Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't self-test ECJPAKE ALT implementations against known entropy #4007

Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions library/ecjpake.c
Original file line number Diff line number Diff line change
Expand Up @@ -820,6 +820,8 @@ static const unsigned char ecjpake_test_password[] = {
0x65, 0x73, 0x74
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commit message: the commit message is too long and not rendered properly by GitHub.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

};

#if !defined(MBEDTLS_ECJPAKE_ALT)

chris-jones-arm marked this conversation as resolved.
Show resolved Hide resolved
static const unsigned char ecjpake_test_x1[] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
Expand Down Expand Up @@ -964,6 +966,8 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
return( ret );
}

#endif /* ! MBEDTLS_ECJPAKE_ALT */

/* For tests we don't need a secure RNG;
* use the LGC from Numerical Recipes for simplicity */
static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
Expand Down Expand Up @@ -1059,6 +1063,12 @@ int mbedtls_ecjpake_self_test( int verbose )
if( verbose != 0 )
mbedtls_printf( "passed\n" );

#if !defined(MBEDTLS_ECJPAKE_ALT)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a comment explaining why those tests are not relevant in the case of an alternative implementation of ECJPAKE.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

/* 'reference handshake' tests can only be run against implementations
* for which we have 100% control over how the random ephemeral keys
* are generated. This is only the case for the internal mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if( verbose != 0 )
mbedtls_printf( " ECJPAKE test #2 (reference handshake): " );

Expand Down Expand Up @@ -1107,6 +1117,7 @@ int mbedtls_ecjpake_self_test( int verbose )

if( verbose != 0 )
mbedtls_printf( "passed\n" );
#endif /* ! MBEDTLS_ECJPAKE_ALT */

cleanup:
mbedtls_ecjpake_free( &cli );
chris-jones-arm marked this conversation as resolved.
Show resolved Hide resolved
Expand Down