libtpmtss: Read RSA public key exponent instead of assuming its value
authorkrinfels <kornel@duleba.com.pl>
Sun, 20 Jan 2019 13:39:08 +0000 (14:39 +0100)
committerTobias Brunner <tobias@strongswan.org>
Mon, 21 Jan 2019 10:52:08 +0000 (11:52 +0100)
Up to now it was assumed that the RSA public key exponent is equal to 2^16+1.
Although this is probably true in most if not all cases, it is not correct
according to the TPM 2.0 specification.

This patch fixes that by reading the exponent from the structure returned
by TPM2_ReadPublic.

Closes strongswan/strongswan#121.

src/libtpmtss/tpm_tss_tss2_v1.c
src/libtpmtss/tpm_tss_tss2_v2.c

index f904442..1c214af 100644 (file)
@@ -481,6 +481,7 @@ METHOD(tpm_tss_t, get_public, chunk_t,
                        TPM2B_PUBLIC_KEY_RSA *rsa;
                        TPMT_RSA_SCHEME *scheme;
                        chunk_t aik_exponent, aik_modulus;
+                       uint32_t exponent;
 
                        scheme = &public.t.publicArea.parameters.rsaDetail.scheme;
                        sig_alg   = scheme->scheme;
@@ -488,7 +489,15 @@ METHOD(tpm_tss_t, get_public, chunk_t,
 
                        rsa = &public.t.publicArea.unique.rsa;
                        aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size);
-                       aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
+                       exponent = public.t.publicArea.parameters.rsaDetail.exponent;
+                       if (!exponent)
+                       {
+                               aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
+                       }
+                       else
+                       {
+                               aik_exponent = chunk_from_thing(exponent);
+                       }
 
                        /* subjectPublicKeyInfo encoding of RSA public key */
                        if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER,
index 6bbbce2..cac0dd6 100644 (file)
@@ -435,6 +435,7 @@ METHOD(tpm_tss_t, get_public, chunk_t,
                        TPM2B_PUBLIC_KEY_RSA *rsa;
                        TPMT_RSA_SCHEME *scheme;
                        chunk_t aik_exponent, aik_modulus;
+                       uint32_t exponent;
 
                        scheme = &public.publicArea.parameters.rsaDetail.scheme;
                        sig_alg   = scheme->scheme;
@@ -442,7 +443,15 @@ METHOD(tpm_tss_t, get_public, chunk_t,
 
                        rsa = &public.publicArea.unique.rsa;
                        aik_modulus = chunk_create(rsa->buffer, rsa->size);
-                       aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
+                       exponent = public.publicArea.parameters.rsaDetail.exponent;
+                       if (!exponent)
+                       {
+                               aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
+                       }
+                       else
+                       {
+                               aik_exponent = chunk_from_thing(exponent);
+                       }
 
                        /* subjectPublicKeyInfo encoding of RSA public key */
                        if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER,