From: Tobias Brunner Date: Tue, 10 Dec 2019 09:12:48 +0000 (+0100) Subject: libtpmtss: Convert RSA exponent to big-endian when provided by a TPM 2.0 X-Git-Tag: 5.8.2rc2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ee1242f14383d56d9d982edcaafea3392232e97;p=thirdparty%2Fstrongswan.git libtpmtss: Convert RSA exponent to big-endian when provided by a TPM 2.0 While the TPM expects and returns the data in big-endian, the SAPI implementation converts it to native-endianness. As stated in the SAPI specification (section 3.2): 8. All SAPI data SHALL be in native-endian format. This means that the SAPI implementation will do any endian conversion required for both inputs and outputs. So to use the exponent in a chunk we have to convert it to big-endian again. Fixes: 7533cedb9a8a ("libtpmtss: Read RSA public key exponent instead of assuming its value") --- diff --git a/src/libtpmtss/tpm_tss_tss2_v1.c b/src/libtpmtss/tpm_tss_tss2_v1.c index 0335fab91a..fb26d059b0 100644 --- a/src/libtpmtss/tpm_tss_tss2_v1.c +++ b/src/libtpmtss/tpm_tss_tss2_v1.c @@ -503,7 +503,7 @@ METHOD(tpm_tss_t, get_public, chunk_t, rsa = &public.t.publicArea.unique.rsa; aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size); - exponent = public.t.publicArea.parameters.rsaDetail.exponent; + exponent = htonl(public.t.publicArea.parameters.rsaDetail.exponent); if (!exponent) { aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); diff --git a/src/libtpmtss/tpm_tss_tss2_v2.c b/src/libtpmtss/tpm_tss_tss2_v2.c index e527443fb9..c5d78d6419 100644 --- a/src/libtpmtss/tpm_tss_tss2_v2.c +++ b/src/libtpmtss/tpm_tss_tss2_v2.c @@ -457,7 +457,7 @@ METHOD(tpm_tss_t, get_public, chunk_t, rsa = &public.publicArea.unique.rsa; aik_modulus = chunk_create(rsa->buffer, rsa->size); - exponent = public.publicArea.parameters.rsaDetail.exponent; + exponent = htonl(public.publicArea.parameters.rsaDetail.exponent); if (!exponent) { aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);