psa_util: improve leading zeros check in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/psa_util.c b/library/psa_util.c
index 970274e..fd119bf 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -488,18 +488,21 @@
return ret;
}
- /* It's invalid to have MSb set without a leading 0x00 (leading 0x00 is
- * checked below). */
- if ((*p & 0x80) != 0) {
+ /* It's invalid to have:
+ * - unpadded_len == 0.
+ * - MSb set without a leading 0x00 (leading 0x00 is checked below). */
+ if (((unpadded_len == 0) || (*p & 0x80) != 0)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
/* Skip possible leading zero */
- if ((unpadded_len > 0) && (*p == 0x00)) {
+ if (*p == 0x00) {
p++;
unpadded_len--;
- /* Only 1 leading zero is allowed, otherwise that's an error. */
- if (*p == 0x00) {
+ /* It is not allowed to have more than 1 leading zero.
+ * Ignore the case in which unpadded_len = 0 because that's a 0 encoded
+ * in ASN.1 format (i.e. 020100). */
+ if ((unpadded_len > 0) && (*p == 0x00)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
}
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index 86f63ab..807007b 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -110,13 +110,21 @@
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
-ECDSA DER -> Raw, 256bit, Valid 0-length r
+ECDSA DER -> Raw, 256bit, Invalid 0-length r
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
-ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
+ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
-ECDSA DER -> Raw, 256bit, Valid 0-length s
+ECDSA DER -> Raw, 256bit, Invalid 0-length s
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
-ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
+ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid r 2 leading zeros
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3027020300000102202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid s 2 leading zeros
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3027022011111111111111111111111111111111111111111111111111111111111111110203000001":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256