[v2] Define the SPAKE2+ algorithms#129
Conversation
* Add key encodings * Define public key format * Define key derivation procedure
* Add macros to crack a PAKE primitive value * Decide on using USAGE_DERIVE for SPAKE2+ keys * Fix typos * Update header file
* Constrain key derivation to SPAKE2+ key pairs * Specify the length of data extracted from the KDF during derivation * Use a list format to define the exported key format
* Supporting both RFC 9393 and Matter * New APIs: - `PSA_ALG_SPAKE2P_HMAC()` - `PSA_ALG_SPAKE2P_CMAC()` - `PSA_ALG_SPAKE2P_MATTER` - `PSA_ALG_IS_SPAKE2P()` - `PSA_ALG_IS_SPAKE2P_HMAC()` - `PSA_ALG_IS_SPAKE2P_CMAC()`
* Split into three sections: Common, J-PAKE, SPAKE2+ * Provide an overview and flow for each protocol, including password handling
athoelke
added
enhancement
athoelke
requested review from
MarcusJGStreets,
gilles-peskine-arm and
ndevillard
|
@silabs-Kusumit, @silabs-hannes, @oberon-sk, @yanesca: please continue review of SPAKE2+ here |
|
On the name of the algorithms... should we version the MATTER algorithm identifier, as in I don't know if a future version of Matter might decide to update to the RFC definition of SPAKE2+, or use something else entirely. So we would end up with two different SPAKE2+ Matter algorithms. |
|
AES0058-PSA_Certified_Crypto_API-1.2_PAKE_Extension-bet.2-draft2-spake2plus.pdf Doesn't seem to be the latest rendering. It still says "The current API proposal provides the general interface for PAKE algorithms, and the specific interface for J-PAKE." as opposed to the source which correctly mentions SPAKE2+ as well. |
You are correct. I don't know if the document build had missed the last commit on Dec 1. There are a few follow-up edits now, so let me rebuild a v3 draft. |
|
Updated draft PDF now available: AES0058-PSA_Certified_Crypto_API-1.2_PAKE_Extension-bet.2-draft3-spake2plus.pdf This adds the last three commits in this PR to the previous draft PDF. |
|
I viewed the draft PDF and didn't find any issues. The values calculated for size of LGTM |
3 participants
This PR is a second draft of the complete SPAKE2+ API, incorporating the last remaining SPAKE2+ PR #119. The first draft is in PR #126.
None of the API elements have changed since the first draft. This one reorganises the documentation, and reworks the overview of the SPAKE2+ protocol. The first draft defined the SPAKE2+ algorithms (see 701c9ec), the new updates are from 3cf983f onwards. The primary effects of the rework:
Move the key/algorithm encoding to a separate chapter
Organise the API chapter into three sections:
This permits a more consolidated structure for describing how to use the Crypto API for all of the phases of the SPAKE2+ protocol.
The result of the changes can be seen in this draft rendering: AES0058-PSA_Certified_Crypto_API-1.2_PAKE_Extension-bet.2-draft3-spake2plus.pdf
Out-dated draft:
AES0058-PSA_Certified_Crypto_API-1.2_PAKE_Extension-bet.2-draft2-spake2plus.pdfDO NOT MERGE
There remains one open issue in the preceding PR: verifying the table of KDF extraction lengths when deriving the SPAKE2+ keys.