psa_util: convert_der_to_raw_single_int() accepts also all zero integers
These values are not mathematically valid as signature, but as for what it concerns with ECDSA conversion functions, 0 values in DER format should be translated to 0 values in raw format. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
8334d00772
commit
bec1d842ac
2 changed files with 16 additions and 12 deletions
|
@ -493,10 +493,6 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len,
|
||||||
p++;
|
p++;
|
||||||
unpadded_len--;
|
unpadded_len--;
|
||||||
}
|
}
|
||||||
/* It should never happen that the input number has 0 length. */
|
|
||||||
if (unpadded_len == 0) {
|
|
||||||
return MBEDTLS_ERR_ASN1_INVALID_DATA;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (unpadded_len > coordinate_size) {
|
if (unpadded_len > coordinate_size) {
|
||||||
/* Parsed number is longer than the maximum expected value. */
|
/* Parsed number is longer than the maximum expected value. */
|
||||||
|
|
|
@ -74,21 +74,29 @@ ECDSA DER -> Raw, 256bit, r with MSb set
|
||||||
depends_on:PSA_WANT_ECC_SECP_K1_256
|
depends_on:PSA_WANT_ECC_SECP_K1_256
|
||||||
ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0
|
ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0
|
||||||
|
|
||||||
ECDSA DER -> Raw, 256bit, Invalid r (only 1 zero byte)
|
ECDSA DER -> Raw, 256bit, Valid r all zeros
|
||||||
depends_on:PSA_WANT_ECC_SECP_K1_256
|
depends_on:PSA_WANT_ECC_SECP_K1_256
|
||||||
ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
|
ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
|
||||||
|
|
||||||
ECDSA DER -> Raw, 256bit, Invalid s (only 1 zero byte)
|
ECDSA DER -> Raw, 256bit, Valid s all zeros
|
||||||
depends_on:PSA_WANT_ECC_SECP_K1_256
|
depends_on:PSA_WANT_ECC_SECP_K1_256
|
||||||
ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
|
ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
|
||||||
|
|
||||||
ECDSA DER -> Raw, 256bit, Invalid r (0-length)
|
ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte
|
||||||
depends_on:PSA_WANT_ECC_SECP_K1_256
|
depends_on:PSA_WANT_ECC_SECP_K1_256
|
||||||
ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
|
ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
|
||||||
|
|
||||||
ECDSA DER -> Raw, 256bit,Invalid s (0-length)
|
ECDSA DER -> Raw, 256bit, Valid s only 1 zero byte
|
||||||
depends_on:PSA_WANT_ECC_SECP_K1_256
|
depends_on:PSA_WANT_ECC_SECP_K1_256
|
||||||
ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
|
ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
|
||||||
|
|
||||||
|
ECDSA DER -> Raw, 256bit, Valid 0-length r
|
||||||
|
depends_on:PSA_WANT_ECC_SECP_K1_256
|
||||||
|
ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
|
||||||
|
|
||||||
|
ECDSA DER -> Raw, 256bit, Valid 0-length s
|
||||||
|
depends_on:PSA_WANT_ECC_SECP_K1_256
|
||||||
|
ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
|
||||||
|
|
||||||
# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
|
# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
|
||||||
ECDSA Raw -> DER, 512bit, Success
|
ECDSA Raw -> DER, 512bit, Success
|
||||||
|
|
Loading…
Reference in a new issue