psa_util: enhance checks on leading zeros in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/psa_util.c b/library/psa_util.c
index 7e79b1c..674f21b 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -488,10 +488,20 @@
return ret;
}
+ /* It's invalid to have MSb set without a leading 0x00 (leading 0x00 is
+ * checked below). */
+ if ((*p & 0x80) != 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+
/* Skip possible leading zero */
if ((unpadded_len > 0) && (*p == 0x00)) {
p++;
unpadded_len--;
+ /* Only 1 leading zero is allowed, otherwise that's an error. */
+ if (*p == 0x00) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
}
if (unpadded_len > coordinate_size) {
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index f12a4bb..568f6c5 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -74,13 +74,13 @@
depends_on:PSA_WANT_ECC_SECP_K1_256
ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0
-ECDSA DER -> Raw, 256bit, Valid r all zeros
+ECDSA DER -> Raw, 256bit, Invalid r all zeros
depends_on:PSA_WANT_ECC_SECP_K1_256
-ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
+ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
-ECDSA DER -> Raw, 256bit, Valid s all zeros
+ECDSA DER -> Raw, 256bit, Invalid s all zeros
depends_on:PSA_WANT_ECC_SECP_K1_256
-ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
+ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte
depends_on:PSA_WANT_ECC_SECP_K1_256
@@ -98,6 +98,10 @@
depends_on:PSA_WANT_ECC_SECP_K1_256
ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
+ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero
+depends_on:PSA_WANT_ECC_SECP_K1_256
+ecdsa_der_to_raw:256:"30440220911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
ECDSA Raw -> DER, 512bit, Success
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512