Add spake2

spake2/.gitignore

@@ -0,0 +1,11 @@
+# Generated by Cargo
+# will have compiled files and executables
+/target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here http://doc.crates.io/guide.html#cargotoml-vs-cargolock
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+/cobertura.xml

spake2/.travis.yml

@@ -0,0 +1,40 @@
+language: rust
+
+rust:
+  - stable
+  - beta
+  - nightly
+
+os:
+  - linux
+  - osx
+
+branches:
+  except:
+    - /^WIP-.*$/
+
+matrix:
+  include:
+    - rust: 1.26.0 # lock down for consistent rustfmt behavior
+      env: RUSTFMT
+      install:
+        - rustup component add rustfmt-preview
+      script:
+        - cargo fmt -- --write-mode=diff
+  allow_failures:
+    - rust: nightly
+
+script:
+  - cargo clean
+  - cargo build --verbose --all
+#  - cargo run --verbose --example XYZ
+#  - cargo test --verbose --features "test" --all
+  - cargo test --verbose --all
+
+after_success: |
+  if [[ "$TRAVIS_RUST_VERSION" == stable ]]; then
+    bash <(curl https://raw.githubusercontent.com/xd009642/tarpaulin/master/travis-install.sh)
+    # Uncomment the following two lines create and upload a report for codecov.io
+    cargo tarpaulin --out Xml
+    bash <(curl -s https://codecov.io/bash)
+  fi

spake2/Cargo.toml

@@ -0,0 +1,33 @@
+[package]
+name = "spake2"
+version = "0.1.1-alpha.0"
+authors = ["Brian Warner <warner@lothar.com>"]
+description = "The SPAKE2 password-authenticated key-exchange algorithm, in Rust."
+documentation = "https://docs.rs/spake2"
+homepage = "https://github.com/warner/spake2.rs"
+repository = "https://github.com/warner/spake2.rs"
+license = "MIT"
+categories = ["cryptography"]
+exclude = [
+    ".gitignore"
+]
+
+[badges]
+travis-ci = { repository = "warner/spake2.rs" }
+is-it-maintained-issue-resolution = { repository = "warner/spake2.rs" }
+is-it-maintained-open-issues = { repository = "warner/spake2.rs" }
+
+[dependencies]
+curve25519-dalek = "0.19"
+rand = "0.5"
+sha2 = "0.7"
+hkdf = "0.6"
+num-bigint = "0.2"
+hex = "0.3"
+
+[dev-dependencies]
+bencher = "0.1"
+
+[[bench]]
+name = "spake2"
+harness = false

spake2/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Brian Warner
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

spake2/README.md

@@ -0,0 +1,29 @@
+# spake2.rs
+The SPAKE2 password-authenticated key-exchange algorithm, in Rust.
+
+[![Build Status][build-status-image]][build-status-url]
+[![Codecov][codecov-image]][codecov-url]
+[![Is-It-Maintained-Resolution-Time][iim-resolution-image]][iim-resolution-url]
+[![Is-It-Maintained-Open-Issues][iim-open-image]][iim-open-url]
+[![Crates.io][crates-io-image]][crates-io-url]
+[![Docs.rs][docs-image]][docs-url]
+[![License][license-image]][license-url]
+
+This is still pretty early, but seems to do the job. It needs a proper security review before you should consider using it for anything serious.
+
+Note that the API has changed since 0.0.8 . I released 0.0.9 by mistake.
+
+[build-status-image]: https://travis-ci.org/warner/spake2.rs.svg?branch=master
+[build-status-url]: https://travis-ci.org/warner/spake2.rs
+[codecov-image]: https://codecov.io/gh/warner/spake2.rs/branch/master/graph/badge.svg
+[codecov-url]: https://codecov.io/gh/warner/spake2.rs
+[crates-io-image]: https://img.shields.io/crates/v/spake2.svg
+[crates-io-url]: https://crates.io/crates/spake2
+[docs-image]: https://docs.rs/spake2/badge.svg
+[docs-url]: https://docs.rs/spake2
+[license-image]: https://img.shields.io/badge/License-MIT-blue.svg
+[license-url]: LICENSE
+[iim-resolution-image]: http://isitmaintained.com/badge/resolution/warner/spake2.rs.svg
+[iim-resolution-url]: http://isitmaintained.com/project/warner/spake2.rs
+[iim-open-image]: http://isitmaintained.com/badge/open/warner/spake2.rs.svg
+[iim-open-url]: http://isitmaintained.com/project/warner/spake2.rs

