From 393051f407a89d8b76186721fd1355e1e4da7f7a Mon Sep 17 00:00:00 2001
From: shimun <shimun@shimun.net>
Date: Fri, 30 Oct 2020 16:45:53 +0100
Subject: [PATCH] UNDO: hmac-secret should be different when UV=1

---
 fido2/ctap.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fido2/ctap.c b/fido2/ctap.c
index d23f8ad..d65d8ea 100644
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -461,7 +461,6 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
         // Generate credRandom
         crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
         crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
-        crypto_sha256_update(&getAssertionState.user_verified, 1);
         crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
 
         // Decrypt saltEnc
@@ -1750,7 +1749,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
         return ret;
     }
 
-    if (GA.pinAuthEmpty)
+    if (GA.pinAuthEmpty && GA.up)
     {
         ret = ctap2_user_presence_test();
         check_retr(ret);