Add native support for hardware 2FA security keys

[moodguru-arch]

This may be more applicable to Vanadium in which case, apologies, please feel free to move/delete as necessary.

Currently no support within browsers for hardware security keys e.g. FIDO2 Yubikey etc.

Priority would be Vanadium but Bromite and other chromium based browsers also have the same issue.

USB and/or NFC support would be welcomed.

[akc3n]

GrapheneOS/Vanadium#61

[thestinger]

FIDO2 works fine on GrapheneOS in apps supporting it.

[thestinger]

Currently no support within browsers for hardware security keys e.g. FIDO2 Yubikey etc.

Most apps implement FIDO2 via a Play services library. NFC FIDO2 works via sandboxed Play services, although with some UI quirks. USB and BT support are likely not working yet. Vanadium had to disable support for the Play services library temporarily but that should be able to get enabled again later. It would be nice if Chromium had their own implementation but it doesn't.

https://play.google.com/store/apps/details?id=de.cotech.hw.fido.browser is an example of a WebView-based browser with an implementation not based on Play services.

[moodguru-arch]

Thanks for the explanation. Also, interesting to see COTECH's implementation.

Many thanks again and I'll follow the progress on Vanadium.

[Peter-Easton]

I ran a few tests...

• Microsoft Edge for Android: U2F fully working with Sandboxed Play Services
• Firefox for Android: U2F fully working with Sandboxed Play Services
• Opera Mini: U2F does not work. The "insert or tap your Yubikey" dialogue remains in the screen, but the browser won't respond even when the Yubikey is inserted and tapped.
• Brave: U2F does not work, and reports an "Operation Aborted" error.
• DuckDuckGo Browser: U2F does not work. The "insert or tap your Yubikey" dialogue remains in the screen, but the browser won't respond even when the Yubikey is inserted and tapped.
• Chrome by Google: Not tested.