diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 2207ad9f6..ba0a70219 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -30,10 +30,16 @@ extern "C" { #endif +typedef enum { + MBEDTLS_ECJPAKE_CLIENT, + MBEDTLS_ECJPAKE_SERVER, +} mbedtls_ecjpake_role; + typedef struct { const mbedtls_md_info_t *md_info; /**< Hash to use */ mbedtls_ecp_group grp; /**< Elliptic curve */ + mbedtls_ecjpake_role role; /**< Are we client or server? */ mbedtls_ecp_point X1; /**< Public key one */ mbedtls_ecp_point X2; /**< Public key two */ @@ -62,6 +68,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1. * * \param ctx context to set up + * \param role Our role: client or server * \param hash hash function to use (MBEDTLS_MD_XXX) * \param curve elliptic curve identifier (MBEDTLS_ECP_DP_XXX) * \param secret shared secret @@ -71,6 +78,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * a negative error code otherwise */ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, + mbedtls_ecjpake_role role, mbedtls_md_type_t hash, mbedtls_ecp_group_id curve, const unsigned char *secret, diff --git a/library/ecjpake.c b/library/ecjpake.c index dffab222e..651d3e73b 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -84,6 +84,7 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ) * Setup context */ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, + mbedtls_ecjpake_role role, mbedtls_md_type_t hash, mbedtls_ecp_group_id curve, const unsigned char *secret, @@ -91,6 +92,8 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, { int ret; + ctx->role = role; + if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL ) return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); @@ -932,12 +935,12 @@ int mbedtls_ecjpake_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " ECJPAKE test #0 (setup): " ); - TEST_ASSERT( mbedtls_ecjpake_setup( &cli, + TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, ecjpake_test_password, sizeof( ecjpake_test_password ) ) == 0 ); - TEST_ASSERT( mbedtls_ecjpake_setup( &srv, + TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, ecjpake_test_password, sizeof( ecjpake_test_password ) ) == 0 );