Skip user presence check directly after boot

This patch adds a configuration option to skip the additional user presence check for the first Get Assertion or Authenticate request within a certain duration after boot. In this case, the device insertion is interpreted as a user presence indicator.
trussed-dev · Aug 22, 2022 · 47bcee5 · 47bcee5
1 parent 7b2a9ae
commit 47bcee5
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 6 deletions.
diff --git a/src/ctap1.rs b/src/ctap1.rs
@@ -186,9 +186,11 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
                 };
             }
             ControlByte::EnforceUserPresenceAndSign => {
-                self.up
-                    .user_present(&mut self.trussed, constants::U2F_UP_TIMEOUT)
-                    .map_err(|_| Error::ConditionsOfUseNotSatisfied)?;
+                if !self.skip_up_check() {
+                    self.up
+                        .user_present(&mut self.trussed, constants::U2F_UP_TIMEOUT)
+                        .map_err(|_| Error::ConditionsOfUseNotSatisfied)?;
+                }
                 0x01
             }
             ControlByte::DontEnforceUserPresenceAndSign => 0x00,

diff --git a/src/ctap2.rs b/src/ctap2.rs
@@ -932,9 +932,11 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
 
         // 7. collect user presence
         let up_performed = if do_up {
-            info_now!("asking for up");
-            self.up
-                .user_present(&mut self.trussed, constants::FIDO2_UP_TIMEOUT)?;
+            if !self.skip_up_check() {
+                info_now!("asking for up");
+                self.up
+                    .user_present(&mut self.trussed, constants::FIDO2_UP_TIMEOUT)?;
+            }
             true
         } else {
             info_now!("not asking for up");

diff --git a/src/lib.rs b/src/lib.rs
@@ -15,6 +15,8 @@
 extern crate delog;
 generate_macros!();
 
+use core::time::Duration;
+
 use trussed::{client, syscall, types::Message, Client as TrussedClient};
 
 use ctap_types::heapless_bytes::Bytes;
@@ -71,6 +73,9 @@ pub struct Config {
     pub max_msg_size: usize,
     // pub max_creds_in_list: usize,
     // pub max_cred_id_length: usize,
+    /// If set, the first Get Assertion or Authenticate request within the specified time after
+    /// boot is accepted without additional user presence verification.
+    pub skip_up_timeout: Option<Duration>,
 }
 
 // impl Default for Config {
@@ -229,6 +234,19 @@ where
         let hash = syscall!(self.trussed.hash_sha256(data)).hash;
         hash.to_bytes().expect("hash should fit")
     }
+
+    fn skip_up_check(&mut self) -> bool {
+        // If enabled in the configuration, we don't require an additional user presence
+        // verification for a certain duration after boot.
+        if let Some(timeout) = self.config.skip_up_timeout.take() {
+            let uptime = syscall!(self.trussed.uptime()).uptime;
+            if uptime < timeout {
+                info_now!("skip up check directly after boot");
+                return true;
+            }
+        }
+        false
+    }
 }
 
 #[cfg(test)]