the registration code is not in right code section

src/main/java/com/josh/vku2f/CTAP2.java

@@ -416,43 +416,6 @@ public class CTAP2 extends Applet implements ExtendedLength {
 	 * @param dataLength
 	 */
 	private void create_new_cert(APDU apdu, short dataLength){
-
-	}
-	/**
-	 * for alternative framework purpose
-	 * <p>
-	 * input: IDx , PuKp in CBOR form
-	 * return: PuKx, encryptedCx in CBOR form
-	 */
-	private void getPuKxCx(APDU apdu, short dataLength) {
-		cborDecoder.init(dataBuffer, (short) 1, dataLength);
-		try {
-			cborDecoder.readMajorType(CBORBase.TYPE_ARRAY);
-
-			// read IDx
-			short length = cborDecoder.readTextString(scratch, (short) 0);
-			idSecret.IDx = new DomString(scratch, length);
-
-			// read PuKp
-			cborDecoder.readByteString(scratch, (short) 0);
-			Util.arrayCopy(scratch, (short) 8, idSecret.PuKp, (short) 1, (short) 64);
-		} catch (UserException e) {
-			returnError(apdu, e.getReason());
-		}
-		KeyAgreement keyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
-		keyAgreement.init(attestationKeyPair.getPrivate());
-		keyAgreement.generateSecret(idSecret.PuKp, (short) 0, (short) 65, idSecret.sharedSecret, (short) 0);
-
-		idSecret.initAesKey();
-		idSecret.encryptCx();
-
-		// make output cbor
-		cborEncoder.init(dataBuffer, (short) 0, (short) 1200);
-		cborEncoder.startArray((short) 2);
-
-		// put PuKx
-		short length = attestationKeyPair.getPubkey(scratch, (short) 0);
-		cborEncoder.encodeByteString(scratch, (short) 0, length);
 		// init hkdf
 		/*
 		 * 	TODO
@@ -502,7 +465,7 @@ public class CTAP2 extends Applet implements ExtendedLength {
 		hkdf.getNextOutputKey(new byte[32], (short)32, output_key, (short)32);
 		// using output key to calculate HMAC
 		HMAC hmac = new HMAC(output_key);
-		hmac.update(ret2, (short)0, (short)length);
+		hmac.update(ret2, (short)0, (short)32);
 		hmac.doFinal(ret2, (short)32);
 		// ret2
 		// | ----- 32 byte is H(H(IV)||H(Nonce)) ----- | ----- 32 byte HMAC -----|
@@ -515,6 +478,43 @@ public class CTAP2 extends Applet implements ExtendedLength {
 		// HMAC(output_key, H(IV||Nonce)) 32 bytes ret2[32:64]
 		// Iteration(Counter) 4 bytes integer : counter
 		// total return length : 100 bytes
+	}
+	/**
+	 * for alternative framework purpose
+	 * <p>
+	 * input: IDx , PuKp in CBOR form
+	 * return: PuKx, encryptedCx in CBOR form
+	 */
+	private void getPuKxCx(APDU apdu, short dataLength) {
+		cborDecoder.init(dataBuffer, (short) 1, dataLength);
+		try {
+			cborDecoder.readMajorType(CBORBase.TYPE_ARRAY);
+
+			// read IDx
+			short length = cborDecoder.readTextString(scratch, (short) 0);
+			idSecret.IDx = new DomString(scratch, length);
+
+			// read PuKp
+			cborDecoder.readByteString(scratch, (short) 0);
+			Util.arrayCopy(scratch, (short) 8, idSecret.PuKp, (short) 1, (short) 64);
+		} catch (UserException e) {
+			returnError(apdu, e.getReason());
+		}
+		KeyAgreement keyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
+		keyAgreement.init(attestationKeyPair.getPrivate());
+		keyAgreement.generateSecret(idSecret.PuKp, (short) 0, (short) 65, idSecret.sharedSecret, (short) 0);
+
+		idSecret.initAesKey();
+		idSecret.encryptCx();
+
+		// make output cbor
+		cborEncoder.init(dataBuffer, (short) 0, (short) 1200);
+		cborEncoder.startArray((short) 2);
+
+		// put PuKx
+		short length = attestationKeyPair.getPubkey(scratch, (short) 0);
+		cborEncoder.encodeByteString(scratch, (short) 0, length);
+
 		cborEncoder.encodeByteString(idSecret.encryptedCx, (short) 0, (short) idSecret.encryptedCx.length);
 
 		// generate HMAC