From f5b89aed69a3d083938bc393c13b979ed189079d Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Thu, 7 Nov 2024 00:16:22 +0100
Subject: [PATCH] Use DEV key from OTP if available when initializing.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 pico-keys-sdk            |  2 +-
 src/hsm/cmd_initialize.c | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/pico-keys-sdk b/pico-keys-sdk
index e85d77c..cf36c29 160000
--- a/pico-keys-sdk
+++ b/pico-keys-sdk
@@ -1 +1 @@
-Subproject commit e85d77c08437e7f2ba269dc91f796ad49df1f0f8
+Subproject commit cf36c2988c323226d40361b65a7b52e35def35f6
diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c
index ff0abaa..a94a92e 100644
--- a/src/hsm/cmd_initialize.c
+++ b/src/hsm/cmd_initialize.c
@@ -23,6 +23,7 @@
 #include "version.h"
 #include "asn1.h"
 #include "cvc.h"
+#include "otp.h"
 
 extern void scan_all();
 
@@ -183,8 +184,13 @@ int cmd_initialize() {
             mbedtls_ecdsa_context ecdsa;
             mbedtls_ecdsa_init(&ecdsa);
             mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
-            uint8_t index = 0, key_id = 0;
-            ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, &index);
+            uint8_t key_id = 0;
+            if (otp_key_2) {
+                ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256K1, &ecdsa, otp_key_2, 32);
+            }
+            else {
+                ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, NULL);
+            }
             if (ret != 0) {
                 mbedtls_ecdsa_free(&ecdsa);
                 return SW_EXEC_ERROR();