From b9fa61282ed7af5776bc9a5ecbe605b4a59a5fe5 Mon Sep 17 00:00:00 2001
From: Michele Balistreri <michele@bitgamma.com>
Date: Fri, 6 Sep 2019 15:43:08 +0300
Subject: [PATCH] fix oneShotAES

---
 src/main/java/im/status/keycard/Crypto.java        | 2 +-
 src/main/java/im/status/keycard/KeycardApplet.java | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/java/im/status/keycard/Crypto.java b/src/main/java/im/status/keycard/Crypto.java
index 12fe10e..c93cffd 100644
--- a/src/main/java/im/status/keycard/Crypto.java
+++ b/src/main/java/im/status/keycard/Crypto.java
@@ -62,7 +62,7 @@ public class Crypto {
   public short oneShotAES(byte mode, byte[] src, short sOff, short sLen, byte[] dst, short dOff, byte[] key, short keyOff) {
     tmpAES256.setKey(key, keyOff);
     aesCbcIso9797m2.init(tmpAES256, mode, src, sOff, AES_BLOCK_SIZE);
-    return aesCbcIso9797m2.doFinal(src, (short) (sOff + AES_BLOCK_SIZE), sLen, dst, dOff);
+    return aesCbcIso9797m2.doFinal(src, (short) (sOff + AES_BLOCK_SIZE), (short) (sLen - AES_BLOCK_SIZE), dst, dOff);
   }
 
   boolean bip32IsHardened(byte[] i, short iOff) {
diff --git a/src/main/java/im/status/keycard/KeycardApplet.java b/src/main/java/im/status/keycard/KeycardApplet.java
index 2c7dc55..f7770a5 100644
--- a/src/main/java/im/status/keycard/KeycardApplet.java
+++ b/src/main/java/im/status/keycard/KeycardApplet.java
@@ -1180,7 +1180,8 @@ public class KeycardApplet extends Applet {
   private short exportDuplicate(byte[] apduBuffer) {
     finalizeDuplicationKey();
     crypto.random.generateData(apduBuffer, SecureChannel.SC_OUT_OFFSET, Crypto.AES_BLOCK_SIZE);
-    short off = (short) (SecureChannel.SC_OUT_OFFSET + Crypto.AES_BLOCK_SIZE);
+    short sOff = (short) (SecureChannel.SC_OUT_OFFSET + Crypto.AES_BLOCK_SIZE);
+    short off = sOff;
     Util.arrayCopyNonAtomic(apduBuffer, SecureChannel.SC_OUT_OFFSET, apduBuffer, off, Crypto.AES_BLOCK_SIZE);
     off += Crypto.AES_BLOCK_SIZE;
 
@@ -1200,7 +1201,7 @@ public class KeycardApplet extends Applet {
       off += CHAIN_CODE_SIZE;
     }
 
-    return (short) (Crypto.AES_BLOCK_SIZE + crypto.oneShotAES(Cipher.MODE_ENCRYPT, apduBuffer, (short) (SecureChannel.SC_OUT_OFFSET + Crypto.AES_BLOCK_SIZE), off, apduBuffer, (short) (SecureChannel.SC_OUT_OFFSET + Crypto.AES_BLOCK_SIZE), duplicationEncKey, (short) 0));
+    return (short) (Crypto.AES_BLOCK_SIZE + crypto.oneShotAES(Cipher.MODE_ENCRYPT, apduBuffer, sOff, (short)(off - sOff), apduBuffer, sOff, duplicationEncKey, (short) 0));
   }
 
   private void importDuplicate(byte[] apduBuffer) {