EC-JPAKE: remove limitation for user/peer (alow any value)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2025-01-26 12:35:20 +00:00 · 2023-03-21 16:48:22 +01:00 · 2023-03-21 16:48:22 +01:00 · 1f778bcfd8
commit 1f778bcfd8
parent 3543806026
2 changed files with 0 additions and 37 deletions
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@ -1562,7 +1562,6 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
 *                              been set (psa_pake_set_user() hasn't been
 *                              called yet).
 * \param[in] user_id           The user ID to authenticate with.
- *                              (temporary limitation: "client" or "server" only)
 * \param user_id_len           Size of the \p user_id buffer in bytes.
 *
 * \retval #PSA_SUCCESS
@ -1604,7 +1603,6 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation,
 *                              been set (psa_pake_set_peer() hasn't been
 *                              called yet).
 * \param[in] peer_id           The peer's ID to authenticate.
- *                              (temporary limitation: "client" or "server" only)
 * \param peer_id_len           Size of the \p peer_id buffer in bytes.
 *
 * \retval #PSA_SUCCESS
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -90,10 +90,6 @@
 #define BUILTIN_ALG_ANY_HKDF 1
 #endif

-/* The only two JPAKE user/peer identifiers supported for the time being. */
-static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
-static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
-
 /****************************************************************/
 /* Global data, support functions and library management */
 /****************************************************************/
@ -7420,15 +7416,6 @@ psa_status_t psa_pake_set_user(
        goto exit;
    }

-    /* Allow only "client" or "server" values (temporary restriction). */
-    if ((user_id_len != sizeof(jpake_server_id) ||
-         memcmp(user_id, jpake_server_id, user_id_len) != 0) &&
-        (user_id_len != sizeof(jpake_client_id) ||
-         memcmp(user_id, jpake_client_id, user_id_len) != 0)) {
-        status = PSA_ERROR_NOT_SUPPORTED;
-        goto exit;
-    }
-
    operation->data.inputs.user = mbedtls_calloc(1, user_id_len);
    if (operation->data.inputs.user == NULL) {
        status = PSA_ERROR_INSUFFICIENT_MEMORY;
@ -7466,15 +7453,6 @@ psa_status_t psa_pake_set_peer(
        goto exit;
    }

-    /* Allow only "client" or "server" values (temporary restriction). */
-    if ((peer_id_len != sizeof(jpake_server_id) ||
-         memcmp(peer_id, jpake_server_id, peer_id_len) != 0) &&
-        (peer_id_len != sizeof(jpake_client_id) ||
-         memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) {
-        status = PSA_ERROR_NOT_SUPPORTED;
-        goto exit;
-    }
-
    operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len);
    if (operation->data.inputs.peer == NULL) {
        status = PSA_ERROR_INSUFFICIENT_MEMORY;
@ -7592,19 +7570,6 @@ static psa_status_t psa_pake_complete_inputs(
        if (inputs.user_len == 0 || inputs.peer_len == 0) {
            return PSA_ERROR_BAD_STATE;
        }
-        if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 &&
-            memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) {
-            inputs.role = PSA_PAKE_ROLE_CLIENT;
-        } else
-        if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 &&
-            memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) {
-            inputs.role = PSA_PAKE_ROLE_SERVER;
-        }
-
-        if (inputs.role != PSA_PAKE_ROLE_CLIENT &&
-            inputs.role != PSA_PAKE_ROLE_SERVER) {
-            return PSA_ERROR_NOT_SUPPORTED;
-        }
    }

    /* Clear driver context */