ocaml-spake2: rewrite README examples to typecheck and seed RNG

[Spake2.finish] returns [(string, string) result] and SPAKE2+ uses
[(string, string, string) result] tuples — both flows used the
[Ok ...] result as bare bytes. Pattern-match each, [assert]
[String.equal] on the derived keys. Re-bind [password] in the
SPAKE2+ block since mdx blocks don't share state across sections.
Initialise [Crypto_rng_unix] at the top of the SPAKE2 block (and add
[nox-crypto-rng.unix] to the mdx libs) so [Spake2.init] doesn't
raise [Crypto_rng: no default generator].

Thomas Gazagnaire 3 weeks ago 66888495 255043f2

+24 -12

2 changed files

expand all

ocaml-spake2

README.md

dune

+23 -11

ocaml-spake2/README.md

··· 43 43 ### SPAKE2 44 44 45 45 ```ocaml 46 + let () = Crypto_rng_unix.use_default () 47 + 46 48 let password = "secret" 47 49 48 - (* Party A sends msg_a to B, receives msg_b from B *) 50 + (* Party A sends msg_a to B, receives msg_b from B. *) 49 51 let state_a, msg_a = Spake2.init ~password `A 50 52 51 - (* Party B sends msg_b to A, receives msg_a from A *) 53 + (* Party B sends msg_b to A, receives msg_a from A. *) 52 54 let state_b, msg_b = Spake2.init ~password `B 53 55 54 - let key_a = Spake2.finish ~context:"myapp" state_a msg_b 55 - let key_b = Spake2.finish ~context:"myapp" state_b msg_a 56 - (* key_a = key_b *) 56 + let () = 57 + match 58 + ( Spake2.finish ~context:"myapp" state_a msg_b, 59 + Spake2.finish ~context:"myapp" state_b msg_a ) 60 + with 61 + | Ok key_a, Ok key_b -> assert (String.equal key_a key_b) 62 + | _ -> failwith "finish failed" 57 63 ``` 58 64 59 65 ### SPAKE2+ 60 66 61 67 ```ocaml 62 - (* Setup: derive verifier data from password *) 68 + let password = "secret" 69 + 70 + (* Setup: derive verifier data from password. *) 63 71 let salt = Spake2.Plus.generate_salt () 64 72 let iterations = 1000 65 73 let w0, w1 = Spake2.Plus.derive_w ~password ~salt ~iterations 66 - (* Server stores: w0, l, salt, iterations (NOT the password or w1) *) 67 74 let l = Spake2.Plus.compute_l ~w1 68 75 69 - (* Protocol run: exchange pa and pb between prover and verifier *) 76 + (* Protocol run: exchange pa and pb between prover and verifier. *) 70 77 let context = "myapp" 71 78 let prover_state, pa = Spake2.Plus.prover_init ~w0 ~w1 ~context 72 79 let verifier_state, pb = Spake2.Plus.verifier_init ~w0 ~l ~context 73 80 74 - (* ke_prover = ke_verifier; ca and cb are exchanged for confirmation *) 75 - let Ok (ke_prover, ca, _) = Spake2.Plus.prover_finish prover_state pb 76 - let Ok (ke_verifier, cb, _) = Spake2.Plus.verifier_finish verifier_state pa 81 + let () = 82 + match 83 + ( Spake2.Plus.prover_finish prover_state pb, 84 + Spake2.Plus.verifier_finish verifier_state pa ) 85 + with 86 + | Ok (ke_prover, _ca, _), Ok (ke_verifier, _cb, _) -> 87 + assert (String.equal ke_prover ke_verifier) 88 + | _ -> failwith "spake2+ exchange failed" 77 89 ``` 78 90 79 91 ## API

+1 -1

ocaml-spake2/dune

··· 4 4 5 5 (mdx 6 6 (files README.md) 7 - (libraries spake2)) 7 + (libraries spake2 nox-crypto-rng.unix))

Configure Feed

Configure Feed