SPAKE2/SPAKE2+ password-authenticated key exchange for OCaml
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Regenerate root files

+28 -22
+4
lib/dune
··· 10 10 nox-crypto-rng 11 11 nox-crypto-ec 12 12 logs)) 13 + 14 + (mdx 15 + (files spake2.mli) 16 + (libraries spake2 nox-crypto-rng.unix))
+24 -22
lib/spake2.mli
··· 50 50 {2 SPAKE2 Example} 51 51 52 52 {[ 53 - let password = "secret" in 54 - 55 - (* Party A *) 56 - let state_a, msg_a = Spake2.init ~password `A in 57 - (* send msg_a to B, receive msg_b from B *) 58 - let key_a = Spake2.finish ~context:"myapp" state_a msg_b in 59 - 60 - (* Party B *) 61 - let state_b, msg_b = Spake2.init ~password `B in 62 - (* send msg_b to A, receive msg_a from A *) 63 - let key_b = Spake2.finish ~context:"myapp" state_b msg_a in 64 - 65 - (* key_a = key_b *) 53 + let () = Crypto_rng_unix.use_default () 54 + let password = "secret" 55 + let context = "myapp" 56 + let state_a, msg_a = Spake2.init ~password `A 57 + let state_b, msg_b = Spake2.init ~password `B 58 + let key_a = Spake2.finish ~context state_a msg_b 59 + let key_b = Spake2.finish ~context state_b msg_a 60 + let () = assert (key_a = key_b) 66 61 ]} 67 62 68 63 {2 SPAKE2+ Example} 69 64 70 65 {[ 71 - (* Setup: derive verifier data from password *) 72 - let w0, w1 = Spake2.Plus.derive_w ~password ~salt ~iterations in 73 - let l = Spake2.Plus.compute_l ~w1 in 74 - (* Server stores: w0, l (NOT the password or w1) *) 66 + let () = Crypto_rng_unix.use_default () 75 67 76 - (* Protocol run *) 77 - let prover_state, pa = Spake2.Plus.prover_init ~w0 ~w1 ~context in 78 - let verifier_state, pb = Spake2.Plus.verifier_init ~w0 ~l ~context in 68 + (* Setup: derive verifier data from password. Server only stores w0, l. *) 69 + let w0, w1 = 70 + Spake2.Plus.derive_w ~password:"secret" ~salt:"server-salt" 71 + ~iterations:1000 72 + 73 + let l = Spake2.Plus.compute_l ~w1 74 + let context = "myapp" 75 + let prover_state, pa = Spake2.Plus.prover_init ~w0 ~w1 ~context 76 + let verifier_state, pb = Spake2.Plus.verifier_init ~w0 ~l ~context 77 + let prover_result = Spake2.Plus.prover_finish prover_state pb 78 + let verifier_result = Spake2.Plus.verifier_finish verifier_state pa 79 79 80 - let prover_result = Spake2.Plus.prover_finish prover_state pb in 81 - let verifier_result = Spake2.Plus.verifier_finish verifier_state pa in 80 + let () = 81 + match (prover_result, verifier_result) with 82 + | Ok (k_p, _, _), Ok (k_v, _, _) -> assert (k_p = k_v) 83 + | _ -> assert false 82 84 ]} *) 83 85 84 86 (** {1 Types} *)