spake2

package module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2025 License: MIT Imports: 10 Imported by: 1

README

SPAKE2

GoDoc Build Status

A Go implementation of the SPAKE2 password-authenticated key exchange protocol.

Overview

SPAKE2 is a secure, password-authenticated key exchange protocol that allows two parties to establish a shared secret key based on a low-entropy password without revealing the password to an eavesdropper. This implementation provides both client and server components for the SPAKE2 protocol.

⚠️ Security Warning: While this implementation has been tested against the official RFC 9382 test vectors for correctness, it has not undergone formal security review or audit for vulnerabilities. Use at your own risk in production environments. Consider having the code reviewed by security experts before deploying in security-critical applications.

Features

  • Implements the SPAKE2 protocol as described in RFC 9382.
  • Tested against the test vectors provided in the RFC.

Installation

To use this package in your Go project, you can install it using go get:

go get github.com/backkem/spake2-go

Usage

Here's a basic example of how to use the SPAKE2 package:

package main

import (
	"fmt"
	"github.com/backkem/spake2-go"
)

func main() {
	password := []byte("shared-password")

	// Create client and server instances
	client := spake2.NewClient(password, nil)
	server := spake2.NewServer(password, nil)

	// Client starts the protocol
	clientMsg, err := client.Start()
	if err != nil {
		panic(err)
	}

	// Server processes client's message
	serverMsg, err := server.Exchange(clientMsg)
	if err != nil {
		panic(err)
	}

	// Client processes server's message
	clientConfirm, err := client.Finish(serverMsg)
	if err != nil {
		panic(err)
	}

	// Server confirms client's message
	serverConfirm, err := server.Confirm(clientConfirm)
	if err != nil {
		panic(err)
	}

	// Client verifies server's confirmation
	err = client.Verify(serverConfirm)
	if err != nil {
		panic(err)
	}

	// Both parties can now access the shared key
	clientKey, _ := client.SharedKey()
	serverKey, _ := server.SharedKey()

	fmt.Printf("Client Shared Key: %x\n", clientKey)
	fmt.Printf("Server Shared Key: %x\n", serverKey)
}

Protocol Flow

Below is a simplified flow of the SPAKE2 protocol exchange between client and server:

sequenceDiagram
    participant C as Client
    participant S as Server
    C->>S: Start (Client Message)
    S->>C: Exchange (Server Message)
    C->>S: Finish (Client Confirm)
    S->>C: Confirm (Server Confirm)
    C->>C: Verify
    Note over C,S: Shared Key Established

Documentation

Full documentation is available on GoDoc.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Documentation

Index

Constants

View Source 
const (
	P256_M_HEX = "02886e2f97ace46e55ba9dd7242579f2993b64e16ef3dcab95afd497333d8fa12f"
	P256_N_HEX = "03d8bbd6c639c62937b04d997f38c3770719c629d7014d49a24b4f98baa1292b49"
)
View Source 
const (
	// DefaultKeySize is the default key size for derived keys
	DefaultKeySize = 32

	// ProtocolRoleClient represents the "A" role in the SPAKE2 protocol
	ProtocolRoleClient = "A"

	// ProtocolRoleServer represents the "B" role in the SPAKE2 protocol
	ProtocolRoleServer = "B"
)

Variables

View Source 
var (
	// ErrInvalidMessage indicates that the received message is invalid
	ErrInvalidMessage = errors.New("invalid message format")

	// ErrInvalidConfirmation indicates that the confirmation message is invalid
	ErrInvalidConfirmation = errors.New("invalid confirmation message")

	// ErrProtocolIncomplete indicates that the protocol is not completed yet
	ErrProtocolIncomplete = errors.New("protocol not completed")

	// ErrPasswordMismatch indicates that the calculated shared secret doesn't match
	ErrPasswordMismatch = errors.New("password mismatch")
)

Functions

This section is empty.

