When sending a standard GET CHALLENGE command like [CLA=0, INS=0x84, P1=0, P2=0, Le=0x20] the app crashes and responds with the code 0x6F42.
Watching the code, the GetChallenge command can work with the undocumented and non-standard P1=0x80 using P2 for length input. For example [CLA=0, INS=0x84, P1=0x80, P2=0x20, 0x00] is working. But it fails the same way with P2=0 : 6F42 response.
Actually, there are 2 issues :
The "Le" attribute is not properly setup before its reading in the GetChallenge command code path. As the initial value is 0, the command always takes 0 as length value (when used in the standard way P1=0).
The app allows a 0-length value for GetChallenge, which is not allowed by the standard. The OpenPGP standard explicitly states the requested length start at 1. And then the RNG BOLOS method throws an exception when the requested random length is 0.
When sending a standard GET CHALLENGE command like [CLA=0, INS=0x84, P1=0, P2=0, Le=0x20] the app crashes and responds with the code 0x6F42. Watching the code, the GetChallenge command can work with the undocumented and non-standard P1=0x80 using P2 for length input. For example [CLA=0, INS=0x84, P1=0x80, P2=0x20, 0x00] is working. But it fails the same way with P2=0 : 6F42 response.
Actually, there are 2 issues :