Home

Awesome

libopaque dart bindings

These bindings provide access to libopaque which implements the IRTF CFRG RFC draft or you can read the original paper.

Dependencies

These bindings depend on the following:

A compiled library of both libopaque and libsodium must be available to use these bindings.

Usage

To use the libopaque ffi bindings, your first have to initialize an Opaque object with both libopaque and libsodium libraries. Please refer to the libopaque and libsodium documentations on how to install these libraries properly.

To use the libopaque js bindings, you have to include the libopaque.js script in your html tree and then initialize an Opaque object. You will get the libopaque.js script here: https://github.com/stef/libopaque/js .

VM - loading the dynamic library

In the dart VM, dart:ffi is used as a backend to load and interact with the libopaque/libsodium binaries. All you need to do is load such a library and pass it to the Opaque.init constructor. This generally looks like this:

import 'dart:ffi';
import 'package:opaque/opaque.ffi.dart';

// load the dynamic libraries into dart
final libopaque = DynamicLibrary.open('/path/to/libopaque.XXX'); // or DynamicLibrary.process()
final libsodium = DynamicLibrary.open('/path/to/libsodium.XXX'); // or DynamicLibrary.process()

final opaque = Opaque.init(libopaque, libsodium);
// using the opaque.* API

Transpiled JavaScript - loading the JavaScript code

The usage is quite similar to the VM loading usage. You should load the libopaque.js script either in a html file or dynamically in your dart code, and then call Opaque.init. Make sure to name your script exactly libopaque.js. In general this will look something like this:

import 'package:opaque/opaque.js.dart';

final opaque = Opaque.init();
// using the opaque.* API

API

Note that all Opaque.* API calls will throw an OpaqueException if the API call failed.

OpaqueIds

The IDs of the peers are passed around as a class object:

final OpaqueIds ids = OpaqueIds.fromStrings("user", "server");

1-step registration

1-step registration is only specified in the original paper. It is not specified by the IRTF CFRG draft. 1-step registration has the benefit that the supplied password (pwdU) can be checked on the server for password rules (e.g., occurrence in common password lists). It has the drawback that the password is exposed to the server.

final result = opaque.Register(pwdU, ids, skS: skS);
final rec = result.rec;
final export_key = result.export_key;

4-step registration

Registration as specified in the IRTF CFRG draft consists of the following 4 steps:

Step 1: The user creates a registration request.

final result = opaque.CreateRegistrationRequest(pwdU);
final M = result.M!;
final secU = result.sec;

The user should hold on to secU securely until step 3 of the registration process. request needs to be passed to the server running step 2.

Step 2: The server responds to the registration request.

final result = opaque.CreateRegistrationResponse(request, skS: skS);
final secS = result.sec;
final pub = result.pub;

The server should hold onto secS securely until step 4 of the registration process. pub should be passed to the user running step 3.

Step 3: The user finalizes the registration using the response from the server.

final result = opaque.FinalizeRequest(secU, pub, ids);
final rec0 = result.rec;
final export_key = result.export_key;

Step 4: The server finalizes the user's record.

final result = opaque.StoreUserRecord(secS, rec0);
final rec1 = result.rec;

Important Note: Confusingly this function is called StoreUserRecord, yet it does not do any storage. How you want to store the record (rec1) is up to the implementor using this API.

Establishing an opaque session

After a user has registered with a server, the user can initiate the AKE and thus request its credentials in the following 3(+1)-step protocol:

Step 1: The user initiates a credential request.

final result = opaque.CreateCredentialRequest(pwdU);
final pub = result.pub;
final secU = result.sec;

The user should hold onto secU securely until step 3 of the protocol. pub needs to be passed to the server running step 2.

Step 2: The server responds to the credential request.

final result = opaque.CreateCredentialResponse(pub, rec, ids, context);
final resp = result.resp;
final sk = result.sk;
final sec = result.sec;

Step 3: The user recovers its credentials from the server's response.

final result = opaque.RecoverCredentials(resp, secU, context, ids: ids);
final sk = result.sk;
final authU = result.authU;
final export_key = result.export_key;

Step 4 (Optional): The server authenticates the user.

This step is only needed if there is no encrypted channel setup towards the server using the shared secret.

opaque.UserAuth(sec, authU);