From 7d7b6b88ba96a77021d588a0ada1c61ad95d5957 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Wed, 24 Aug 2022 17:48:50 +0200
Subject: [PATCH] Trying to recover MKEK to preserver device private key. If
 not, all are generated again.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/cmd_initialize.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c
index 86b4493..5bc79f0 100644
--- a/src/hsm/cmd_initialize.c
+++ b/src/hsm/cmd_initialize.c
@@ -115,7 +115,9 @@ int cmd_initialize() {
         file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF);
         if (!tf_kd)
             return SW_EXEC_ERROR();
-        if (store_mkek(NULL) != CCID_OK)
+        uint8_t mkek[MKEK_SIZE];
+        int ret_mkek = load_mkek(mkek); //Tries to load MKEK if PIN/SO-PIN are provided before
+        if (store_mkek(ret_mkek == CCID_OK ? mkek : NULL) != CCID_OK)
             return SW_EXEC_ERROR();
         if (dkeks) {
             if (*dkeks > 0) {
@@ -150,7 +152,7 @@ int cmd_initialize() {
         if (!fdkey)
             return SW_EXEC_ERROR();
         int ret = 0;
-        if (file_get_size(fdkey) == 0 || file_get_data(fdkey) == NULL) {
+        if (ret_mkek != CCID_OK || file_get_size(fdkey) == 0 || file_get_data(fdkey) == NULL) {
             mbedtls_ecdsa_context ecdsa;
             mbedtls_ecdsa_init(&ecdsa);
             mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;