gazagnaire.org / ocaml-spake2
SPAKE2/SPAKE2+ password-authenticated key exchange for OCaml
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

ocaml-spake2: update to use Dsa.Primitive instead of Point module

Thomas Gazagnaire a8066348 8a4d8664

+23 -20
+22 -19
lib/spake2.ml
··· 57 57 Uses mirage-crypto-ec for constant-time operations. *) 58 58 59 59 module P256 = struct 60 - module Ec = Crypto_ec.P256.Point 60 + module Dsa = Crypto_ec.P256.Dsa 61 61 62 62 (** The curve order for scalar arithmetic *) 63 63 let order = ··· 69 69 Z.of_string 70 70 "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff" 71 71 72 - type point = Ec.point 72 + type point = Dsa.pub 73 73 74 74 (** SPAKE2 M point in SEC1 uncompressed format *) 75 75 let m_bytes = ··· 80 80 "\x04\xd8\xbb\xd6\xc6\x39\xc6\x29\x37\xb0\x4d\x99\x7f\x38\xc3\x77\x07\x19\xc6\x29\xd7\x01\x4d\x49\xa2\x4b\x4f\x98\xba\xa1\x29\x2b\x49\x07\xd6\x0a\xa6\xbf\xad\xe4\x50\x08\xa6\x36\x33\x7f\x51\x68\xc6\x4d\x9b\xd3\x60\x34\x80\x8c\xd5\x64\x49\x0b\x1e\x65\x6e\xdb\xe7" 81 81 82 82 let m = 83 - match Ec.of_octets m_bytes with 83 + match Dsa.pub_of_octets m_bytes with 84 84 | Ok p -> p 85 85 | Error _ -> failwith "Invalid SPAKE2 M constant" 86 86 87 87 let n = 88 - match Ec.of_octets n_bytes with 88 + match Dsa.pub_of_octets n_bytes with 89 89 | Ok p -> p 90 90 | Error _ -> failwith "Invalid SPAKE2 N constant" 91 91 92 - let generator = Ec.generator 93 - let add = Ec.add 94 - let scalar_mult scalar pt = Ec.scalar_mult scalar pt 95 - let scalar_mult_base scalar = Ec.scalar_mult scalar Ec.generator 96 - let to_bytes pt = Ec.to_octets pt 92 + let generator = Dsa.Primitive.generator 93 + let add = Dsa.Primitive.add 94 + let scalar_mult scalar pt = Dsa.Primitive.scalar_mult scalar pt 95 + 96 + let scalar_mult_base scalar = 97 + Dsa.Primitive.scalar_mult scalar Dsa.Primitive.generator 98 + 99 + let to_bytes pt = Dsa.pub_to_octets pt 97 100 98 101 (** Negate a point: -P = (x, p - y). We parse the SEC1 encoding, negate the 99 102 y-coordinate, and re-encode. This is a single arithmetic operation, not 100 103 timing-sensitive. *) 101 104 let negate pt = 102 - let octets = Ec.to_octets pt in 105 + let octets = Dsa.pub_to_octets pt in 103 106 if String.length octets = 1 && octets.[0] = '\x00' then pt 104 107 else 105 108 let x_bytes = String.sub octets 1 32 in ··· 108 111 let neg_y = Z.sub prime y in 109 112 let neg_y_bytes = z_to_bytes32 neg_y in 110 113 let new_octets = "\x04" ^ x_bytes ^ neg_y_bytes in 111 - match Ec.of_octets new_octets with 114 + match Dsa.pub_of_octets new_octets with 112 115 | Ok p -> p 113 116 | Error _ -> failwith "negate: invalid result" 114 117 115 118 let err_ec e = Error (Fmt.str "%a" Crypto_ec.pp_error e) 116 119 117 120 let of_bytes s = 118 - match Ec.of_octets s with Ok p -> Ok p | Error e -> err_ec e 121 + match Dsa.pub_of_octets s with Ok p -> Ok p | Error e -> err_ec e 119 122 120 123 (** Convert a scalar represented as Z.t to the constant-time scalar type *) 121 124 let scalar_of_z z = 122 125 let z = Z.erem z order in 123 126 let z = if Z.lt z Z.zero then Z.add z order else z in 124 127 let bytes = z_to_bytes32 z in 125 - match Ec.scalar_of_octets bytes with 128 + match Dsa.priv_of_octets bytes with 126 129 | Ok s -> s 127 130 | Error _ -> ( 128 131 (* If scalar is 0, use 1 instead (edge case) *) 129 - match Ec.scalar_of_octets (z_to_bytes32 Z.one) with 132 + match Dsa.priv_of_octets (z_to_bytes32 Z.one) with 130 133 | Ok s -> s 131 134 | Error _ -> failwith "scalar_of_z: cannot create scalar") 132 135 ··· 134 137 let random_scalar () = 135 138 let rec try_generate () = 136 139 let bytes = Crypto_rng.generate 32 in 137 - match Ec.scalar_of_octets bytes with 140 + match Dsa.priv_of_octets bytes with 138 141 | Ok s -> s 139 142 | Error _ -> try_generate () 140 143 in ··· 145 148 146 149 type state = { 147 150 role : role; 148 - w : P256.Ec.scalar; 149 - scalar : P256.Ec.scalar; 151 + w : P256.Dsa.priv; 152 + scalar : P256.Dsa.priv; 150 153 my_share : string; 151 154 } 152 155 ··· 233 236 type prover_state = { 234 237 w0 : string; 235 238 w1 : string; 236 - x : P256.Ec.scalar; 239 + x : P256.Dsa.priv; 237 240 pa : string; 238 241 context : string; 239 242 } ··· 241 244 type verifier_state = { 242 245 w0 : string; 243 246 l : string; 244 - y : P256.Ec.scalar; 247 + y : P256.Dsa.priv; 245 248 pb : string; 246 249 context : string; 247 250 }
+1 -1
lib/spake2.mli
··· 95 95 96 96 (** {2 Types} *) 97 97 98 - type point = Crypto_ec.P256.Point.point 98 + type point = Crypto_ec.P256.Dsa.pub 99 99 (** Opaque point type from mirage-crypto-ec. *) 100 100 101 101 (** {2 Constants} *)