From b152ff15a8f4b258fd963b9e1e5ad196406919d0 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sun, 23 Mar 2025 23:27:52 +0100
Subject: [PATCH] Fix challenge length calculation for LT64.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fido/otp.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/fido/otp.c b/src/fido/otp.c
index 412773e..d9c5387 100644
--- a/src/fido/otp.c
+++ b/src/fido/otp.c
@@ -505,7 +505,13 @@ int cmd_otp() {
                 uint8_t aes_key[KEY_SIZE + UID_SIZE];
                 memcpy(aes_key, otp_config->aes_key, KEY_SIZE);
                 memcpy(aes_key + KEY_SIZE, otp_config->uid, UID_SIZE);
-                mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), aes_key, sizeof(aes_key), apdu.data, (otp_config->cfg_flags & HMAC_LT64) ? 8 : 64, res_APDU);
+                uint8_t chal_len = 64;
+                if (otp_config->cfg_flags & HMAC_LT64) {
+                    while (chal_len > 0 && apdu.data[63] == apdu.data[chal_len - 1]) {
+                        chal_len--;
+                    }
+                }
+                mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), aes_key, sizeof(aes_key), apdu.data, chal_len, res_APDU);
                 if (ret == 0) {
                     res_APDU_size = 20;
                 }