From eb8c635e38b5b40fe5cd3778609cf7f4eafe8760 Mon Sep 17 00:00:00 2001
From: Flavien Binet <flavien.binet@gmail.com>
Date: Tue, 29 Sep 2020 10:28:58 +0200
Subject: [PATCH] update device capability detection

---
 u2fhid/hid.go     | 13 +++++++++++--
 webauthn/token.go | 13 ++++++++-----
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/u2fhid/hid.go b/u2fhid/hid.go
index daf600a..7e551df 100644
--- a/u2fhid/hid.go
+++ b/u2fhid/hid.go
@@ -27,7 +27,9 @@ const (
 
 	broadcastChannel = 0xffffffff
 
-	capabilityWink = 1
+	capabilityWink = 0x01
+	capabilityCBOR = 0x04
+	capabilityNMSG = 0x08
 
 	minMessageLen      = 7
 	maxMessageLen      = 7609
@@ -100,9 +102,14 @@ type Device struct {
 	RawCapabilities uint8
 
 	// CapabilityWink is true if the device advertised support for the wink
-	// command during initilization. Even if this flag is true, the device may
+	// command during initialization. Even if this flag is true, the device may
 	// not actually do anything if the command is called.
 	CapabilityWink bool
+	// CapabilityCBOR is true when the device support CBOR encoded messages
+	// used by the CTAP2 protocol
+	CapabilityCBOR bool
+	// CababilityNMSG is true when the device support CTAP1 messages
+	CababilityNMSG bool
 
 	info    *hid.DeviceInfo
 	device  hid.Device
@@ -249,6 +256,8 @@ func (d *Device) Init() error {
 		d.BuildDeviceVersion = res[15]
 		d.RawCapabilities = res[16]
 		d.CapabilityWink = d.RawCapabilities&capabilityWink != 0
+		d.CapabilityCBOR = d.RawCapabilities&capabilityCBOR == 1
+		d.CababilityNMSG = d.RawCapabilities&capabilityNMSG == 0
 		break
 	}
 
diff --git a/webauthn/token.go b/webauthn/token.go
index a963557..5a51918 100644
--- a/webauthn/token.go
+++ b/webauthn/token.go
@@ -251,14 +251,17 @@ func (a *Webauthn) selectAuthenticators(opts AuthenticatorSelection) ([]Authenti
 				}
 
 				var current Authenticator
-				var isCTAP2 bool
-				t := ctap2.NewToken(dev)
-				if info, err := t.GetInfo(); err == nil {
+				if dev.CapabilityCBOR {
+					t := ctap2.NewToken(dev)
+					info, err := t.GetInfo()
+					if err != nil {
+						return nil, nil, err
+					}
+
 					current = &ctap2WebauthnToken{
 						t:       t,
 						options: info.Options,
 					}
-					isCTAP2 = true
 				} else {
 					current = &ctap1WebauthnToken{
 						t: u2ftoken.NewToken(dev),
@@ -272,7 +275,7 @@ func (a *Webauthn) selectAuthenticators(opts AuthenticatorSelection) ([]Authenti
 				if opts.UserVerification == UVDiscouraged && current.RequireUV() {
 					continue
 				}
-				if opts.UserVerification == UVRequired && !isCTAP2 {
+				if opts.UserVerification == UVRequired && !dev.CapabilityCBOR {
 					continue
 				}