mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-10 15:45:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()

Browse Source 
The only real contraint on the raw buffer is that it is large
enough to contain 2 coordinates. Larger buffers are therefore
allowed and the extra data will simply be ignored.

Note = trying to impose a strict sizing on the raw buffer causes
       several failures in test suites. This suggests that it is
       quite common to use larger buffer to store raw signatures.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-02-06 08:42:42 +01:00
parent 0e60e93c12
commit d4fc5d9d1c
3 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/psa_util.h
View File

@ -188,7 +188,7 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa
*
* \param bits Size of each coordinate in bits.
* \param raw Buffer that contains the signature in raw format.
* \param raw_len Length of \p raw in bytes. This must be
* \param raw_len Length of \p raw in bytes. This must be at least
* PSA_BITS_TO_BYTES(bits) bytes.
* \param[out] der Buffer that will be filled with the converted DER
* output. It can overlap with raw buffer.

2
library/psa_util.c
View File

@ -413,7 +413,7 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l
unsigned char *p = der + der_size;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ((raw_len < 2 * coordinate_len) || (raw_len > 2 * coordinate_len)) {
if (raw_len < 2 * coordinate_len) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}

4
tests/suites/test_suite_psa_crypto_util.data
View File

@ -42,10 +42,6 @@ ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte shorter)
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
ECDSA Raw -> DER, 256bit, Invalid raw signature (1 byte longer)
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
ECDSA DER -> Raw, 256bit, Success
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0