SPAKE2+ example (PSA library)

Hello everyone,

I was looking at SPAKE2+ example (NCS v2.6.99) and trying to understand where the password used to derived the shared secret is set or used. Can anyone help me?

BR.

0 Portilha 25 days ago in reply to dejans

The second message exchange (different values for verifier and prover), before the final message that has the same K_shared. Also, I want to know if there is any way to adjust the example to use CMAC-AES-128.

BR.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Portilha 24 days ago in reply to dejans

I want to have something like this example:

Where the CMAC output (confirmP and confirmV) are both 16 bytes.

BR.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 dejans 23 days ago in reply to Portilha

Hi,

I will discuss your questions with our developers. I expect to get back to you by the end of the next week.

Best regards,
Dejan
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 dejans 18 days ago in reply to dejans

Hi,

We mainly support Matter version of SPAKE2+ which is HMAC based. You could try to follow the logic in sdk-oberon-psa-crypto to change to CMAC-AES-128. For intermediate values, please note that PAKE is basically implementing APIs from PSA. You can look at this PSA API document.

Best regards,
Dejan
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel