From bec1d842ac2a38d37a30fee182a7246ead5c41c9 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 5 Feb 2024 15:50:02 +0100
Subject: [PATCH] psa_util: convert_der_to_raw_single_int() accepts also all
 zero integers

These values are not mathematically valid as signature, but as
for what it concerns with ECDSA conversion functions, 0 values
in DER format should be translated to 0 values in raw format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/psa_util.c                           |  4 ----
 tests/suites/test_suite_psa_crypto_util.data | 24 +++++++++++++-------
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/library/psa_util.c b/library/psa_util.c
index f3fcd1d8c..0a77855b0 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -493,10 +493,6 @@ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len,
         p++;
         unpadded_len--;
     }
-    /* It should never happen that the input number has 0 length. */
-    if (unpadded_len == 0) {
-        return MBEDTLS_ERR_ASN1_INVALID_DATA;
-    }
 
     if (unpadded_len > coordinate_size) {
         /* Parsed number is longer than the maximum expected value. */
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index 580622f8c..f12a4bb72 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -74,21 +74,29 @@ ECDSA DER -> Raw, 256bit, r with MSb set
 depends_on:PSA_WANT_ECC_SECP_K1_256
 ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0
 
-ECDSA DER -> Raw, 256bit, Invalid r (only 1 zero byte)
+ECDSA DER -> Raw, 256bit, Valid r all zeros
 depends_on:PSA_WANT_ECC_SECP_K1_256
-ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
 
-ECDSA DER -> Raw, 256bit, Invalid s (only 1 zero byte)
+ECDSA DER -> Raw, 256bit, Valid s all zeros
 depends_on:PSA_WANT_ECC_SECP_K1_256
-ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
 
-ECDSA DER -> Raw, 256bit, Invalid r (0-length)
+ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte
 depends_on:PSA_WANT_ECC_SECP_K1_256
-ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
 
-ECDSA DER -> Raw, 256bit,Invalid s (0-length)
+ECDSA DER -> Raw, 256bit, Valid s only 1 zero byte
 depends_on:PSA_WANT_ECC_SECP_K1_256
-ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
+ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
+
+ECDSA DER -> Raw, 256bit, Valid 0-length r
+depends_on:PSA_WANT_ECC_SECP_K1_256
+ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA DER -> Raw, 256bit, Valid 0-length s
+depends_on:PSA_WANT_ECC_SECP_K1_256
+ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
 
 # 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
 ECDSA Raw -> DER, 512bit, Success