hmac-secret should be different when UV=1

2020-03-28 12:14:35 -04:00 · 2020-03-28 12:14:35 -04:00 · cbf40f4ec7
commit cbf40f4ec7
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -461,6 +461,7 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
        // Generate credRandom
        crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
        crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
+        crypto_sha256_update(&getAssertionState.user_verified, 1);
        crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);

        // Decrypt saltEnc