Hi ,I feel that the DFStart function has two lines of code implementation that may be wrong, the following shows the code
|
memcpy(&dfState->iv[0], init, 8); |
I think the destination parameter of the memcpy function should be dfState->buf, not dfState->iv[0], because the init variable stores inputLength and seedsize. If you copy it to dfState->iv[0], the initial value of dfState->iv[0] will be overwritten. According to the description in step 4 in section 10.3.2 in SP800-90A, the value should be stored in dfState->buf and used as the input parameter of the BCC calculation. In addition, memcpy contains 8 bytes.,so I think dfState->content should be equal to 8, not equal to 4 in the source code.is it a historical error or the current implementation is designed in this way?
In addition, part 4 of the TPM library specification implements only part of Block_Cipher_df (I think steps 10-15 are missing). I would like to ask why the complete DF function is not implemented according to section 10.3.2 (Block_Cipher_df) in SP800-90A.
Hi ,I feel that the DFStart function has two lines of code implementation that may be wrong, the following shows the code
ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c
Line 191 in e9fc7b8
ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c
Line 192 in e9fc7b8
I think the destination parameter of the memcpy function should be dfState->buf, not dfState->iv[0], because the init variable stores inputLength and seedsize. If you copy it to dfState->iv[0], the initial value of dfState->iv[0] will be overwritten. According to the description in step 4 in section 10.3.2 in SP800-90A, the value should be stored in dfState->buf and used as the input parameter of the BCC calculation. In addition, memcpy contains 8 bytes.,so I think dfState->content should be equal to 8, not equal to 4 in the source code.is it a historical error or the current implementation is designed in this way?
In addition, part 4 of the TPM library specification implements only part of Block_Cipher_df (I think steps 10-15 are missing). I would like to ask why the complete DF function is not implemented according to section 10.3.2 (Block_Cipher_df) in SP800-90A.