Implementation of CFB mode parameter encryption is incomplete
wmjdgla opened this issue · comments
wmjdgla commented
TSS.MSR/TSS.CPP/Src/TpmAuthSessions.cpp
Line 169 in d715b59
As per TPM Library - Part 1: Architecture - Section 21.1 Session-based encryption - Introduction:
If a session is also being used for authorization, sessionValue (see 21.2 and 21.3) is sessionKey || authValue. The binding of the session is ignored. If the session is not being used for authorization, sessionValue is sessionKey.
sessionValue is passed as the key parameter to KDFa to generate the key and IV for CFB mode parameter encryption. However the code just passes sessionKey and ignored authValue.