From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 15 Apr 2020 08:44:20 +0000 (+0200)
Subject: nts: encode key ID in cookie in network order
X-Git-Tag: 4.0-pre2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=04f632977371b9e9d6a69ddeeee69fa502d0b063;p=thirdparty%2Fchrony.git

nts: encode key ID in cookie in network order

This allows the server cookie to be decoded on different platforms.
---

diff --git a/nts_ke_server.c b/nts_ke_server.c
index f92bfc6a..8cbccdc6 100644
--- a/nts_ke_server.c
+++ b/nts_ke_server.c
@@ -746,8 +746,7 @@ NKS_GenerateCookie(NKE_Context *context, NKE_Cookie *cookie)
 
   header = (ServerCookieHeader *)cookie->cookie;
 
-  /* Keep the fields in the host byte order */
-  header->key_id = key->id;
+  header->key_id = htonl(key->id);
   UTI_GetRandomBytes(header->nonce, sizeof (header->nonce));
 
   plaintext_length = context->c2s.length + context->s2c.length;
@@ -780,6 +779,7 @@ NKS_DecodeCookie(NKE_Cookie *cookie, NKE_Context *context)
   int ciphertext_length, plaintext_length, tag_length;
   ServerCookieHeader *header;
   ServerKey *key;
+  uint32_t key_id;
 
   if (!initialised) {
     DEBUG_LOG("NTS server disabled");
@@ -795,9 +795,10 @@ NKS_DecodeCookie(NKE_Cookie *cookie, NKE_Context *context)
   ciphertext = cookie->cookie + sizeof (*header);
   ciphertext_length = cookie->length - sizeof (*header);
 
-  key = &server_keys[header->key_id % MAX_SERVER_KEYS];
-  if (header->key_id != key->id) {
-    DEBUG_LOG("Unknown key %"PRIX32, header->key_id);
+  key_id = ntohl(header->key_id);
+  key = &server_keys[key_id % MAX_SERVER_KEYS];
+  if (key_id != key->id) {
+    DEBUG_LOG("Unknown key %"PRIX32, key_id);
     return 0;
   }