From b0b0187919409858e0d03bfca59cd40bd0e769a1 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Fri, 7 Jun 2024 20:57:21 +0200
Subject: [PATCH] Fix cleared permissions on make credential when UP is not
 present.

Following 14.1, flags shall be cleared only when UP == true.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fido/cbor_make_credential.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c
index 614ae5a..4de194a 100644
--- a/src/fido/cbor_make_credential.c
+++ b/src/fido/cbor_make_credential.c
@@ -313,9 +313,11 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
             }
         }
         flags |= FIDO2_AUT_FLAG_UP;
-        clearUserPresentFlag();
-        clearUserVerifiedFlag();
-        clearPinUvAuthTokenPermissionsExceptLbw();
+        if (options.up == ptrue) {
+            clearUserPresentFlag();
+            clearUserVerifiedFlag();
+            clearPinUvAuthTokenPermissionsExceptLbw();
+        }
     }
 
     const known_app_t *ka = find_app_by_rp_id_hash(rp_id_hash);