fix oneShotAES

src/main/java/im/status/keycard/Crypto.java

@@ -62,7 +62,7 @@ public class Crypto {
   public short oneShotAES(byte mode, byte[] src, short sOff, short sLen, byte[] dst, short dOff, byte[] key, short keyOff) {
     tmpAES256.setKey(key, keyOff);
     aesCbcIso9797m2.init(tmpAES256, mode, src, sOff, AES_BLOCK_SIZE);
-    return aesCbcIso9797m2.doFinal(src, (short) (sOff + AES_BLOCK_SIZE), sLen, dst, dOff);
+    return aesCbcIso9797m2.doFinal(src, (short) (sOff + AES_BLOCK_SIZE), (short) (sLen - AES_BLOCK_SIZE), dst, dOff);
   }
 
   boolean bip32IsHardened(byte[] i, short iOff) {

src/main/java/im/status/keycard/KeycardApplet.java

@@ -1180,7 +1180,8 @@ public class KeycardApplet extends Applet {
   private short exportDuplicate(byte[] apduBuffer) {
     finalizeDuplicationKey();
     crypto.random.generateData(apduBuffer, SecureChannel.SC_OUT_OFFSET, Crypto.AES_BLOCK_SIZE);
-    short off = (short) (SecureChannel.SC_OUT_OFFSET + Crypto.AES_BLOCK_SIZE);
+    short sOff = (short) (SecureChannel.SC_OUT_OFFSET + Crypto.AES_BLOCK_SIZE);
+    short off = sOff;
     Util.arrayCopyNonAtomic(apduBuffer, SecureChannel.SC_OUT_OFFSET, apduBuffer, off, Crypto.AES_BLOCK_SIZE);
     off += Crypto.AES_BLOCK_SIZE;
 
@@ -1200,7 +1201,7 @@ public class KeycardApplet extends Applet {
       off += CHAIN_CODE_SIZE;
     }
 
-    return (short) (Crypto.AES_BLOCK_SIZE + crypto.oneShotAES(Cipher.MODE_ENCRYPT, apduBuffer, (short) (SecureChannel.SC_OUT_OFFSET + Crypto.AES_BLOCK_SIZE), off, apduBuffer, (short) (SecureChannel.SC_OUT_OFFSET + Crypto.AES_BLOCK_SIZE), duplicationEncKey, (short) 0));
+    return (short) (Crypto.AES_BLOCK_SIZE + crypto.oneShotAES(Cipher.MODE_ENCRYPT, apduBuffer, sOff, (short)(off - sOff), apduBuffer, sOff, duplicationEncKey, (short) 0));
   }
 
   private void importDuplicate(byte[] apduBuffer) {