spake2plus

A Dart package for SPAKE2+, an Augmented Password-Authenticated Key Exchange (PAKE) protocol [RFC9383]. Supports Linux and macOS for now.

Dependencies

This package uses OpenSSL v3.0 and later via dart:ffi.

Tested environments

Ubuntu 24.04.1 LTS
Raspberry Pi OS (64bit, Kernel 6.6, Debian 12(bookworm))
macOS 14/15

Usage

A simple way to understand the package is to look at the example code and test cases. Even if you don't understand RFC9383, you can get a general idea of how to use it.

Supported PBKDF

PBKDF	Status
Scrypt [RFC7914]	✅
Argon2id [RFC9106]	❌

Supported ECC Curves and Hash, KDF, and MAC Algorithms

G	Hash	KDF	MAC	Status
P-256	SHA256	HKDF-SHA256	HMAC-SHA256	✅
P-256	SHA512	HKDF-SHA512	HMAC-SHA512	✅
P-384	SHA256	HKDF-SHA256	HMAC-SHA256	❌
P-384	SHA512	HKDF-SHA512	HMAC-SHA512	❌
P-521	SHA512	HKDF-SHA512	HMAC-SHA512	❌
edwards25519	SHA256	HKDF-SHA256	HMAC-SHA256	❌
edwards448	SHA512	HKDF-SHA512	HMAC-SHA512	❌
P-256	SHA256	HKDF-SHA256	CMAC-AES-128	✅
P-256	SHA512	HKDF-SHA512	CMAC-AES-128	✅

[RFC6234]: SHA256/512
[RFC5869]: HKDF-SHA256/SHA512
[RFC4493]: HMAC-SHA256/SHA512

Getting Started

Raspberry Pi OS

Install Dart/Flutter SDK.
Install libcrypto:
```
sudo apt-get install libssl-dev
```
Check the path to libcrypto.so.
Pass the library path into the Spake2plus class constructor.

macOS

Install Dart/Flutter SDK.
Install openssl via Homebrew or MacPorts:
```
brew install openssl@3 # Homebrew
```
Check the path to libcrypto.dylib.
Pass the library path into the Spake2plus class constructor.