From 1c1005a0e8cc07ca6863e3a98d173d9a11e32136 Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp94@gmail.com>
Date: Sat, 21 Mar 2020 13:04:03 -0400
Subject: [PATCH] add credprotect parameter to output

---
 fido2/ctap.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/fido2/ctap.c b/fido2/ctap.c
index c953b2d..2d8a010 100644
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -1289,8 +1289,15 @@ uint8_t ctap_cred_rk(CborEncoder * encoder, int rk_ind, int rk_count)
     CTAP_residentKey rk;
     ctap_load_rk(rk_ind, &rk);
 
+    uint32_t cred_protect = read_metadata_from_masked_credential(&rk.id);
+    if ( cred_protect == 0 || cred_protect > 3 ) 
+    {
+        // Take default value of userVerificationOptional
+        cred_protect = EXT_CRED_PROTECT_OPTIONAL;
+    }
+
     CborEncoder map;
-    size_t map_size = rk_count > 0 ? 4 : 3;
+    size_t map_size = rk_count > 0 ? 5 : 4;
     int ret = cbor_encoder_create_map(encoder, &map, map_size);
     check_ret(ret);
     ret = cbor_encode_int(&map, 6);
@@ -1344,6 +1351,12 @@ uint8_t ctap_cred_rk(CborEncoder * encoder, int rk_ind, int rk_count)
         ret = cbor_encode_int(&map, rk_count);
         check_ret(ret);
     }
+
+    ret = cbor_encode_int(&map, 0x0A);
+    check_ret(ret);
+    ret = cbor_encode_int(&map, cred_protect);
+    check_ret(ret);
+
     ret = cbor_encoder_close_container(encoder, &map);
     check_ret(ret);
     return 0;