From a3545dfc9422d450aff99000607f8e1fc561bbd7 Mon Sep 17 00:00:00 2001
From: Marcin Wielgoszewski <mwielgoszewski@users.noreply.github.com>
Date: Thu, 9 Nov 2023 11:39:58 -0500
Subject: [PATCH] don't drop leading zeroes when performing generic ecdsa
 signing (#357)

call ret.FillBytes() instead of ret.Bytes() to preserve leading zeroes that may have been dropped when converting the digest to an integer
---
 attest/wrapped_tpm20.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/attest/wrapped_tpm20.go b/attest/wrapped_tpm20.go
index 03ede645..1468c1bd 100644
--- a/attest/wrapped_tpm20.go
+++ b/attest/wrapped_tpm20.go
@@ -623,7 +623,9 @@ func signECDSA(rw io.ReadWriter, key tpmutil.Handle, digest []byte, curve ellipt
 	if excess > 0 {
 		ret.Rsh(ret, uint(excess))
 	}
-	digest = ret.Bytes()
+	// call ret.FillBytes() here instead of ret.Bytes() to preserve leading zeroes
+	// that may have been dropped when converting the digest to an integer
+	digest = ret.FillBytes(digest)
 
 	sig, err := tpm2.Sign(rw, key, "", digest, nil, nil)
 	if err != nil {