Types

type Ciphersuite 

type Ciphersuite struct {
	// Hash function used in the protocol
	Hash func() hash.Hash

	// Group specific operations
	Group crypto.Group

	// Key derivation function
	KDF func(ikm, salt, info []byte, l int) []byte

	// Message authentication code
	MAC func(key, message []byte) []byte
}

Ciphersuite represents a complete set of algorithms for the SPAKE2 protocol

func DefaultCiphersuite 

func DefaultCiphersuite() *Ciphersuite

DefaultCiphersuite returns the default ciphersuite using P256 curve and SHA256

type Options 

type Options struct {
	// The ciphersuite to use
	Ciphersuite *Ciphersuite

	// Identity of party A (client)
	IdentityA []byte

	// Identity of party B (server)
	IdentityB []byte

	// Additional authenticated data
	AAD []byte

	// Whether to use the symmetric variant with M=N
	SymmetricMode bool
	// contains filtered or unexported fields
}

Options represents configuration options for SPAKE2 protocol

func DefaultOptions 

func DefaultOptions() *Options

DefaultOptions returns the default options for SPAKE2

type SPAKE2 

type SPAKE2 struct {
	// contains filtered or unexported fields
}

SPAKE2 implements the SPAKE2 password-authenticated key exchange protocol

func NewClient 

func NewClient(password []byte, options *Options) *SPAKE2

NewClient creates a new SPAKE2 client (party A)

func NewServer 

func NewServer(password []byte, options *Options) *SPAKE2

NewServer creates a new SPAKE2 server (party B)

func (*SPAKE2) Confirm 

func (s *SPAKE2) Confirm(clientConfirmation []byte) ([]byte, error)

Confirm processes the client's confirmation message and returns the server's confirmation

func (*SPAKE2) Exchange 

func (s *SPAKE2) Exchange(clientMessage []byte) ([]byte, error)

Exchange processes the client's message and generates the server's response

func (*SPAKE2) Finish 

func (s *SPAKE2) Finish(serverMessage []byte) ([]byte, error)

Finish processes the server's message for the client and returns the confirmation message

func (*SPAKE2) SharedKey 

func (s *SPAKE2) SharedKey() ([]byte, error)

SharedKey returns the derived shared key

func (*SPAKE2) Start 

func (s *SPAKE2) Start() ([]byte, error)

Start initiates the protocol for the client (A) and returns the first message

func (*SPAKE2) Verify 

func (s *SPAKE2) Verify(serverConfirmation []byte) error

Verify verifies the server's confirmation message for the client

type State 

type State int

State represents the protocol state 

const (
	// StateInitial is the initial state
	StateInitial State = iota

	// StateStarted means the first message has been sent/received
	StateStarted

	// StateFinished means all messages have been processed
	StateFinished

	// StateConfirmed means key confirmation has been performed
	StateConfirmed
)

type Transcript 

type Transcript struct {
	IdentityA []byte
	IdentityB []byte
	MessageA  []byte
	MessageB  []byte
	K         []byte
	Password  []byte
	AAD       []byte
}

Transcript represents the protocol transcript used to derive keys

func NewTranscript 

func NewTranscript(identityA, identityB, messageA, messageB, k []byte, password []byte, aad []byte) *Transcript

NewTranscript creates a new protocol transcript

func (*Transcript) Bytes 

func (t *Transcript) Bytes() []byte

Bytes returns the byte representation of the transcript as specified in RFC 9382 

 TT = len(A)  || A
	|| len(B)  || B
	|| len(pA) || pA
	|| len(pB) || pB
	|| len(K)  || K
	|| len(w)  || w

Source Files

View all Source files

Directories

Path Synopsis
internal
crypto
Package spake2 implements the SPAKE2 password-authenticated key exchange protocol as defined in RFC 9382.
 Package spake2 implements the SPAKE2 password-authenticated key exchange protocol as defined in RFC 9382.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.