From e28dff677cda65b1e8bf328359a74d1236f7a83a Mon Sep 17 00:00:00 2001
From: matejcik <ja@matejcik.cz>
Date: Sat, 30 Sep 2023 22:55:45 +0200
Subject: [PATCH] fix(core/optiga): add correct key usage to OID_PIN_CMAC

---
 core/embed/trezorhal/optiga/optiga.c          | 1 +
 core/embed/trezorhal/optiga/optiga_commands.c | 2 ++
 core/embed/trezorhal/optiga_commands.h        | 1 +
 3 files changed, 4 insertions(+)

diff --git a/core/embed/trezorhal/optiga/optiga.c b/core/embed/trezorhal/optiga/optiga.c
index 0ed8a3bb9..13844f62d 100644
--- a/core/embed/trezorhal/optiga/optiga.c
+++ b/core/embed/trezorhal/optiga/optiga.c
@@ -293,6 +293,7 @@ static bool optiga_pin_init_metadata(void) {
   metadata.change = OPTIGA_META_ACCESS_ALWAYS;
   metadata.read = OPTIGA_META_ACCESS_NEVER;
   metadata.execute = ACCESS_PIN_STRETCH_COUNTER;
+  metadata.key_usage = OPTIGA_META_KEY_USE_ENC;
   if (!optiga_set_metadata(OID_PIN_CMAC, &metadata)) {
     return false;
   }
diff --git a/core/embed/trezorhal/optiga/optiga_commands.c b/core/embed/trezorhal/optiga/optiga_commands.c
index 8ebf28ff7..75bc2df04 100644
--- a/core/embed/trezorhal/optiga/optiga_commands.c
+++ b/core/embed/trezorhal/optiga/optiga_commands.c
@@ -42,6 +42,8 @@ const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS = {
     (const uint8_t[]){OPTIGA_ACCESS_COND_ALW}, 1};
 const optiga_metadata_item OPTIGA_META_ACCESS_NEVER = {
     (const uint8_t[]){OPTIGA_ACCESS_COND_NEV}, 1};
+const optiga_metadata_item OPTIGA_META_KEY_USE_ENC = {
+    (const uint8_t[]){OPTIGA_KEY_USAGE_ENC}, 1};
 const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE = {
     (const uint8_t[]){OPTIGA_KEY_USAGE_KEYAGREE}, 1};
 static const optiga_metadata_item OPTIGA_META_VERSION_DEFAULT = {
diff --git a/core/embed/trezorhal/optiga_commands.h b/core/embed/trezorhal/optiga_commands.h
index 743f8c0a7..4d271a812 100644
--- a/core/embed/trezorhal/optiga_commands.h
+++ b/core/embed/trezorhal/optiga_commands.h
@@ -137,6 +137,7 @@ typedef struct {
 extern const optiga_metadata_item OPTIGA_META_LCS_OPERATIONAL;
 extern const optiga_metadata_item OPTIGA_META_ACCESS_ALWAYS;
 extern const optiga_metadata_item OPTIGA_META_ACCESS_NEVER;
+extern const optiga_metadata_item OPTIGA_META_KEY_USE_ENC;
 extern const optiga_metadata_item OPTIGA_META_KEY_USE_KEYAGREE;
 
 optiga_result optiga_parse_metadata(const uint8_t *serialized,