Skip user presence check directly after boot

trussed-dev / fido-authenticator

FIDO authenticator Trussed app

Apache License 2.0

36 stars 10 forks source link

Skip user presence check directly after boot #16

Closed robin-nitrokey closed 2 years ago

robin-nitrokey commented 2 years ago

This patch adds a configuration option to skip the additional user presence check for the first Get Assertion or Authenticate request within a certain duration after boot. In this case, the device insertion is interpreted as a user presence indicator.

This is a breaking change because a field is added to the exhaustive Config struct. If you prefer, we could put it behind a feature flag that is disabled by default. Generally, it could make sense to make Config non-exhaustive so that it can be extended without breaking compatibility.

nickray commented 2 years ago

This seems nice from a UX perspective, two thoughts:

Is this behaviour allowed/suggested anywhere in the spec?
Seems this adds one more fault injection opportunity (but we're not very hardened currently anyway)

I'll go ahead and merge this with a view towards shared codebases, and include in the upcoming 0.1.1 release (ignoring that it's breaking since it's just us currently). We can discuss pros+cons of non-exhaustiveness another time :)

robin-nitrokey commented 2 years ago

Is this behaviour allowed/suggested anywhere in the spec?

Not explicitly. The relevant definition is in Section 5: Terminology – Evidence of user interaction: “The general notion is that the user interacts with the authenticator in some fashion.” In this case, we see the device insertion as a valid interaction.