@p1gp1g when I was asking for them to be static, I was thinking of how we do it at other places like https://github.com/microg/GmsCore/blob/df6f331a6f65af0a51755e96f5a849ee18e1d6dd/play-services-core/src/main/kotlin/org/microg/gms/auth/account/data/GoogleAuthService.kt#L28-L44 which is shared between GoogleAuthService and AccountDataService.
It may seem weird to declare features to a service that are not provided by it, but Google does the same in original Play Services (services are declared in groups that share their set of features) and in the past Google was even requiring this for some APIs (the client library was requiring that service A announced a feature of service B). We want to prevent a small update to the client library breaking support because of not announcing a feature (we had those issues in the past).
I can check the full list of services that Google announces on FIDO APIs later and provide it here (it can be extracted from the chimera manifest in the assets of play services apk).
The full set of feature is not used by these 2 services. There is a declaration of the full set, and it is used for the zeroparty or the firstparty one. I haven't added other features because I though it would better fit a PR introducing those services (if needed).
Regular Fido and Privileged Fido use the set with respectively 2 and 3 features
Here's the content of the chimera manifest of play services 24.05.15, with the module for the fido already highlighted: https://gist.github.com/mar-v-in/1cb40abe41ed751d3ab8f78ef6843b7f#file-chimeramanifest-L12804-L13243
When connecting to this version of play services, all the API services listed in the module (with prefix 13 {) would consider the features listed in the module (with prefix 15 {) as available. The list of provided features is not per api service, but per module.
@p1gp1g
Build fails:
2024-02-23T12:39:12.3567512Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:29:59 Unresolved reference: IFido2RegularCallbacks
2024-02-23T12:39:12.3569500Z
2024-02-23T12:39:12.3572526Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:30:59 Unresolved reference: IFido2RegularService
2024-02-23T12:39:12.3576523Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:51:54 Unresolved reference: asBinder
2024-02-23T12:39:12.3580719Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:57:61 Cannot weaken access privilege 'public' for 'lifecycle' in 'LifecycleOwner'
2024-02-23T12:39:12.3585399Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:57:73 'lifecycle' hides member of supertype 'LifecycleOwner' and needs 'override' modifier
2024-02-23T12:39:12.3588308Z > Task :play-services-fido-core:compileDebugKotlin FAILED
2024-02-23T12:39:12.3590694Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:58:5 Unresolved reference: IFido2RegularService
2024-02-23T12:39:12.3594692Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:59:5 'getRegisterPendingIntent' overrides nothing
2024-02-23T12:39:12.3598221Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:59:54 Unresolved reference: IFido2RegularCallbacks
2024-02-23T12:39:12.3601674Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:73:5 'getSignPendingIntent' overrides nothing
2024-02-23T12:39:12.3605116Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:73:50 Unresolved reference: IFido2RegularCallbacks
2024-02-23T12:39:12.3608831Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:87:5 'isUserVerifyingPlatformAuthenticatorAvailable' overrides nothing
2024-02-23T12:39:12.3612498Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:98:5 'getCredentialList' overrides nothing
2024-02-23T12:39:12.3616109Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:104:5 'getLifecycle' overrides nothing
2024-02-23T12:39:12.3619372Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:106:5 'onTransact' overrides nothing
2024-02-23T12:39:12.3623253Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:107:9 Unresolved reference. None of the following candidates is applicable because of receiver type mismatch:
2024-02-23T12:39:12.3626799Z public fun IBinder.warnOnTransactionIssues(code: Int, reply: Parcel?, flags: Int, tag: String = ..., base: () -> Boolean): Boolean defined in org.microg.gms.utils
2024-02-23T12:39:12.3629662Z e: file:///home/runner/work/GmsCore/GmsCore/play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt:107:66 Unresolved reference: onTransact
I don't know why the CI fails. Is there a cache or something ?
An app using the lib can now communicate with PlayServices for the regular functions. I have tested it until the Play Services failed because of missing authorization server side (the demo I used don't have assetslinks.json). I have to test a proper login tomorrow, with a service I will host.
@p1gp1g
These are the errors:
e: play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2AppService.kt:56:57 Cannot weaken access privilege 'public' for 'lifecycle' in 'LifecycleOwner'
e: play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2AppService.kt:56:69 'lifecycle' hides member of supertype 'LifecycleOwner' and needs 'override' modifier
e: play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2AppService.kt:97:5 'getLifecycle' overrides nothing
I don't know it too much but I think this type of code is deprecated, look at the changes here: https://github.com/microg/GmsCore/commit/48e0b00a7f94feea1c19477824eefd68c559a229#diff-09c7aa118b786f685aa2ead8f15b3824e83a97235b82f5bec93357f0d8959ee3L85
@ale5000-git Thanks I've rebased the branch & updated the code for the lifecycle
Well, after some tests, it doesn't work from this microg fido library (this PR) to the Google Play services.
I don't have a test phone with me atm with signature spoofing to try from GPlay lib to microG. This app makes it easy to test: https://github.com/android/codelab-fido2 . Does someone wants to try ?
I don't have all the internal microG/play services in mind, so help is welcomed. I have observed this difference, I don't know if that's relevant:
with microg lib
BoundBrokerSvc com.google.android.gms D onBind: Intent { act=com.google.android.gms.fido.fido2.regular.START pkg=com.google.android.gms }
BoundBrokerSvc com.google.android.gms D Loading bound service for intent: Intent { act=com.google.android.gms.fido.fido2.regular.START pkg=com.google.android.gms }
with gplay lib
BoundBrokerSvc com.google.android.gms.persistent D onBind: Intent { act=com.google.android.gms.phenotype.service.START dat=chimera-action:/... cmp=com.google.android.gms/.chimera.PersistentApiService }
BoundBrokerSvc com.google.android.gms.persistent D Loading bound service for intent: Intent { act=com.google.android.gms.phenotype.service.START dat=chimera-action:/... cmp=com.google.android.gms/.chimera.PersistentApiService }
BoundBrokerSvc com.google.android.gms D onBind: Intent { act=com.google.android.gms.fido.credentialstore.internal_service.START dat=chimera-action:/... cmp=com.google.android.gms/.chimera.GmsInternalApiService }
BoundBrokerSvc com.google.android.gms D Loading bound service for intent: Intent { act=com.google.android.gms.fido.credentialstore.internal_service.START dat=chimera-action:/... cmp=com.google.android.gms/.chimera.GmsInternalApiService }
[...]
@p1gp1g have you been testing on Android 14? FIDO/Passkeys works entirely different since Android 14 and microG's implementation is currently not fully compatible with the Android 14 APIs.
This check was on Android 13.
[Edit: I said it was on Android 14 but no the last check, sorry]
