From e53548feca1581cccbe5962462710dbaa652e607 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 24 Nov 2023 15:20:13 +0100
Subject: [PATCH] Always return credProtect in credential management

Fixes P-1 in this test:
https://github.com/fido-alliance/ctap2.1-conformance-module/blob/main/tests/CTAP2/Protocol/CredentialManagement/21/CredentialManagement-21-EnumerateCredentials.js
---
 libraries/opensk/src/ctap/credential_management.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libraries/opensk/src/ctap/credential_management.rs b/libraries/opensk/src/ctap/credential_management.rs
index fe0f5ea5..d6ad5bde 100644
--- a/libraries/opensk/src/ctap/credential_management.rs
+++ b/libraries/opensk/src/ctap/credential_management.rs
@@ -91,12 +91,13 @@ fn enumerate_credentials_response<E: Env>(
         transports: None, // You can set USB as a hint here.
     };
     let public_key = private_key.get_pub_key::<E>()?;
+    let cred_protect = cred_protect_policy.or(Some(env.customization().default_cred_protect()));
     Ok(AuthenticatorCredentialManagementResponse {
         user: Some(user),
         credential_id: Some(credential_id),
         public_key: Some(public_key),
         total_credentials,
-        cred_protect: cred_protect_policy,
+        cred_protect,
         large_blob_key,
         ..Default::default()
     })