diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 4920508d7b..0c097b2322 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1562,7 +1562,6 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * been set (psa_pake_set_user() hasn't been * called yet). * \param[in] user_id The user ID to authenticate with. - * (temporary limitation: "client" or "server" only) * \param user_id_len Size of the \p user_id buffer in bytes. * * \retval #PSA_SUCCESS @@ -1604,7 +1603,6 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, * been set (psa_pake_set_peer() hasn't been * called yet). * \param[in] peer_id The peer's ID to authenticate. - * (temporary limitation: "client" or "server" only) * \param peer_id_len Size of the \p peer_id buffer in bytes. * * \retval #PSA_SUCCESS diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bc19ed07c7..540ae46afb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -90,10 +90,6 @@ #define BUILTIN_ALG_ANY_HKDF 1 #endif -/* The only two JPAKE user/peer identifiers supported for the time being. */ -static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; -static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; - /****************************************************************/ /* Global data, support functions and library management */ /****************************************************************/ @@ -7420,15 +7416,6 @@ psa_status_t psa_pake_set_user( goto exit; } - /* Allow only "client" or "server" values (temporary restriction). */ - if ((user_id_len != sizeof(jpake_server_id) || - memcmp(user_id, jpake_server_id, user_id_len) != 0) && - (user_id_len != sizeof(jpake_client_id) || - memcmp(user_id, jpake_client_id, user_id_len) != 0)) { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - operation->data.inputs.user = mbedtls_calloc(1, user_id_len); if (operation->data.inputs.user == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; @@ -7466,15 +7453,6 @@ psa_status_t psa_pake_set_peer( goto exit; } - /* Allow only "client" or "server" values (temporary restriction). */ - if ((peer_id_len != sizeof(jpake_server_id) || - memcmp(peer_id, jpake_server_id, peer_id_len) != 0) && - (peer_id_len != sizeof(jpake_client_id) || - memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len); if (operation->data.inputs.peer == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; @@ -7592,19 +7570,6 @@ static psa_status_t psa_pake_complete_inputs( if (inputs.user_len == 0 || inputs.peer_len == 0) { return PSA_ERROR_BAD_STATE; } - if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 && - memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) { - inputs.role = PSA_PAKE_ROLE_CLIENT; - } else - if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 && - memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) { - inputs.role = PSA_PAKE_ROLE_SERVER; - } - - if (inputs.role != PSA_PAKE_ROLE_CLIENT && - inputs.role != PSA_PAKE_ROLE_SERVER) { - return PSA_ERROR_NOT_SUPPORTED; - } } /* Clear driver context */