From 074dd80afee54828d41ac8e453baa8e51874f629 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Fri, 23 Sep 2022 18:49:12 +0200
Subject: [PATCH] Adding support of credProtect on excludeList when make cred.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fido/cbor_make_credential.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c
index 837c052..f2b8d81 100644
--- a/src/fido/cbor_make_credential.c
+++ b/src/fido/cbor_make_credential.c
@@ -221,8 +221,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
             CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
         if (strcmp(excludeList[e].type.data, "public-key") != 0)
             continue;
-        if (credential_verify(excludeList[e].id.data, excludeList[e].id.len, rp_id_hash) == 0)
-            CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED);
+        Credential ecred;
+        if (credential_load(excludeList[e].id.data, excludeList[e].id.len, rp_id_hash, &ecred) == 0 && (ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED || flags & FIDO2_AUT_FLAG_UV))
+                    CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED);
     }
 
     if (options.up == ptrue) { //14.1