Skip to content

Logic error in .NET lib's CreateSensitiveComposite() when passing an externally-generated AES key #204

New issue
New issue
Open
Open
Logic error in .NET lib's CreateSensitiveComposite() when passing an externally-generated AES key#204
@crballentine-ess

Description

@crballentine-ess
crballentine-ess
opened on Sep 4, 2025

While trying to troubleshoot C# code that's calling TssObject.Create() to prepare an externally-generated AES key for TPM import, I found what I believe to be a logic error in CreateSensitiveComposite() which is called by Create().

I believe the bug to be in the else if (keyData.Length != keySize) in the code block below. That condition should use == rather than != otherwise a properly-sized keyData byte array will cause the else{} block to execute resulting in an exception.

        else if (pub.type == TpmAlgId.Symcipher)
        {
            var symDef = (SymDefObject)pub.parameters;
            if (symDef.Algorithm != TpmAlgId.Aes)
            {
                throw new ArgumentException("Unsupported symmetric algorithm");
            }

            int keySize = (symDef.KeyBits + 7) / 8;
            if (keyData == null)
            {
                keyData = Globs.GetRandomBytes(keySize);
            }
            else if (keyData.Length != keySize)
            {
                keyData = Globs.CopyData(keyData);
            }
            else
            {
                throw new ArgumentException("Wrong symmetric key length");
            }
            newSens = new Tpm2bSymKey(keyData);
        }

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions