EC-JPAKE: remove limitation for user/peer (alow any value)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 4920508..0c097b2 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -1562,7 +1562,6 @@
* been set (psa_pake_set_user() hasn't been
* called yet).
* \param[in] user_id The user ID to authenticate with.
- * (temporary limitation: "client" or "server" only)
* \param user_id_len Size of the \p user_id buffer in bytes.
*
* \retval #PSA_SUCCESS
@@ -1604,7 +1603,6 @@
* been set (psa_pake_set_peer() hasn't been
* called yet).
* \param[in] peer_id The peer's ID to authenticate.
- * (temporary limitation: "client" or "server" only)
* \param peer_id_len Size of the \p peer_id buffer in bytes.
*
* \retval #PSA_SUCCESS
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index bc19ed0..540ae46 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -90,10 +90,6 @@
#define BUILTIN_ALG_ANY_HKDF 1
#endif
-/* The only two JPAKE user/peer identifiers supported for the time being. */
-static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
-static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
-
/****************************************************************/
/* Global data, support functions and library management */
/****************************************************************/
@@ -7420,15 +7416,6 @@
goto exit;
}
- /* Allow only "client" or "server" values (temporary restriction). */
- if ((user_id_len != sizeof(jpake_server_id) ||
- memcmp(user_id, jpake_server_id, user_id_len) != 0) &&
- (user_id_len != sizeof(jpake_client_id) ||
- memcmp(user_id, jpake_client_id, user_id_len) != 0)) {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
-
operation->data.inputs.user = mbedtls_calloc(1, user_id_len);
if (operation->data.inputs.user == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
@@ -7466,15 +7453,6 @@
goto exit;
}
- /* Allow only "client" or "server" values (temporary restriction). */
- if ((peer_id_len != sizeof(jpake_server_id) ||
- memcmp(peer_id, jpake_server_id, peer_id_len) != 0) &&
- (peer_id_len != sizeof(jpake_client_id) ||
- memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
-
operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len);
if (operation->data.inputs.peer == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
@@ -7592,19 +7570,6 @@
if (inputs.user_len == 0 || inputs.peer_len == 0) {
return PSA_ERROR_BAD_STATE;
}
- if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 &&
- memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) {
- inputs.role = PSA_PAKE_ROLE_CLIENT;
- } else
- if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 &&
- memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) {
- inputs.role = PSA_PAKE_ROLE_SERVER;
- }
-
- if (inputs.role != PSA_PAKE_ROLE_CLIENT &&
- inputs.role != PSA_PAKE_ROLE_SERVER) {
- return PSA_ERROR_NOT_SUPPORTED;
- }
}
/* Clear driver context */