fc5ecaddd0
While stereotyped repetitions are frowned upon in literature, they serve a useful purpose in manual pages, because it is easier for the user to find certain information if it is always presented in the same way. For that reason, this commit harmonizes the varying formulations in the HISTORY section about which functions, flags, etc. were added in which OpenSSL version. It also attempts to make the pod files more grep friendly by avoiding to insert line breaks between the symbol names and the corresponding version number in which they were introduced (wherever possible). Some punctuation and typographical errors were fixed on the way. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7854)
110 lines
3.6 KiB
Text
110 lines
3.6 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
SRP_create_verifier,
|
|
SRP_create_verifier_BN,
|
|
SRP_check_known_gN_param,
|
|
SRP_get_default_gN
|
|
- SRP authentication primitives
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/srp.h>
|
|
|
|
char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
|
|
BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g);
|
|
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
|
|
char **verifier, const char *N, const char *g);
|
|
|
|
char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
|
|
SRP_gN *SRP_get_default_gN(const char *id);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The SRP_create_verifier_BN() function creates an SRP password verifier from
|
|
the supplied parameters as defined in section 2.4 of RFC 5054.
|
|
On successful exit B<*verifier> will point to a newly allocated BIGNUM containing
|
|
the verifier and (if a salt was not provided) B<*salt> will be populated with a
|
|
newly allocated BIGNUM containing a random salt. If B<*salt> is not NULL then
|
|
the provided salt is used instead.
|
|
The caller is responsible for freeing the allocated B<*salt> and B<*verifier>
|
|
BIGNUMS (use L<BN_free(3)>).
|
|
|
|
The SRP_create_verifier() function is similar to SRP_create_verifier_BN() but
|
|
all numeric parameters are in a non-standard base64 encoding originally designed
|
|
for compatibility with libsrp. This is mainly present for historical compatibility
|
|
and its use is discouraged.
|
|
It is possible to pass NULL as B<N> and an SRP group id as B<g> instead to
|
|
load the appropriate gN values (see SRP_get_default_gN()).
|
|
If both B<N> and B<g> are NULL the 8192-bit SRP group parameters are used.
|
|
The caller is responsible for freeing the allocated B<*salt> and B<*verifier>
|
|
(use L<OPENSSL_free(3)>).
|
|
|
|
The SRP_check_known_gN_param() function checks that B<g> and B<N> are valid
|
|
SRP group parameters from RFC 5054 appendix A.
|
|
|
|
The SRP_get_default_gN() function returns the gN parameters for the RFC 5054 B<id>
|
|
SRP group size.
|
|
The known ids are "1024", "1536", "2048", "3072", "4096", "6144" and "8192".
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
SRP_create_verifier_BN() returns 1 on success and 0 on failure.
|
|
|
|
SRP_create_verifier() returns NULL on failure and a non-NULL value on success:
|
|
"*" if B<N> is not NULL, the selected group id otherwise. This value should
|
|
not be freed.
|
|
|
|
SRP_check_known_gN_param() returns the text representation of the group id
|
|
(ie. the prime bit size) or NULL if the arguments are not valid SRP group parameters.
|
|
This value should not be freed.
|
|
|
|
SRP_get_default_gN() returns NULL if B<id> is not a valid group size,
|
|
or the 8192-bit group parameters if B<id> is NULL.
|
|
|
|
=head1 EXAMPLES
|
|
|
|
Generate and store a 8192 bit password verifier (error handling
|
|
omitted for clarity):
|
|
|
|
#include <openssl/bn.h>
|
|
#include <openssl/srp.h>
|
|
|
|
const char *username = "username";
|
|
const char *password = "password";
|
|
|
|
SRP_VBASE *srpData = SRP_VBASE_new(NULL);
|
|
|
|
SRP_gN *gN = SRP_get_default_gN("8192");
|
|
|
|
BIGNUM *salt = NULL, *verifier = NULL;
|
|
SRP_create_verifier_BN(username, password, &salt, &verifier, gN->N, gN->g);
|
|
|
|
SRP_user_pwd *pwd = SRP_user_pwd_new();
|
|
SRP_user_pwd_set1_ids(pwd, username, NULL);
|
|
SRP_user_pwd_set0_sv(pwd, salt, verifier);
|
|
SRP_user_pwd_set_gN(pwd, gN->g, gN->N);
|
|
|
|
SRP_VBASE_add0_user(srpData, pwd);
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<srp(1)>,
|
|
L<SRP_VBASE_new(3)>,
|
|
L<SRP_user_pwd_new(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
These functions were added in OpenSSL 1.0.1.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|