Problem in Sm4Drbg

Question

Problem in Sm4Drbg

maths644311798 opened this issue 6 months ago · 3 comments

In yacl/crypto/rand/drbg/native_factory.cc, void Sm4Drbg::reseed(ByteContainerView additional_input):

  // reset internal state
  internal_state_.key = 0;
  internal_state_.v = 0;

These two sentences look strange and do not appear in 《软件随机数发生器设计指南》. Actually, resetting the internal state before calling rng_update would harm the randomness.

In Buffer Sm4Drbg::Generate(size_t len, ByteContainerView additional_input),

Buffer df_add_input(kSeedlen);
  if (!additional_input.empty()) {
    df_add_input = derive(additional_input, kSeedlen);
  }

The code misses one rng_update in the if branch.

Answer 1 · 2024-05-27T09:51:40.000Z

Thanks for your comments, we'll check and get back to U asap

Answer 2 · 2024-05-28T02:07:49.000Z

Bug confirmed, thanks for your time. Would you like to propose a PR?

Answer 3 · 2024-05-28T03:10:31.000Z

I also found that the SM4 encryption was encrypting additional_input instead of V in the document. I proposed a PR for these.