From 18cd6c908ccb4db980db1005236f58a38e122d7b Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 6 Mar 2023 15:40:35 +0100
Subject: [PATCH] Use local macros for j-pake slient/server strings

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 include/psa/crypto_extra.h                    |  3 ---
 library/psa_crypto.c                          | 20 +++++++++++-------
 library/ssl_tls.c                             | 20 +++++++++++-------
 ..._suite_psa_crypto_driver_wrappers.function | 21 ++++++++++++-------
 .../test_suite_psa_crypto_pake.function       | 20 +++++++++++-------
 5 files changed, 49 insertions(+), 35 deletions(-)

diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index ea3cfd8598..ba43c72076 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -434,9 +434,6 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
 #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1
 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2
 
-/** JPAKE user/peer ids. */
-#define PSA_JPAKE_SERVER_ID "server"
-#define PSA_JPAKE_CLIENT_ID "client"
 /**
  * \brief Set domain parameters for a key.
  *
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d21a823ed3..dea2a365a3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -91,6 +91,10 @@
 #define BUILTIN_ALG_ANY_HKDF 1
 #endif
 
+/* JPAKE user/peer ids. */
+#define JPAKE_SERVER_ID "server"
+#define JPAKE_CLIENT_ID "client"
+
 /****************************************************************/
 /* Global data, support functions and library management */
 /****************************************************************/
@@ -7402,8 +7406,8 @@ psa_status_t psa_pake_set_user(
     }
 
     /* Allow only "client" or "server" values (temporary restriction). */
-    if (memcmp(peer_id, PSA_JPAKE_SERVER_ID, peer_id_len) != 0 &&
-        memcmp(peer_id, PSA_JPAKE_CLIENT_ID, peer_id_len) != 0) {
+    if (memcmp(user_id, JPAKE_SERVER_ID, user_id_len) != 0 &&
+        memcmp(user_id, JPAKE_CLIENT_ID, user_id_len) != 0) {
         status = PSA_ERROR_NOT_SUPPORTED;
         goto exit;
     }
@@ -7446,8 +7450,8 @@ psa_status_t psa_pake_set_peer(
     }
 
     /* Allow only "client" or "server" values (temporary restriction). */
-    if (memcmp(user_id, PSA_JPAKE_SERVER_ID, user_id_len) != 0 &&
-        memcmp(user_id, PSA_JPAKE_CLIENT_ID, user_id_len) != 0) {
+    if (memcmp(peer_id, JPAKE_SERVER_ID, peer_id_len) != 0 &&
+        memcmp(peer_id, JPAKE_CLIENT_ID, peer_id_len) != 0) {
         status = PSA_ERROR_NOT_SUPPORTED;
         goto exit;
     }
@@ -7568,12 +7572,12 @@ static psa_status_t psa_pake_complete_inputs(
     }
 
     if (operation->alg == PSA_ALG_JPAKE) {
-        if (memcmp(inputs.user, PSA_JPAKE_CLIENT_ID, inputs.user_len) == 0 &&
-            memcmp(inputs.peer, PSA_JPAKE_SERVER_ID, inputs.peer_len) == 0) {
+        if (memcmp(inputs.user, JPAKE_CLIENT_ID, inputs.user_len) == 0 &&
+            memcmp(inputs.peer, JPAKE_SERVER_ID, inputs.peer_len) == 0) {
             inputs.role = PSA_PAKE_ROLE_CLIENT;
         } else
-        if (memcmp(inputs.user, PSA_JPAKE_SERVER_ID, inputs.user_len) == 0 &&
-            memcmp(inputs.peer, PSA_JPAKE_CLIENT_ID, inputs.peer_len) == 0) {
+        if (memcmp(inputs.user, JPAKE_SERVER_ID, inputs.user_len) == 0 &&
+            memcmp(inputs.peer, JPAKE_CLIENT_ID, inputs.peer_len) == 0) {
             inputs.role = PSA_PAKE_ROLE_SERVER;
         }
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2d5d52911e..4a351f320b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -61,6 +61,10 @@
                                                       psa_generic_status_to_mbedtls)
 #endif
 
+/* JPAKE user/peer ids. */
+#define JPAKE_SERVER_ID "server"
+#define JPAKE_CLIENT_ID "client"
+
 #if defined(MBEDTLS_TEST_HOOKS)
 static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
 
