server

package

v0.0.0-...-419a316 Latest Latest Go to latest Published: Apr 25, 2020 License: BSD-3-Clause Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bytemare/pake

Documentation ¶

Overview ¶

Package server provides an implementation for a (strong) AuCPace server.

Assuming a pre-established database entry for the username, the usual usage would be the following:

On reception of a client connection containing ssid, username and element U, loop up the database for the matching record.

Create a new AuCPace server instance. Then, use the Start() function to retrieve the OPRF and CPace parameters to send to the client. Once the client has responded with its public share Yb and authentication taf Tb, you can Continue() and should abort on error. At this point the client is correctly and fully authenticated. AuthenticationTag() will return the server authentication tag to send to the client for server authentication.

Call Finish() to retrieve the secret shared session key.

					Incoming connection from
					client with sid, username and U
					<-------------------------------

// Look up database for record matching username. pvr = record
server := Server.New(serverID, username, pvr, ssid, ad, crypto.Ristretto255sha512)
UQ, X, sigma, Ya, err := server.Start(U)
...

					sends (UQ,X,sigma,Ya) and pvr type to client
					------------------------------>

					Receive Yb and Tb form client
					<-------------------------------

err := server.Continue(Yb, Tb)
...
Ta := server.AuthenticationTag()

					Sends Ta to client
					------------------------------>
// Derive the secret session key
sk := server.Finish()

Index ¶

type Server
- func New(id, username []byte, pvr *verifier.PasswordVerifierRecord, ssid, ad []byte, ...) *Server

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Server ¶

type Server struct {
	*crypto.Ciphersuite
	// contains filtered or unexported fields
}

Server holds user relevant information and the internal state during the AuCPace protocol

func New ¶

func New(id, username []byte, pvr *verifier.PasswordVerifierRecord, ssid, ad []byte, ciphersuite crypto.Identifier) *Server

New initialises a server in the AuCPace protocol

func (*Server) AuthenticationTag ¶

func (s *Server) AuthenticationTag() []byte

AuthenticationTag returns the server's authentication tag, to be sent to the client

func (*Server) Continue ¶

func (s *Server) Continue(peerElement, peerTag []byte) error

Continue wraps up the server side of the AuCPace protocol, by verifying the client's authentication tag, and deriving the session secret.

func (*Server) Finish ¶

func (s *Server) Finish() []byte

Finish returns the final shared secret session key

func (*Server) Start ¶

func (s *Server) Start(u []byte) (uq, x, sigma, ya []byte, err error)

Start starts the server side actions of the AuCPace protocol on reception for the client's blinding U

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL