libtpmtss: Convert RSA exponent to big-endian when provided by a TPM 2.0
authorTobias Brunner <tobias@strongswan.org>
Tue, 10 Dec 2019 09:12:48 +0000 (10:12 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 10 Dec 2019 14:19:32 +0000 (15:19 +0100)
While the TPM expects and returns the data in big-endian, the SAPI
implementation converts it to native-endianness.  As stated in the
SAPI specification (section 3.2):

  8. All SAPI data SHALL be in native-endian format.  This means that
     the SAPI implementation will do any endian conversion required for
     both inputs and outputs.

So to use the exponent in a chunk we have to convert it to big-endian again.

Fixes: 7533cedb9a8a ("libtpmtss: Read RSA public key exponent instead of assuming its value")

src/libtpmtss/tpm_tss_tss2_v1.c
src/libtpmtss/tpm_tss_tss2_v2.c

index 0335fab..fb26d05 100644 (file)
@@ -503,7 +503,7 @@ METHOD(tpm_tss_t, get_public, chunk_t,
 
                        rsa = &public.t.publicArea.unique.rsa;
                        aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size);
 
                        rsa = &public.t.publicArea.unique.rsa;
                        aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size);
-                       exponent = public.t.publicArea.parameters.rsaDetail.exponent;
+                       exponent = htonl(public.t.publicArea.parameters.rsaDetail.exponent);
                        if (!exponent)
                        {
                                aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
                        if (!exponent)
                        {
                                aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
index e527443..c5d78d6 100644 (file)
@@ -457,7 +457,7 @@ METHOD(tpm_tss_t, get_public, chunk_t,
 
                        rsa = &public.publicArea.unique.rsa;
                        aik_modulus = chunk_create(rsa->buffer, rsa->size);
 
                        rsa = &public.publicArea.unique.rsa;
                        aik_modulus = chunk_create(rsa->buffer, rsa->size);
-                       exponent = public.publicArea.parameters.rsaDetail.exponent;
+                       exponent = htonl(public.publicArea.parameters.rsaDetail.exponent);
                        if (!exponent)
                        {
                                aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
                        if (!exponent)
                        {
                                aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);