Skip to content

Implement NFC #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Oct 29, 2025
Merged

Implement NFC #152

merged 10 commits into from
Oct 29, 2025
+1,660 −203

Conversation

@msirringhaus
Copy link
Collaborator

Very heavily based on #105, with the following additions:

  • Fleshed out the APDU-calls
  • Added select_fido2() to discover both U2F and FIDO2-only devices
  • Made NfcDevice derive Clone and other minor tweaks, so we can easily use it in credentialsd
  • Added the build with both NFC-features to the github CI (including the installation of libnfc et al.). I kept this separate from the original, un-featured build, so we can be sure the former works even without libnfc installed.

Open questions:

  • Biggest question to me is, how to handle the multiple backends and multiple devices. Since we can't run the "blink and wait for user presence"-scheme with NFC as we do with USB, I'm leaning towards simply always returning the very first found NFC-device instead of a list of found devices and use that. With this, we could get rid of the duplication-problem. I'm not sure many setups would include more than one NFC-reader (with different devices on there).
  • The cancel-handle is currently unused, and I'm not sure if we can use it anywhere at all.
  • No testing yet. Not sure how easy that would be to add.
  • Given that credentialsd uses a poll-mechanism to find USB-devices (simply looping over list_devices()) as well, I did not investigate to get a blocking device discovery.
  • For testing, I hacked my local credentialsd-repo by simply replacing hid with nfc in the USB-handler. Thus, I needed a dummy blink_and_wait_for_user_presence()-implementation. This should probably be removed, esp. if we go for the "return first device"-scheme mentioned above. But doing that, I was able to successfully use NFC-devices with Firefox.

AlfioEmanueleFresta
AlfioEmanueleFresta approved these changes Oct 16, 2025
View reviewed changes
Copy link
Member

@AlfioEmanueleFresta AlfioEmanueleFresta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much for picking this up @msirringhaus!

@AlfioEmanueleFresta
Copy link
Member

Biggest question to me is, how to handle the multiple backends and multiple devices. Since we can't run the "blink and wait for user presence"-scheme with NFC as we do with USB, I'm leaning towards simply always returning the very first found NFC-device instead of a list of found devices and use that. With this, we could get rid of the duplication-problem. I'm not sure many setups would include more than one NFC-reader (with different devices on there).

This seems a reasonable approach.

If in the future multiple backends scenarios arise, contributions to make this configurable will be welcome!

@msirringhaus msirringhaus mentioned this pull request Oct 24, 2025
Open
@msirringhaus
Address feedback
557b094 
- Create separate NFC-examples. Only compile them if NFC-features are requested
- Only return the first found NFC-device
- Remove left-over todo!()-macro call
@AlfioEmanueleFresta
Copy link
Member

Thank you very much @msirringhaus, this looks great!

@AlfioEmanueleFresta AlfioEmanueleFresta merged commit 604b53b into linux-credentials:master Oct 29, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlfioEmanueleFresta AlfioEmanueleFresta AlfioEmanueleFresta approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@msirringhaus @AlfioEmanueleFresta @mikma