From b3a5b7e04a9fe85bf0623a352fc7da71f2446101 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Fri, 2 Feb 2018 02:41:42 +0100
Subject: [PATCH] fix incorrect length in copyOfRange

---
 .../keychain/securitytoken/operations/PsoDecryptTokenOp.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/PsoDecryptTokenOp.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/PsoDecryptTokenOp.java
index 4fde33d14..4d227b023 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/PsoDecryptTokenOp.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/PsoDecryptTokenOp.java
@@ -112,7 +112,7 @@ public class PsoDecryptTokenOp {
     private byte[] decryptSessionKeyEcdh(byte[] encryptedSessionKeyMpi, ECKeyFormat eckf, CanonicalizedPublicKey publicKey)
             throws IOException {
         int mpiLength = getMpiLength(encryptedSessionKeyMpi);
-        byte[] encryptedPoint = Arrays.copyOfRange(encryptedSessionKeyMpi, 2, mpiLength);
+        byte[] encryptedPoint = Arrays.copyOfRange(encryptedSessionKeyMpi, 2, mpiLength + 2);
 
         X9ECParameters x9Params = NISTNamedCurves.getByOID(eckf.getCurveOID());
         ECPoint p = x9Params.getCurve().decodePoint(encryptedPoint);