Documentation
¶
Overview ¶
Package client provides an implementation of a (strong) AuCPace client.
Assuming the client is already registered on the server and has a valid password verifier entry, the usage would be the following:
The client initiates a connection to server. To start the (strong) AuCPace protocol, create a new client instance, by providing the username, password and ssid, a random byte sequence. Initiate the protocol with Start(), to get U, and send it with ssid and username to the server. The server will respond with a set of OPRF parameters and its public share Ya. With these parameters, call Continue() and get Yb and TB, and send them back to the server. If all values are correct, the server will respond with its authentication tag Ta, that needs to be verified with VerifyPeerTag().
On the first error encountered, abort immediately. Call Finish() to retrieve the secret shared session key.
client := Client.New(username, password, serverID, ssid, ad, crypto.Ristretto255sha512) U, err := client.Start() ... Send ssid, username and U to server ------------------------------> Receive (UQ,X,sigma,Ya) and pvr type <------------------------------- Yb, Tb, err := client.Continue(pvr.PvrType, UQ, X, sigma, Ya) ... Send Yb and Tb to server ------------------------------> Receive Ta from server <------------------------------- err := client.VerifyPeerTag(Ta) ... // Derive the secret session key sk := client.Finish()
Index ¶
- type Client
- func (c *Client) AuthenticationTag() []byte
- func (c *Client) BuildVerifier(q, sigma []byte) ([]byte, error)
- func (c *Client) Continue(pvrType verifier.PVRType, uq, x, sigma, peerElement []byte) (yb, tb []byte, err error)
- func (c *Client) Finish() []byte
- func (c *Client) PublicShare() (y []byte, err error)
- func (c *Client) SessionKey() []byte
- func (c *Client) Start() (u []byte, err error)
- func (c *Client) VerifyPeerTag(peerTag []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client holds user relevant information and the internal state during the AuCPace protocol
func New ¶
func New(username, password, serverID, ssid, ad []byte, ciphersuite crypto.Identifier) *Client
New initialises a client in the AuCPace protocol
func (*Client) AuthenticationTag ¶
AuthenticationTag returns the client's authentication tag, to be sent to the server
func (*Client) BuildVerifier ¶
BuildVerifier returns the verifier for the user to be used in the server database
func (*Client) Continue ¶
func (c *Client) Continue(pvrType verifier.PVRType, uq, x, sigma, peerElement []byte) (yb, tb []byte, err error)
Continue all client side operations except peer tag validation, and returns the client's share Yb and authentication tag tb These two values must be sent to the server.
func (*Client) PublicShare ¶
PublicShare returns the client's Y value, to be send to the server
func (*Client) SessionKey ¶
SessionKey returns the final shared secret session key
func (*Client) Start ¶
Start initiates the client side first step of the AuCPace protocol by returning the blinding U, to be sent to the server
func (*Client) VerifyPeerTag ¶
VerifyPeerTag checks whether the peerTag is valid, i.e. corresponds to its supposed value
Source Files