spoke

SPAKE+EE implementation in OCaml
README

The goal of Spoke is to establish an agreement on two strong keys from a shared
weak password. This implementation comes from a description of SPAKE2+EE
available here.

Let's start with Bob and Alice. They share a weak password and they want to
initiate a secure connection. Spoke is able to derive from this weak password 2
keys that can be used to establish a secure connection using symmetric
encryption (like AEAD).

Spoke implements a handshake between Alice and Bob and returns the 2 keys for
Alice and for Bob. It provides a Mirage_flow.S implementation
which uses GCM, CCM or ChaCha20_Poly1305 as a symmetric encryption mechamism
between the client to the server and the server to the client (they can be
different).

You can simulate this handshake with the bin/simulate.exe program. It creates
a socket and simulates a communication between Alice and Bob and finds an
arrangement about 2 keys usable for symmetric encryption. Then, it sends a file
to the server which repeats contents to the client. The client check the
integrity of the received contents.

                         .---->----. (via GCM)
                 [ client ]       [ server ]
 (via ChaCha20_Poly1305) '----<----'

You can execute it with:

$ dune exec bin/simulate.exe -- filename 127.0.0.1:9000 hello-world

The goal of this tool is to ensure:

  • that the handshake is done correctly if Bob & Alice share the same password

  • the transmission throught a symmetric cipher from the shared keys works

A full explanation of the protocol and the handshake is available on my blog:
Spoke, how to implement a little cryptographic protocol. Finally, you
should take a look on bob which has a real usage of Spoke.

Install
Published
04 Oct 2022
Sources
spoke-0.0.1.tbz
sha256=f88585c7af4e3304df656ad37989cb6856639ef1ded1b3b6699e4863d2067fff
sha512=faab7880ee3120f5738a469408ae0527e1fe0b752110ac1cbf72f5049994ef640b287571fb938a37ef41dbd7e998a48971ddcdd44c13e177122db2fb686129ce
Dependencies
tcpip
with-test
rresult
with-test
mimic
with-test
result
>= "1.5"
lwt
>= "5.6.1"
mirage-flow
>= "3.0.0"
mirage-crypto
>= "0.10.7"
encore
>= "0.8"
bigstringaf
>= "0.9.0"
digestif
>= "0.8.1"
base64
>= "3.0.0"
dune
>= "2.9.0"
ocaml
>= "4.08.0"
Reverse Dependencies