psa_pake: add support for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index ea58661..5755208 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3860,6 +3860,26 @@
int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
const unsigned char *pw,
size_t pw_len );
+
+/**
+ * \brief Set the EC J-PAKE opaque password for current handshake.
+ *
+ * \note An internal copy is made, and destroyed as soon as the
+ * handshake is completed, or when the SSL context is reset or
+ * freed.
+ *
+ * \note The SSL context needs to be already set up. The right place
+ * to call this function is between \c mbedtls_ssl_setup() or
+ * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake().
+ * Password cannot be empty (see RFC 8236).
+ *
+ * \param ssl SSL context
+ * \param pwd EC J-PAKE opaque password
+ *
+ * \return 0 on success, or a negative error code.
+ */
+int mbedtls_ssl_set_hs_ecjpake_password_opaque( mbedtls_ssl_context *ssl,
+ mbedtls_svc_key_id_t pwd );
#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)