psa_util: improve leading zeros check in convert_der_to_raw_single_int()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-02 16:13:27 +00:00 · 2024-02-07 16:16:58 +01:00 · 2024-02-07 16:16:58 +01:00 · 1910390b4a
commit 1910390b4a
parent ef07fa0fc3
2 changed files with 21 additions and 10 deletions
--- a/library/psa_util.c
+++ b/library/psa_util.c
@ -488,18 +488,21 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len,
        return ret;
    }
-    /* It's invalid to have MSb set without a leading 0x00 (leading 0x00 is
+    /* It's invalid to have:
-     * checked below). */
+     * - unpadded_len == 0.
-    if ((*p & 0x80) != 0) {
+     * - MSb set without a leading 0x00 (leading 0x00 is checked below). */
    if (((unpadded_len == 0) || (*p & 0x80) != 0)) {
        return MBEDTLS_ERR_ASN1_INVALID_DATA;
    }
    /* Skip possible leading zero */
-    if ((unpadded_len > 0) && (*p == 0x00)) {
+    if (*p == 0x00) {
        p++;
        unpadded_len--;
-        /* Only 1 leading zero is allowed, otherwise that's an error. */
+        /* It is not allowed to have more than 1 leading zero.
-        if (*p == 0x00) {
+         * Ignore the case in which unpadded_len = 0 because that's a 0 encoded
         * in ASN.1 format (i.e. 020100). */
        if ((unpadded_len > 0) && (*p == 0x00)) {
            return MBEDTLS_ERR_ASN1_INVALID_DATA;
        }
    }
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@ -110,13 +110,21 @@ ECDSA DER -> Raw, 256bit, Valid s only 1 zero byte
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
-ECDSA DER -> Raw, 256bit, Valid 0-length r
+ECDSA DER -> Raw, 256bit, Invalid 0-length r
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
-ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
+ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
-ECDSA DER -> Raw, 256bit, Valid 0-length s
+ECDSA DER -> Raw, 256bit, Invalid 0-length s
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
-ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
+ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
 ECDSA DER -> Raw, 256bit, Invalid r 2 leading zeros
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_der_to_raw:256:"3027020300000102202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
 ECDSA DER -> Raw, 256bit, Invalid s 2 leading zeros
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_der_to_raw:256:"3027022011111111111111111111111111111111111111111111111111111111111111110203000001":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
 ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256