Add spake2 #3
Add spake2 #3
Conversation
* ported spake2.py password-to-scalar function, since dalek's built-in one does it differently * added "side" byte in messages: emit in start(), strip+check in input() * rewrote transcript-hashing (since transcript is fixed-size) This adds a lot of debug prints, and moves a bunch of test-only code into the top level, all of which will need to be undone eventually.
the messages now match what I expect, but the final key does not. Next step is to compare transcripts.
* add Cargo.toml metadata * add travis badge * exclude .gitignore
Also upgrade to curve25519-dalek 0.11, hkdf-0.2, refine error types, add more tests.
This a breaking API change. The next release should bump the minor version number. As discussed in warner/spake2.rs#3 and https://github.com/warner/magic-wormhole.rs/issues/32 , if an application were to accidentally swap the "password" and "identity" arguments (mainly for start_symmetric which only takes two args), the app would appear to work, but would contain a devastating security vulnerability (online brute-force password attack, with precomputation enabled). You might think of newtypes as giving the API named parameters. Instead of: `s = start_symmetric(b"pw", b"appid")` you get: `s = start_symmetric(&Password::new(b"pw"), &Identity::new(b"appid"))` but it protects you (with a compile-time error) against mistakes like: `s = start_symmetric(&Identity::new(b"appid"), &Password::new(b"pw"))` I'd like to find a way to remove requirement to pass a reference (and enable `start_symmetric(Password::new(..)..)`).
I introduced a breaking API change, and should have named that last release 0.1.0 instead of 0.0.9. I'll release this as 0.1.0.
git-subtree-dir: spake2 git-subtree-mainline: 1afa40d git-subtree-split: f6e9d07 This moves https://github.com/warner/spake2.rs into the "spake2/" subdirectory of https://github.com/RustCrypto/PAKEs . I'll move the release tags over next, then update the travis config and READMEs.
|
Argh, I've squashed and merged this PR. Do you think I should revert and merge it instead? Maybe it's worth to archive |
|
Yeah, if you don't mind reverting it, it might be nice to include the history in the repo going forward. Especially the release tags. If you don't feel comfortable with a force-push, you could revert just the last commit (leaving both forward and backwards commits in the history, but restoring the tree contents to those from the srp-v0.2.5 tag (1afa40d)). Then I can re-run the |
This reverts commit 4497c92.
|
I think I've merged it correctly, can you check it to be safe? |
|
Yep, looks like you force-pushed the original a23222c commit. The tree looks fine to me now. Thanks! I'll add the spake2 tags later today, and will look at the travis situation too. What's our pattern for tag names.. would it be |
|
Currently it's |
|
ok, tags pushed. I'll look at travis and file a PR later. |
|
I've update readme a bit. BTW how about re-licensing |
|
Done. The badges won't get updated until we push a new release and crates.io sees the change. I fixed the srp/Cargo.toml to point at the correct repo to (PAKEs instead of PAKE). I'll try to push a new release tonight or tomorrow. |
3 participants
This does a "git subtree add", moving the entire history of https://github.com/warner/spake2.rs into the
spake2/subdirectory of this repo. I think that's the appropriate thing to do.. it makes the history look a little funky (there are now two unparented commits, not just the usual one original commit), but it keeps all the revision IDs identical.If this seems reasonable and we land it, I'll add tags next (with names like spake2-0.1.0), and then update the travis config, then the READMEs.