New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement SPAKE2 (for I1024) #3

Merged
merged 18 commits into from May 28, 2017

Conversation

Projects
None yet
1 participant
@jml
Owner

jml commented May 19, 2017

A "working" implementation of SPAKE2 with the I1024 group.

  • Rejiggers documentation quite a lot
  • Defines new Group typeclass and implements it for the IntegerGroup that's in the Python implementation
  • Implements all of the protocol stuff that sits on top of the mathematics
  • Adds an entrypoint for testing interoperability

This is ready to merge, IMO.

Future work:

  • Ed25519 implementation
  • Move things from the interop entrypoint either into the library or into documentation
  • Expand the module documentation
  • Maybe hard-code some of the interoperability lessons as tests. Not sure how to do this.
  • Make the Haddock for the main Crypto.Spake2 module more accessible

jml added some commits May 19, 2017

Lots of documentation for the protocol
Much input derived from a PR to implement this for Javascript:
bitwiseshiftleft/sjcl#273
Initial sketch of SPAKE2 protocol
Includes full-ish `createSessionKey` implementation
Hook up most of protocol and define Group typeclass
Also implement our own Group, but it's a really crappy one that must not be
used for cryptography.
Full interop testing
Doesn't pass, but at least doesn't crash due to `notImplemented`
IntegerGroup implementation
I1024 only one provided so far

Update interop to use i1024 group

A better test of interoperability. Still fails.
Factor out number serialization
Gives us more control for doing experiments.
Get interop working with I1024
- capital "M" etc. for seed
- correct HKDF information (remove a space)
- do modulo arithmetic correctly to get byte size
- hash session key elements as byte digests, not as hex digests

Unrelated

- export `elementSizeBytes` (for testing)
- derive Eq, Show for group (for testing)
- refactor arbitraryElement (for easier comparison with Python)
Re-organize documentation
A lot has been learned, so a lot of the documentation can be summarised.

This isn't as good as it could be, but hopefully more will follow.

@jml jml changed the title from [WIP] Even more learning to Implement SPAKE2 (for I1024) May 25, 2017

@jml jml requested a review from exarkun May 25, 2017

@jml jml referenced this pull request May 26, 2017

Merged

Ed25519 implementation #4

@jml

This comment has been minimized.

Show comment
Hide comment
@jml

jml May 28, 2017

Owner

I'm going to merge this now.

I'd still really like feedback, especially on:

  • correct use of mathematical terminology
  • how understandable the code is
  • whether the docs are useful

And, for @exarkun in particular, I'd be happy to answer any questions about Haskell things that are strange or unfamiliar.

Owner

jml commented May 28, 2017

I'm going to merge this now.

I'd still really like feedback, especially on:

  • correct use of mathematical terminology
  • how understandable the code is
  • whether the docs are useful

And, for @exarkun in particular, I'd be happy to answer any questions about Haskell things that are strange or unfamiliar.

@jml jml merged commit dced3d6 into master May 28, 2017

@jml jml deleted the even-more-learning branch May 28, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment