OpenPGP card v3.3 : fix KDF-DO min/max length

src/fr/anssi/smartpgp/Constants.java

@@ -32,8 +32,6 @@ public final class Constants {
 
     protected static final short APDU_MAX_LENGTH = (short)256;
 
-    protected static final short KEY_DERIVATION_FUNCTION_MIN_LENGTH = 2;
-    protected static final short KEY_DERIVATION_FUNCTION_MAX_LENGTH = 160;
     protected static final byte[] KEY_DERIVATION_FUNCTION_DEFAULT = {
         (byte)0xF9, (byte)0x03, (byte)0x81, (byte)0x01, (byte)0x00
     };
@@ -168,7 +166,7 @@ public final class Constants {
         (byte)0x01, /* SM 0x01 = 128 bits, 0x02 = 256 bits */
         (byte)0x00, (byte)0x20, /* max length get challenge */
         (byte)0x04, (byte)0x80, /* max length of carholder certificate */
-        (byte)0x00, (byte)0xff, /* max length of special DOs (private, login, url) */
+        (byte)0x00, (byte)0xff, /* max length of special DOs (private, login, url, KDF-DO) */
         (byte)0x00, /* PIN format 2 not supported */
         (byte)0x00  /* RFU */
     };

src/fr/anssi/smartpgp/Persistent.java

@@ -131,7 +131,7 @@ public final class Persistent {
             pgp_keys[i] = new PGPKey(false);
         }
 
-        key_derivation_function = new byte[Constants.KEY_DERIVATION_FUNCTION_MAX_LENGTH];
+        key_derivation_function = new byte[Constants.specialDoMaxLength()];
         key_derivation_function_length = 0;
 
         user_pin = new OwnerPIN(Constants.USER_PIN_RETRY_COUNT, Constants.USER_PIN_MAX_SIZE);

src/fr/anssi/smartpgp/SmartPGPApplet.java

@@ -1039,8 +1039,8 @@ public final class SmartPGPApplet extends Applet {
 
             case Constants.TAG_KEY_DERIVATION_FUNCTION:
                 assertAdmin();
-                if((lc < Constants.KEY_DERIVATION_FUNCTION_MIN_LENGTH) ||
-                   (lc > Constants.KEY_DERIVATION_FUNCTION_MAX_LENGTH)) {
+                if((lc < 0) ||
+                   (lc > Constants.specialDoMaxLength())) {
                     ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
                     return;
                 }