From f0a9d03ca8abcda18585db32a1525ff3a3daa199 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Wed, 8 Jan 2025 14:38:02 +0100
Subject: [PATCH] Fix storing MKEK in devices with OTP_1 available.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/kek.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/hsm/kek.c b/src/hsm/kek.c
index db02214..61a80fa 100644
--- a/src/hsm/kek.c
+++ b/src/hsm/kek.c
@@ -134,6 +134,9 @@ int store_mkek(const uint8_t *mkek) {
     else {
         memcpy(tmp_mkek, mkek, MKEK_SIZE);
     }
+    if (otp_key_1) {
+        mkek_masked(tmp_mkek, otp_key_1);
+    }
     *(uint32_t *) MKEK_CHECKSUM(tmp_mkek) = crc32c(MKEK_KEY(tmp_mkek), MKEK_KEY_SIZE);
     if (has_session_pin) {
         uint8_t tmp_mkek_pin[MKEK_SIZE];