Code optimizations and documentation fixes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 767dbfc..b875412 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -91,9 +91,9 @@
#define BUILTIN_ALG_ANY_HKDF 1
#endif
-/* JPAKE user/peer ids. */
-#define JPAKE_SERVER_ID "server"
-#define JPAKE_CLIENT_ID "client"
+/* The only two JPAKE user/peer identifiers supported for the time being. */
+static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
+static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
/****************************************************************/
/* Global data, support functions and library management */
@@ -7406,8 +7406,10 @@
}
/* Allow only "client" or "server" values (temporary restriction). */
- if (memcmp(user_id, JPAKE_SERVER_ID, user_id_len) != 0 &&
- memcmp(user_id, JPAKE_CLIENT_ID, user_id_len) != 0) {
+ if ((user_id_len != sizeof(jpake_server_id) ||
+ memcmp(user_id, jpake_server_id, user_id_len) != 0) &&
+ (user_id_len != sizeof(jpake_client_id) ||
+ memcmp(user_id, jpake_client_id, user_id_len) != 0)) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
@@ -7450,8 +7452,10 @@
}
/* Allow only "client" or "server" values (temporary restriction). */
- if (memcmp(peer_id, JPAKE_SERVER_ID, peer_id_len) != 0 &&
- memcmp(peer_id, JPAKE_CLIENT_ID, peer_id_len) != 0) {
+ if ((peer_id_len != sizeof(jpake_server_id) ||
+ memcmp(peer_id, jpake_server_id, peer_id_len) != 0) &&
+ (peer_id_len != sizeof(jpake_client_id) ||
+ memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) {
status = PSA_ERROR_NOT_SUPPORTED;
goto exit;
}
@@ -7565,19 +7569,20 @@
with the driver context which will be setup by the driver. */
psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs;
- if (inputs.password_len == 0 ||
- inputs.user_len == 0 ||
- inputs.peer_len == 0) {
+ if (inputs.password_len == 0) {
return PSA_ERROR_BAD_STATE;
}
if (operation->alg == PSA_ALG_JPAKE) {
- if (memcmp(inputs.user, JPAKE_CLIENT_ID, inputs.user_len) == 0 &&
- memcmp(inputs.peer, JPAKE_SERVER_ID, inputs.peer_len) == 0) {
+ if (inputs.user_len == 0 || inputs.peer_len == 0) {
+ return PSA_ERROR_BAD_STATE;
+ }
+ if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 &&
+ memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) {
inputs.role = PSA_PAKE_ROLE_CLIENT;
} else
- if (memcmp(inputs.user, JPAKE_SERVER_ID, inputs.user_len) == 0 &&
- memcmp(inputs.peer, JPAKE_CLIENT_ID, inputs.peer_len) == 0) {
+ if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 &&
+ memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) {
inputs.role = PSA_PAKE_ROLE_SERVER;
}
@@ -7599,8 +7604,6 @@
/* User and peer are translated to role. */
mbedtls_free(inputs.user);
mbedtls_free(inputs.peer);
- inputs.user = NULL; inputs.user_len = 0;
- inputs.peer = NULL; inputs.peer_len = 0;
if (status == PSA_SUCCESS) {
#if defined(PSA_WANT_ALG_JPAKE)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4a351f3..f43bb73 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -61,10 +61,6 @@
psa_generic_status_to_mbedtls)
#endif
-/* JPAKE user/peer ids. */
-#define JPAKE_SERVER_ID "server"
-#define JPAKE_CLIENT_ID "client"
-
#if defined(MBEDTLS_TEST_HOOKS)
static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
@@ -1953,15 +1949,19 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/* The only two JPAKE user/peer identifiers supported for the time being. */
+static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
+static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
+
static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
mbedtls_ssl_context *ssl,
mbedtls_svc_key_id_t pwd)
{
psa_status_t status;
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
- uint8_t *user = NULL;
+ const uint8_t *user = NULL;
size_t user_len = 0;
- uint8_t *peer = NULL;
+ const uint8_t *peer = NULL;
size_t peer_len = 0;
psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE);
psa_pake_cs_set_primitive(&cipher_suite,
@@ -1976,15 +1976,15 @@
}
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
- user = (uint8_t *) JPAKE_SERVER_ID;
- user_len = strlen(JPAKE_SERVER_ID);
- peer = (uint8_t *) JPAKE_CLIENT_ID;
- peer_len = strlen(JPAKE_CLIENT_ID);
+ user = jpake_server_id;
+ user_len = sizeof(jpake_server_id);
+ peer = jpake_client_id;
+ peer_len = sizeof(jpake_client_id);
} else {
- user = (uint8_t *) JPAKE_CLIENT_ID;
- user_len = strlen(JPAKE_CLIENT_ID);
- peer = (uint8_t *) JPAKE_SERVER_ID;
- peer_len = strlen(JPAKE_SERVER_ID);
+ user = jpake_client_id;
+ user_len = sizeof(jpake_client_id);
+ peer = jpake_server_id;
+ peer_len = sizeof(jpake_server_id);
}
status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len);