Merge pull request #4007 from stevew817/feature/alt_implementation_is_not_deterministic

Don't self-test ECJPAKE ALT implementations against known entropy
2024-10-19 06:31:20 +00:00 · 2021-01-25 12:39:03 +00:00 · 2021-01-25 12:39:03 +00:00 · b034683a70
parent 6fbff5b557 64f2773eab
commit b034683a70
1 changed files with 11 additions and 0 deletions
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@ -820,6 +820,8 @@ static const unsigned char ecjpake_test_password[] = {
    0x65, 0x73, 0x74
 };

+#if !defined(MBEDTLS_ECJPAKE_ALT)
+
 static const unsigned char ecjpake_test_x1[] = {
    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
    0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
@ -964,6 +966,8 @@ cleanup:
    return( ret );
 }

+#endif /* ! MBEDTLS_ECJPAKE_ALT */
+
 /* For tests we don't need a secure RNG;
 * use the LGC from Numerical Recipes for simplicity */
 static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
@ -1059,6 +1063,12 @@ int mbedtls_ecjpake_self_test( int verbose )
    if( verbose != 0 )
        mbedtls_printf( "passed\n" );

+#if !defined(MBEDTLS_ECJPAKE_ALT)
+    /* 'reference handshake' tests can only be run against implementations
+     * for which we have 100% control over how the random ephemeral keys
+     * are generated. This is only the case for the internal mbed TLS
+     * implementation, so these tests are skipped in case the internal
+     * implementation is swapped out for an alternative one. */
    if( verbose != 0 )
        mbedtls_printf( "  ECJPAKE test #2 (reference handshake): " );

@ -1107,6 +1117,7 @@ int mbedtls_ecjpake_self_test( int verbose )

    if( verbose != 0 )
        mbedtls_printf( "passed\n" );
+#endif /* ! MBEDTLS_ECJPAKE_ALT */

 cleanup:
    mbedtls_ecjpake_free( &cli );