{"id":15370377,"url":"https://github.com/jedisct1/cpace","last_synced_at":"2025-04-15T13:54:20.262Z","repository":{"id":66081573,"uuid":"258219848","full_name":"jedisct1/cpace","owner":"jedisct1","description":"A CPace PAKE implementation using libsodium.","archived":false,"fork":false,"pushed_at":"2020-12-31T23:19:41.000Z","size":6,"stargazers_count":35,"open_issues_count":1,"forks_count":2,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-28T20:47:00.571Z","etag":null,"topics":["cpace","crypto","cryptography","libsodium","pake","ristretto"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jedisct1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-04-23T13:46:54.000Z","updated_at":"2024-06-12T02:22:30.000Z","dependencies_parsed_at":null,"dependency_job_id":"c8a2f81e-14e7-4766-8c33-b5a7446ad9cf","html_url":"https://github.com/jedisct1/cpace","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fcpace","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fcpace/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fcpace/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jedisct1%2Fcpace/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jedisct1","download_url":"https://codeload.github.com/jedisct1/cpace/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249085477,"owners_count":21210267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpace","crypto","cryptography","libsodium","pake","ristretto"],"created_at":"2024-10-01T13:41:26.600Z","updated_at":"2025-04-15T13:54:20.241Z","avatar_url":"https://github.com/jedisct1.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CPace-Ristretto255, a balanced PAKE\n\nA CPace implementation for libsodium 1.0.17+\n\n## Blurb\n\n[CPace](https://tools.ietf.org/id/draft-haase-cpace-01.html) is a protocol for two parties that share a low-entropy secret (password) to derive a strong shared key without disclosing the secret to offline dictionary attacks.\n\nCPace is a balanced PAKE, meaning that both parties must know the low-entropy secret.\n\nApplications include pairing IoT and mobile applications using ephemeral pin codes, QR-codes, serial numbers, etc.\n\n## Usage\n\nThe CPace protocol requires a single round trip.\n\nIt returns a set of two 256-bit (`crypto_cpace_SHAREDKEYBYTES` bytes) keys that can be used to communicate in both directions.\n\n```c\n#include \"crypto_cpace.h\"\n\n#include \u003csodium.h\u003e\n\n/* A client identifier (username, email address, public key...) */\n#define CLIENT_ID \"client\"\n\n/* A server identifier (IP address, host name, public key...) */\n#define SERVER_ID \"server\"\n\n/* The shared password */\n#define PASSWORD \"password\"\n\n/* Optional additional data (application name, version, time stamp...) */\n#define ADDITIONAL_DATA \"additional data\"\n\nint\nmain(void)\n{\n    crypto_cpace_state       ctx;\n    crypto_cpace_shared_keys shared_keys_computed_by_client;\n    crypto_cpace_shared_keys shared_keys_computed_by_server;\n    unsigned char            public_data[crypto_cpace_PUBLICDATABYTES];\n    unsigned char            response[crypto_cpace_RESPONSEBYTES];\n    char                     hex[crypto_cpace_SHAREDKEYBYTES * 2 + 1];\n\n    /* [BOTH SIDES] Initialize the library - This just calls sodium_init() */\n    if (crypto_cpace_init() != 0) {\n        return 1;\n    }\n\n    /* [CLIENT SIDE] Compute public data to be sent to the server */\n    if (crypto_cpace_step1(\u0026ctx, public_data, PASSWORD, sizeof PASSWORD - 1,\n                           CLIENT_ID, sizeof CLIENT_ID - 1, SERVER_ID,\n                           sizeof SERVER_ID,\n                           (const unsigned char *) ADDITIONAL_DATA,\n                           sizeof ADDITIONAL_DATA) != 0) {\n        return 1;\n    }\n\n    /* [SERVER SIDE] Compute the shared keys using the public data,\n     * and return a response to send back to the client.\n     */\n    if (crypto_cpace_step2(\n            response, public_data, \u0026shared_keys_computed_by_server, PASSWORD,\n            sizeof PASSWORD - 1, CLIENT_ID, sizeof CLIENT_ID - 1, SERVER_ID,\n            sizeof SERVER_ID, (const unsigned char *) ADDITIONAL_DATA,\n            sizeof ADDITIONAL_DATA) != 0) {\n        return 1;\n    }\n\n    /* [CLIENT SIDE] Compute the shared keys using the server response */\n    if (crypto_cpace_step3(\u0026ctx, \u0026shared_keys_computed_by_client, response) !=\n        0) {\n        return 1;\n    }\n\n    /* Verification */\n\n    printf(\"Client key computed by the client: %s\\n\",\n           sodium_bin2hex(hex, sizeof hex,\n                          shared_keys_computed_by_client.client_sk,\n                          crypto_cpace_SHAREDKEYBYTES));\n    printf(\"Client key computed by the server: %s\\n\",\n           sodium_bin2hex(hex, sizeof hex,\n                          shared_keys_computed_by_server.client_sk,\n                          crypto_cpace_SHAREDKEYBYTES));\n    printf(\"Server key computed by the client: %s\\n\",\n           sodium_bin2hex(hex, sizeof hex,\n                          shared_keys_computed_by_client.server_sk,\n                          crypto_cpace_SHAREDKEYBYTES));\n    printf(\"Server key computed by the server: %s\\n\",\n           sodium_bin2hex(hex, sizeof hex,\n                          shared_keys_computed_by_server.server_sk,\n                          crypto_cpace_SHAREDKEYBYTES));\n    return 0;\n}\n```\n\n## Notes\n\n- This implementation uses the Ristretto255 group and SHA-512 as the hash function, so that it can trivially be ported to [wasm-crypto](https://github.com/jedisct1/wasm-crypto).\n- Client and server identifiers have a maximum size of 255 bytes.\n- A Rust version is available [here](https://github.com/jedisct1/rust-cpace).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjedisct1%2Fcpace","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjedisct1%2Fcpace","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjedisct1%2Fcpace/lists"}