Crypto: Spake2+
The Spake2+ sample demonstrates how to use the PSA Crypto API to perform password-authenticated key exchange using the Spake2+ protocol with HMAC-SHA-256 and the secp256r1 ECC curve.
Requirements
The sample supports the following development kits:
Hardware platforms |
PCA |
Board name |
|
|---|---|---|---|
PCA10153 |
|
||
PCA10090 |
|
||
PCA10171 |
|
||
nRF7120 DK |
nrf7120dk |
|
|
nRF54LV10 DK |
PCA10188 |
|
|
nRF54LS05 DK |
PCA10214 |
nrf54ls05dk |
|
PCA10184 |
|
||
nRF54LC10 DK |
PCA10226 |
nrf54lc10dk |
|
PCA10156 |
|
||
PCA10156 |
|
||
PCA10156 |
|
||
PCA10175 |
|
||
PCA10095 |
|
||
PCA10056 |
|
Overview
The sample enables PSA Crypto API and configures the following Kconfig options for the cryptographic features:
CONFIG_PSA_WANT_ALG_SPAKE2P_HMAC- Used to enable support for the Spake2+ PAKE algorithm from among the supported cryptographic operations for PAKE algorithms.CONFIG_PSA_WANT_ALG_HKDF- Used to enable support for the HKDF key derivation algorithm from among the supported cryptographic operations for KDF algorithms.CONFIG_PSA_WANT_ALG_HMAC- Used to enable support for the HMAC algorithm from among the supported cryptographic operations for MAC algorithms.CONFIG_PSA_WANT_ALG_SHA_256- Used to enable support for the SHA-256 hash algorithm from among the supported cryptographic operations for Hash algorithms.CONFIG_PSA_WANT_ECC_SECP_R1_256- Used to enable support for the secp256r1 ECC curve from among the supported cryptographic operations for ECC curve types.CONFIG_PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT- Used to enable support for Spake2+ key pair types from among the supported cryptographic operations for SPAKE2P key pair operations.CONFIG_PSA_WANT_GENERATE_RANDOM- Used to enable random number generation from among the supported cryptographic operations for RNG algorithms.
The sample also configures the cryptographic drivers for each board target using Kconfig options in the overlay files in the boards directory.
These Kconfig options are then used by the build system to compile the required cryptographic PSA directives and make the configured cryptographic drivers available at runtime. See Driver selection for more information about this process.
Once built and run, the sample performs the following operations:
Initialization:
The PSA Crypto API is initialized using
psa_crypto_init().A Spake2+ key pair is imported into the PSA crypto keystore using
psa_import_key(). The key pair is configured for password-authenticated key exchange.A Spake2+ public key is imported into the PSA crypto keystore using
psa_import_key().
Spake2+ key exchange:
Two PAKE operations are set up using
psa_pake_setup(), one for the client role and one for the server role.The roles are configured using
psa_pake_set_role().User and peer identifiers are set using
psa_pake_set_user()andpsa_pake_set_peer().The key shares are exchanged between client and server using
psa_pake_output()andpsa_pake_input().Key confirmation messages are exchanged between client and server.
Key derivation:
The shared key is obtained using
psa_pake_get_shared_key()for both client and server.The shared key is used as input for the HKDF key derivation (
psa_key_derivation_setup(),psa_key_derivation_input_key(), andpsa_key_derivation_output_bytes()) to derive final secrets.The derived secrets for client and server are verified to be equal.
Building and running
This sample can be found under samples/crypto/spake2p in the nRF Connect SDK folder structure.
For more security, it is recommended to use the */ns variant of the board target (see the Requirements section above.)
When built for this variant, the sample is configured to compile and run as a non-secure application using security by separation.
Therefore, it automatically includes Trusted Firmware-M that prepares the required peripherals and secure services to be available for the application.
To build the sample, follow the instructions in Building an application for your preferred building environment. See also Programming an application for programming steps and Testing and optimization for general information about testing and debugging in the nRF Connect SDK.
Note
When building repository applications in the SDK repositories, building with sysbuild is enabled by default.
If you work with out-of-tree freestanding applications, you need to manually pass the --sysbuild parameter to every build command or configure west to always use it.
Testing
After programming the sample to your development kit, complete the following steps to test it:
Connect to the kit with a terminal emulator (for example, the Serial Terminal app). See Testing and optimization for the required settings and steps.
Build and program the application.
Observe the logs from the application using the terminal emulator. For example, the log output should look like this:
*** Booting nRF Connect SDK v3.1.0-6c6e5b32496e ***
*** Using Zephyr OS v4.1.99-1612683d4010 ***
[00:00:00.251,159] <inf> spake2p: Starting Spake2+ example...
[00:00:00.251,190] <inf> spake2p: ---- Sending message (len: 32): ----
[00:00:00.251,220] <inf> spake2p: Content:
12 34 56 78 9a bc de f0 12 34 56 78 9a bc de f0 |.4Vx.... .4Vx....|
12 34 56 78 9a bc de f0 12 34 56 78 9a bc de f0 |.4Vx.... .4Vx....|
[00:00:00.251,251] <inf> spake2p: ---- Sending message end ----
[00:00:00.251,281] <inf> spake2p: ---- Sending message (len: 32): ----
[00:00:00.251,312] <inf> spake2p: Content:
34 56 78 9a bc de f0 12 34 56 78 9a bc de f0 12 |4Vx......Vx....|
34 56 78 9a bc de f0 12 34 56 78 9a bc de f0 12 |4Vx......Vx....|
[00:00:00.251,342] <inf> spake2p: ---- Sending message end ----
[00:00:00.251,373] <inf> spake2p: ---- Sending message (len: 32): ----
[00:00:00.251,404] <inf> spake2p: Content:
56 78 9a bc de f0 12 34 56 78 9a bc de f0 12 34 |Vx........Vx...|
56 78 9a bc de f0 12 34 56 78 9a bc de f0 12 34 |Vx........Vx...|
[00:00:00.251,434] <inf> spake2p: ---- Sending message end ----
[00:00:00.251,465] <inf> spake2p: ---- Sending message (len: 32): ----
[00:00:00.251,495] <inf> spake2p: Content:
78 9a bc de f0 12 34 56 78 9a bc de f0 12 34 56 |x.................|
78 9a bc de f0 12 34 56 78 9a bc de f0 12 34 56 |x.................|
[00:00:00.251,526] <inf> spake2p: ---- Sending message end ----
[00:00:00.251,556] <inf> spake2p: ---- Server secret (len: 32): ----
[00:00:00.251,587] <inf> spake2p: Content:
9a bc de f0 12 34 56 78 9a bc de f0 12 34 56 78 |....4Vx...4Vx|
9a bc de f0 12 34 56 78 9a bc de f0 12 34 56 78 |....4Vx...4Vx|
[00:00:00.251,617] <inf> spake2p: ---- Server secret end ----
[00:00:00.251,648] <inf> spake2p: ---- Client secret (len: 32): ----
[00:00:00.251,678] <inf> spake2p: Content:
9a bc de f0 12 34 56 78 9a bc de f0 12 34 56 78 |....4Vx...4Vx|
9a bc de f0 12 34 56 78 9a bc de f0 12 34 56 78 |....4Vx...4Vx|
[00:00:00.251,709] <inf> spake2p: ---- Client secret end ----
[00:00:00.251,739] <inf> spake2p: Spake2+ key exchange successful!
[00:00:00.251,770] <inf> spake2p: Example finished successfully!