From 7d0adf0a5e3b8b6b2cd5d357d1e88bcf1f8d1c2c Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 17 Dec 2025 22:46:57 +0100 Subject: [PATCH] Fix cipher block size as IV length for legacy credential activation --- legacy/tpm2/credactivation/credential_activation.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/legacy/tpm2/credactivation/credential_activation.go b/legacy/tpm2/credactivation/credential_activation.go index 90e9123d..7145a1c8 100644 --- a/legacy/tpm2/credactivation/credential_activation.go +++ b/legacy/tpm2/credactivation/credential_activation.go @@ -101,7 +101,7 @@ func generate(aik *tpm2.HashValue, pub crypto.PublicKey, symBlockSize int, secre // IV is all null bytes. encIdentity represents the encrypted credential. encIdentity := make([]byte, len(cv)) - cipher.NewCFBEncrypter(c, make([]byte, len(symmetricKey))).XORKeyStream(encIdentity, cv) + cipher.NewCFBEncrypter(c, make([]byte, c.BlockSize())).XORKeyStream(encIdentity, cv) // Generate the integrity HMAC, which is used to protect the integrity of the // encrypted structure.