don't drop leading zeroes when performing generic ecdsa signing (#357)

call ret.FillBytes() instead of ret.Bytes() to preserve leading zeroes that may have been dropped when converting the digest to an integer
google · Nov 9, 2023 · a3545df · a3545df
1 parent 93c5899
commit a3545df
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/attest/wrapped_tpm20.go b/attest/wrapped_tpm20.go
@@ -623,7 +623,9 @@ func signECDSA(rw io.ReadWriter, key tpmutil.Handle, digest []byte, curve ellipt
 	if excess > 0 {
 		ret.Rsh(ret, uint(excess))
 	}
-	digest = ret.Bytes()
+	// call ret.FillBytes() here instead of ret.Bytes() to preserve leading zeroes
+	// that may have been dropped when converting the digest to an integer
+	digest = ret.FillBytes(digest)
 
 	sig, err := tpm2.Sign(rw, key, "", digest, nil, nil)
 	if err != nil {