psa_util: enhance checks on leading zeros in convert_der_to_raw_single_int()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-02-05 16:17:44 +01:00
parent 05c256fb36
commit 091bdc416d
2 changed files with 18 additions and 4 deletions

View file

@ -488,10 +488,20 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len,
return ret;
}
/* It's invalid to have MSb set without a leading 0x00 (leading 0x00 is
* checked below). */
if ((*p & 0x80) != 0) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
/* Skip possible leading zero */
if ((unpadded_len > 0) && (*p == 0x00)) {
p++;
unpadded_len--;
/* Only 1 leading zero is allowed, otherwise that's an error. */
if (*p == 0x00) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
}
if (unpadded_len > coordinate_size) {

View file

@ -74,13 +74,13 @@ ECDSA DER -> Raw, 256bit, r with MSb set
depends_on:PSA_WANT_ECC_SECP_K1_256
ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0
ECDSA DER -> Raw, 256bit, Valid r all zeros
ECDSA DER -> Raw, 256bit, Invalid r all zeros
depends_on:PSA_WANT_ECC_SECP_K1_256
ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
ECDSA DER -> Raw, 256bit, Valid s all zeros
ECDSA DER -> Raw, 256bit, Invalid s all zeros
depends_on:PSA_WANT_ECC_SECP_K1_256
ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte
depends_on:PSA_WANT_ECC_SECP_K1_256
@ -98,6 +98,10 @@ ECDSA DER -> Raw, 256bit, Valid 0-length s
depends_on:PSA_WANT_ECC_SECP_K1_256
ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero
depends_on:PSA_WANT_ECC_SECP_K1_256
ecdsa_der_to_raw:256:"30440220911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
ECDSA Raw -> DER, 512bit, Success
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512