A C++ implementation of the SPAKE2 password-authenticated key exchange protocol based on RFC 9382.
SPAKE2 is a secure, password-authenticated key exchange protocol that allows two parties to establish a shared secret key based on a low-entropy password without revealing the password to an eavesdropper. This implementation provides both client and server components for the SPAKE2 protocol using modern C++ and OpenSSL cryptographic primitives.
- RFC 9382 Compliant: Implements the SPAKE2 protocol as specified in RFC 9382
- Full Test Vector Validation: Tested against all official RFC 9382 test vectors with 100% compliance
- Complete Protocol Flow: Supports the entire SPAKE2 handshake including mutual authentication and key confirmation
- P-256 Elliptic Curve: Uses NIST P-256 elliptic curve cryptography
- OpenSSL Integration: Built on OpenSSL for robust cryptographic operations
- Debug Interface: Includes deterministic testing capabilities for validation against RFC test vectors
Before building, ensure you have the following dependencies installed:
sudo apt-get update
sudo apt-get install -y build-essential libssl-dev pkg-configsudo yum install -y gcc-c++ openssl-devel pkgconfig
# or for newer versions:
sudo dnf install -y gcc-c++ openssl-devel pkgconfig# Using Homebrew
brew install openssl pkg-config
# You may need to set PKG_CONFIG_PATH
export PKG_CONFIG_PATH="/opt/homebrew/lib/pkgconfig:$PKG_CONFIG_PATH"- GCC 7+ or Clang 7+: For C++17 support
- OpenSSL 1.1.1+: For cryptographic operations
- pkg-config: For build configuration
Compile and run the basic SPAKE2 example:
g++ -std=c++17 $(pkg-config --cflags openssl) -I. -o example example.cpp spake2/*.cpp $(pkg-config --libs openssl)
./exampleCompile and run the complete RFC 9382 test vector validation:
g++ -std=c++17 $(pkg-config --cflags openssl) -I. -o rfc_vectors_test rfc_vectors_test.cpp lib_rfc/*.cpp $(pkg-config --libs openssl)
./rfc_vectors_test