From f2b3ca4029227e532eb88972c766fd8dc99aba5d Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Wed, 25 Nov 2020 17:44:52 +0100
Subject: [PATCH] Make private key sensitive and ensure attestation is OTP

---
 src/ctap/storage.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ctap/storage.rs b/src/ctap/storage.rs
index da8828c..8e396b6 100644
--- a/src/ctap/storage.rs
+++ b/src/ctap/storage.rs
@@ -552,11 +552,11 @@ impl PersistentStore {
         let entry = StoreEntry {
             tag: ATTESTATION_PRIVATE_KEY,
             data: attestation_private_key,
-            sensitive: false,
+            sensitive: true,
         };
         match self.store.find_one(&Key::AttestationPrivateKey) {
             None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
+            _ => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
         Ok(())
     }
@@ -580,7 +580,7 @@ impl PersistentStore {
         };
         match self.store.find_one(&Key::AttestationCertificate) {
             None => self.store.insert(entry)?,
-            Some((index, _)) => self.store.replace(index, entry)?,
+            _ => return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
         }
         Ok(())
     }