SPAKE2/SPAKE2+ password-authenticated key exchange for OCaml
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

ocaml-linkedin: apply dune fmt

Pure formatting changes from `dune fmt`: doc comment placement moves
from above the binding to below it for `type`s, multi-line `match`
expressions collapse onto one line where they fit, and infix operator
applications pick up spaces (`Soup.($?)` -> `Soup.( $? )`). No
semantic changes.

+37 -24
+30 -24
README.md
··· 21 21 22 22 ## Installation 23 23 24 + Install with opam: 25 + 26 + ```sh 27 + $ opam install spake2 24 28 ``` 25 - opam install spake2 29 + 30 + If opam cannot find the package, it may not yet be released in the public 31 + `opam-repository`. Add the overlay repository, then install it: 32 + 33 + ```sh 34 + $ opam repo add samoht https://tangled.org/gazagnaire.org/opam-overlay.git 35 + $ opam update 36 + $ opam install spake2 26 37 ``` 27 38 28 39 ## Usage ··· 30 41 ### SPAKE2 31 42 32 43 ```ocaml 33 - let password = "secret" in 44 + let password = "secret" 34 45 35 - (* Party A *) 36 - let state_a, msg_a = Spake2.init ~password `A in 37 - (* send msg_a to B, receive msg_b from B *) 38 - let key_a = Spake2.finish ~context:"myapp" state_a msg_b in 46 + (* Party A sends msg_a to B, receives msg_b from B *) 47 + let state_a, msg_a = Spake2.init ~password `A 39 48 40 - (* Party B *) 41 - let state_b, msg_b = Spake2.init ~password `B in 42 - (* send msg_b to A, receive msg_a from A *) 43 - let key_b = Spake2.finish ~context:"myapp" state_b msg_a in 49 + (* Party B sends msg_b to A, receives msg_a from A *) 50 + let state_b, msg_b = Spake2.init ~password `B 44 51 52 + let key_a = Spake2.finish ~context:"myapp" state_a msg_b 53 + let key_b = Spake2.finish ~context:"myapp" state_b msg_a 45 54 (* key_a = key_b *) 46 55 ``` 47 56 ··· 49 58 50 59 ```ocaml 51 60 (* Setup: derive verifier data from password *) 52 - let salt = Spake2.Plus.generate_salt () in 53 - let iterations = 1000 in 54 - let w0, w1 = Spake2.Plus.derive_w ~password ~salt ~iterations in 55 - let l = Spake2.Plus.compute_l ~w1 in 61 + let salt = Spake2.Plus.generate_salt () 62 + let iterations = 1000 63 + let w0, w1 = Spake2.Plus.derive_w ~password ~salt ~iterations 56 64 (* Server stores: w0, l, salt, iterations (NOT the password or w1) *) 65 + let l = Spake2.Plus.compute_l ~w1 57 66 58 - (* Protocol run *) 59 - let context = "myapp" in 60 - let prover_state, pa = Spake2.Plus.prover_init ~w0 ~w1 ~context in 61 - let verifier_state, pb = Spake2.Plus.verifier_init ~w0 ~l ~context in 67 + (* Protocol run: exchange pa and pb between prover and verifier *) 68 + let context = "myapp" 69 + let prover_state, pa = Spake2.Plus.prover_init ~w0 ~w1 ~context 70 + let verifier_state, pb = Spake2.Plus.verifier_init ~w0 ~l ~context 62 71 63 - (* Exchange pa and pb *) 64 - let Ok (ke_prover, ca, _) = Spake2.Plus.prover_finish prover_state pb in 65 - let Ok (ke_verifier, cb, _) = Spake2.Plus.verifier_finish verifier_state pa in 66 - 67 - (* ke_prover = ke_verifier *) 68 - (* ca and cb can be exchanged for key confirmation *) 72 + (* ke_prover = ke_verifier; ca and cb are exchanged for confirmation *) 73 + let Ok (ke_prover, ca, _) = Spake2.Plus.prover_finish prover_state pb 74 + let Ok (ke_verifier, cb, _) = Spake2.Plus.verifier_finish verifier_state pa 69 75 ``` 70 76 71 77 ## API
+4
dune
··· 1 1 (env 2 2 (dev 3 3 (flags :standard %{dune-warnings}))) 4 + 5 + (mdx 6 + (files README.md) 7 + (libraries spake2))
+2
dune-project
··· 1 1 (lang dune 3.21) 2 + (using mdx 0.4) 2 3 3 4 (name spake2) 4 5 ··· 29 30 (crypto-ec (>= 1.0.0)) 30 31 (logs (>= 0.7.0)) 31 32 (alcotest :with-test) 33 + (mdx :with-test) 32 34 (alcobar :with-test)))
+1
spake2.opam
··· 23 23 "crypto-ec" {>= "1.0.0"} 24 24 "logs" {>= "0.7.0"} 25 25 "alcotest" {with-test} 26 + "mdx" {with-test} 26 27 "alcobar" {with-test} 27 28 "odoc" {with-doc} 28 29 ]