From 4cd20313fe473ac5f9ba5e321380c6d21117a89b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 1 Mar 2023 11:11:28 +0100 Subject: [PATCH] Use user/peer instead role in jpake TLS code Signed-off-by: Przemek Stekiel --- library/ssl_tls.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5d8a761db..2d5d52911 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1954,9 +1954,11 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( mbedtls_svc_key_id_t pwd) { psa_status_t status; - psa_pake_role_t psa_role; psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - + uint8_t *user = NULL; + size_t user_len = 0; + uint8_t *peer = NULL; + size_t peer_len = 0; psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); psa_pake_cs_set_primitive(&cipher_suite, PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, @@ -1970,12 +1972,23 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( } if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - psa_role = PSA_PAKE_ROLE_SERVER; + user = (uint8_t *) PSA_JPAKE_SERVER_ID; + user_len = strlen(PSA_JPAKE_SERVER_ID); + peer = (uint8_t *) PSA_JPAKE_CLIENT_ID; + peer_len = strlen(PSA_JPAKE_CLIENT_ID); } else { - psa_role = PSA_PAKE_ROLE_CLIENT; + user = (uint8_t *) PSA_JPAKE_CLIENT_ID; + user_len = strlen(PSA_JPAKE_CLIENT_ID); + peer = (uint8_t *) PSA_JPAKE_SERVER_ID; + peer_len = strlen(PSA_JPAKE_SERVER_ID); } - status = psa_pake_set_role(&ssl->handshake->psa_pake_ctx, psa_role); + status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, user_len); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, peer_len); if (status != PSA_SUCCESS) { return status; }