spake2/benches/spake2.rs

@@ -0,0 +1,60 @@
+#[macro_use]
+extern crate bencher;
+
+extern crate spake2;
+
+use bencher::Bencher;
+use spake2::{Ed25519Group, Identity, Password, SPAKE2};
+
+fn spake2_start(bench: &mut Bencher) {
+    bench.iter(|| {
+        let (_, _) = SPAKE2::<Ed25519Group>::start_a(
+            &Password::new(b"password"),
+            &Identity::new(b"idA"),
+            &Identity::new(b"idB"),
+        );
+    })
+}
+
+/*
+fn spake2_finish(bench: &mut Bencher) {
+    // this doesn't work, because s1 is consumed by doing finish()
+    let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(
+        &Password::new(b"password"),
+        &Identity::new(b"idA"),
+        &Identity::new(b"idB"),
+    );
+    let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(
+        &Password::new(b"password"),
+        &Identity::new(b"idA"),
+        &Identity::new(b"idB"),
+    );
+    let msg2_slice = msg2.as_slice();
+    bench.iter(|| s1.finish(msg2_slice))
+}
+*/
+
+fn spake2_start_and_finish(bench: &mut Bencher) {
+    let (_, msg2) = SPAKE2::<Ed25519Group>::start_b(
+        &Password::new(b"password"),
+        &Identity::new(b"idA"),
+        &Identity::new(b"idB"),
+    );
+    let msg2_slice = msg2.as_slice();
+    bench.iter(|| {
+        let (s1, _) = SPAKE2::<Ed25519Group>::start_a(
+            &Password::new(b"password"),
+            &Identity::new(b"idA"),
+            &Identity::new(b"idB"),
+        );
+        s1.finish(msg2_slice)
+    })
+}
+
+benchmark_group!(
+    benches,
+    spake2_start,
+    //spake2_finish,
+    spake2_start_and_finish
+);
+benchmark_main!(benches);

spake2/src/lib.rs

@@ -0,0 +1,109 @@
+#![forbid(unsafe_code)]
+#![cfg_attr(test, deny(warnings))]
+
+extern crate curve25519_dalek;
+extern crate hex;
+extern crate hkdf;
+extern crate num_bigint;
+extern crate rand;
+extern crate sha2;
+
+mod spake2;
+pub use spake2::*;
+
+#[cfg(test)]
+mod tests {
+    use spake2::{Ed25519Group, ErrorType, Identity, Password, SPAKE2, SPAKEErr};
+
+    #[test]
+    fn test_basic() {
+        let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(
+            &Password::new(b"password"),
+            &Identity::new(b"idA"),
+            &Identity::new(b"idB"),
+        );
+        let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(
+            &Password::new(b"password"),
+            &Identity::new(b"idA"),
+            &Identity::new(b"idB"),
+        );
+        let key1 = s1.finish(msg2.as_slice()).unwrap();
+        let key2 = s2.finish(msg1.as_slice()).unwrap();
+        assert_eq!(key1, key2);
+    }
+
+    #[test]
+    fn test_mismatch() {
+        let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(
+            &Password::new(b"password"),
+            &Identity::new(b"idA"),
+            &Identity::new(b"idB"),
+        );
+        let (s2, msg2) = SPAKE2::<Ed25519Group>::start_b(
+            &Password::new(b"password2"),
+            &Identity::new(b"idA"),
+            &Identity::new(b"idB"),
+        );
+        let key1 = s1.finish(msg2.as_slice()).unwrap();
+        let key2 = s2.finish(msg1.as_slice()).unwrap();
+        assert_ne!(key1, key2);
+    }
+
+    #[test]
+    fn test_reflected_message() {
+        let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(
+            &Password::new(b"password"),
+            &Identity::new(b"idA"),
+            &Identity::new(b"idB"),
+        );
+        let r = s1.finish(msg1.as_slice());
+        assert_eq!(
+            r.unwrap_err(),
+            SPAKEErr {
+                kind: ErrorType::BadSide,
+            }
+        );
+    }
+
+    #[test]
+    fn test_bad_length() {
+        let (s1, msg1) = SPAKE2::<Ed25519Group>::start_a(
+            &Password::new(b"password"),
+            &Identity::new(b"idA"),
+            &Identity::new(b"idB"),
+        );
+        let mut msg2 = Vec::<u8>::with_capacity(msg1.len() + 1);
+        msg2.resize(msg1.len() + 1, 0u8);
+        let r = s1.finish(&msg2);
+        assert_eq!(
+            r.unwrap_err(),
+            SPAKEErr {
+                kind: ErrorType::WrongLength,
+            }
+        );
+    }
+
+    #[test]
+    fn test_basic_symmetric() {
+        let (s1, msg1) = SPAKE2::<Ed25519Group>::start_symmetric(
+            &Password::new(b"password"),
+            &Identity::new(b"idS"),
+        );
+        let (s2, msg2) = SPAKE2::<Ed25519Group>::start_symmetric(
+            &Password::new(b"password"),
+            &Identity::new(b"idS"),
+        );
+        let key1 = s1.finish(msg2.as_slice()).unwrap();
+        let key2 = s2.finish(msg1.as_slice()).unwrap();
+        assert_eq!(key1, key2);
+    }
+
+    #[test]
+    fn it_works() {}
+
+    #[test]
+    #[should_panic(expected = "nope")]
+    fn it_panics() {
+        assert!(false, "nope");
+    }
+}