@@ -1972,15 +1976,15 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
     }
 
     if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
-        user = (uint8_t *) PSA_JPAKE_SERVER_ID;
-        user_len = strlen(PSA_JPAKE_SERVER_ID);
-        peer = (uint8_t *) PSA_JPAKE_CLIENT_ID;
-        peer_len = strlen(PSA_JPAKE_CLIENT_ID);
+        user = (uint8_t *) JPAKE_SERVER_ID;
+        user_len = strlen(JPAKE_SERVER_ID);
+        peer = (uint8_t *) JPAKE_CLIENT_ID;
+        peer_len = strlen(JPAKE_CLIENT_ID);
     } else {
-        user = (uint8_t *) PSA_JPAKE_CLIENT_ID;
-        user_len = strlen(PSA_JPAKE_CLIENT_ID);
-        peer = (uint8_t *) PSA_JPAKE_SERVER_ID;
-        peer_len = strlen(PSA_JPAKE_SERVER_ID);
+        user = (uint8_t *) JPAKE_CLIENT_ID;
+        user_len = strlen(JPAKE_CLIENT_ID);
+        peer = (uint8_t *) JPAKE_SERVER_ID;
+        peer_len = strlen(JPAKE_SERVER_ID);
     }
 
     status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len);
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index cb5d202a24..c235ff6e7d 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -5,6 +5,11 @@
    Global to silent the compiler when unused. */
 size_t pake_expected_hit_count = 0;
 int pake_in_driver = 0;
+
+/* JPAKE user/peer ids. */
+#define JPAKE_SERVER_ID "server"
+#define JPAKE_CLIENT_ID "client"
+
 #if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
     defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
 static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
@@ -2994,10 +2999,10 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st
         PSA_ECC_FAMILY_SECP_R1, 256);
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     unsigned char *input_buffer = NULL;
-    const uint8_t server_id[] = PSA_JPAKE_SERVER_ID;
-    const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID;
-    const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID);
-    const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID);
+    const uint8_t server_id[] = JPAKE_SERVER_ID;
+    const uint8_t client_id[] = JPAKE_CLIENT_ID;
+    const size_t server_id_len = strlen(JPAKE_SERVER_ID);
+    const size_t client_id_len = strlen(JPAKE_CLIENT_ID);
     const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive,
                                                       PSA_PAKE_STEP_KEY_SHARE);
     unsigned char *output_buffer = NULL;
@@ -3188,10 +3193,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg,
         PSA_KEY_DERIVATION_OPERATION_INIT;
     psa_key_derivation_operation_t client_derive =
         PSA_KEY_DERIVATION_OPERATION_INIT;
-    const uint8_t server_id[] = PSA_JPAKE_SERVER_ID;
-    const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID;
-    const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID);
-    const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID);
+    const uint8_t server_id[] = JPAKE_SERVER_ID;
+    const uint8_t client_id[] = JPAKE_CLIENT_ID;
+    const size_t server_id_len = strlen(JPAKE_SERVER_ID);
+    const size_t client_id_len = strlen(JPAKE_CLIENT_ID);
     pake_in_driver = in_driver;
     /* driver setup is called indirectly through pake_output/pake_input */
     if (pake_in_driver) {
diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function
index 8df28f7b72..d8b1035a76 100644
--- a/tests/suites/test_suite_psa_crypto_pake.function
+++ b/tests/suites/test_suite_psa_crypto_pake.function
@@ -53,6 +53,10 @@ typedef enum {
     PAKE_ROUND_TWO
 } pake_round_t;
 
+/* JPAKE user/peer ids. */
+#define JPAKE_SERVER_ID "server"
+#define JPAKE_CLIENT_ID "client"
+
 /*
  * Inject an error on the specified buffer ONLY it this is the correct stage.
  * Offset 7 is arbitrary, but chosen because it's "in the middle" of the part
@@ -733,10 +737,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg,
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     ecjpake_error_stage_t err_stage = err_stage_arg;
-    const uint8_t server_id[] = PSA_JPAKE_SERVER_ID;
-    const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID;
-    const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID);
-    const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID);
+    const uint8_t server_id[] = JPAKE_SERVER_ID;
+    const uint8_t client_id[] = JPAKE_CLIENT_ID;
+    const size_t server_id_len = strlen(JPAKE_SERVER_ID);
+    const size_t client_id_len = strlen(JPAKE_CLIENT_ID);
 
     PSA_INIT();
 
@@ -801,10 +805,10 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg,
     psa_key_derivation_operation_t client_derive =
         PSA_KEY_DERIVATION_OPERATION_INIT;
     ecjpake_error_stage_t err_stage = err_stage_arg;
-    const uint8_t server_id[] = PSA_JPAKE_SERVER_ID;
-    const uint8_t client_id[] = PSA_JPAKE_CLIENT_ID;
-    const size_t server_id_len = strlen(PSA_JPAKE_SERVER_ID);
-    const size_t client_id_len = strlen(PSA_JPAKE_CLIENT_ID);
+    const uint8_t server_id[] = JPAKE_SERVER_ID;
+    const uint8_t client_id[] = JPAKE_CLIENT_ID;
+    const size_t server_id_len = strlen(JPAKE_SERVER_ID);
+    const size_t client_id_len = strlen(JPAKE_CLIENT_ID);
 
     PSA_INIT();