From 751fcf0538e17d5295c3575af37e811fdf3edda2 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sun, 23 Mar 2025 23:13:21 +0100
Subject: [PATCH] Fix HMAC-SHA1 calculation.

Fixes #127.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fido/otp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/fido/otp.c b/src/fido/otp.c
index 9c47671..412773e 100644
--- a/src/fido/otp.c
+++ b/src/fido/otp.c
@@ -502,7 +502,10 @@ int cmd_otp() {
                 if (!(otp_config->cfg_flags & CHAL_HMAC)) {
                     return SW_WRONG_DATA();
                 }
-                mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), otp_config->aes_key, KEY_SIZE, apdu.data, (otp_config->cfg_flags & HMAC_LT64) ? 8 : 64, res_APDU);
+                uint8_t aes_key[KEY_SIZE + UID_SIZE];
+                memcpy(aes_key, otp_config->aes_key, KEY_SIZE);
+                memcpy(aes_key + KEY_SIZE, otp_config->uid, UID_SIZE);
+                mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), aes_key, sizeof(aes_key), apdu.data, (otp_config->cfg_flags & HMAC_LT64) ? 8 : 64, res_APDU);
                 if (ret == 0) {
                     res_APDU_size = 20;
                 }