1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncherySRP_create_verifier_ex, 6*b077aed3SPierre ProncherySRP_create_verifier, 7*b077aed3SPierre ProncherySRP_create_verifier_BN_ex, 8*b077aed3SPierre ProncherySRP_create_verifier_BN, 9*b077aed3SPierre ProncherySRP_check_known_gN_param, 10*b077aed3SPierre ProncherySRP_get_default_gN 11*b077aed3SPierre Pronchery- SRP authentication primitives 12*b077aed3SPierre Pronchery 13*b077aed3SPierre Pronchery=head1 SYNOPSIS 14*b077aed3SPierre Pronchery 15*b077aed3SPierre Pronchery #include <openssl/srp.h> 16*b077aed3SPierre Pronchery 17*b077aed3SPierre ProncheryThe following functions have been deprecated since OpenSSL 3.0, and can be 18*b077aed3SPierre Proncheryhidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 19*b077aed3SPierre Proncherysee L<openssl_user_macros(7)>: 20*b077aed3SPierre Pronchery 21*b077aed3SPierre Pronchery int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, 22*b077aed3SPierre Pronchery BIGNUM **verifier, const BIGNUM *N, 23*b077aed3SPierre Pronchery const BIGNUM *g, OSSL_LIB_CTX *libctx, 24*b077aed3SPierre Pronchery const char *propq); 25*b077aed3SPierre Pronchery char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, 26*b077aed3SPierre Pronchery BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g); 27*b077aed3SPierre Pronchery char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, 28*b077aed3SPierre Pronchery char **verifier, const char *N, const char *g, 29*b077aed3SPierre Pronchery OSSL_LIB_CTX *libctx, const char *propq); 30*b077aed3SPierre Pronchery char *SRP_create_verifier(const char *user, const char *pass, char **salt, 31*b077aed3SPierre Pronchery char **verifier, const char *N, const char *g); 32*b077aed3SPierre Pronchery 33*b077aed3SPierre Pronchery char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); 34*b077aed3SPierre Pronchery SRP_gN *SRP_get_default_gN(const char *id); 35*b077aed3SPierre Pronchery 36*b077aed3SPierre Pronchery=head1 DESCRIPTION 37*b077aed3SPierre Pronchery 38*b077aed3SPierre ProncheryAll of the functions described on this page are deprecated. There are no 39*b077aed3SPierre Proncheryavailable replacement functions at this time. 40*b077aed3SPierre Pronchery 41*b077aed3SPierre ProncheryThe SRP_create_verifier_BN_ex() function creates an SRP password verifier from 42*b077aed3SPierre Proncherythe supplied parameters as defined in section 2.4 of RFC 5054 using the library 43*b077aed3SPierre Proncherycontext I<libctx> and property query string I<propq>. Any cryptographic 44*b077aed3SPierre Proncheryalgorithms that need to be fetched will use the I<libctx> and I<propq>. See 45*b077aed3SPierre ProncheryL<crypto(7)/ALGORITHM FETCHING>. 46*b077aed3SPierre Pronchery 47*b077aed3SPierre ProncherySRP_create_verifier_BN() is the same as SRP_create_verifier_BN_ex() except the 48*b077aed3SPierre Proncherydefault library context and property query string is used. 49*b077aed3SPierre Pronchery 50*b077aed3SPierre ProncheryOn successful exit I<*verifier> will point to a newly allocated BIGNUM containing 51*b077aed3SPierre Proncherythe verifier and (if a salt was not provided) I<*salt> will be populated with a 52*b077aed3SPierre Proncherynewly allocated BIGNUM containing a random salt. If I<*salt> is not NULL then 53*b077aed3SPierre Proncherythe provided salt is used instead. 54*b077aed3SPierre ProncheryThe caller is responsible for freeing the allocated I<*salt> and I<*verifier> 55*b077aed3SPierre ProncheryBIGNUMS (use L<BN_free(3)>). 56*b077aed3SPierre Pronchery 57*b077aed3SPierre ProncheryThe SRP_create_verifier() function is similar to SRP_create_verifier_BN() but 58*b077aed3SPierre Proncheryall numeric parameters are in a non-standard base64 encoding originally designed 59*b077aed3SPierre Proncheryfor compatibility with libsrp. This is mainly present for historical compatibility 60*b077aed3SPierre Proncheryand its use is discouraged. 61*b077aed3SPierre ProncheryIt is possible to pass NULL as I<N> and an SRP group id as I<g> instead to 62*b077aed3SPierre Proncheryload the appropriate gN values (see SRP_get_default_gN()). 63*b077aed3SPierre ProncheryIf both I<N> and I<g> are NULL the 8192-bit SRP group parameters are used. 64*b077aed3SPierre ProncheryThe caller is responsible for freeing the allocated I<*salt> and I<*verifier> 65*b077aed3SPierre Pronchery(use L<OPENSSL_free(3)>). 66*b077aed3SPierre Pronchery 67*b077aed3SPierre ProncheryThe SRP_check_known_gN_param() function checks that I<g> and I<N> are valid 68*b077aed3SPierre ProncherySRP group parameters from RFC 5054 appendix A. 69*b077aed3SPierre Pronchery 70*b077aed3SPierre ProncheryThe SRP_get_default_gN() function returns the gN parameters for the RFC 5054 I<id> 71*b077aed3SPierre ProncherySRP group size. 72*b077aed3SPierre ProncheryThe known ids are "1024", "1536", "2048", "3072", "4096", "6144" and "8192". 73*b077aed3SPierre Pronchery 74*b077aed3SPierre Pronchery=head1 RETURN VALUES 75*b077aed3SPierre Pronchery 76*b077aed3SPierre ProncherySRP_create_verifier_BN_ex() and SRP_create_verifier_BN() return 1 on success and 77*b077aed3SPierre Pronchery0 on failure. 78*b077aed3SPierre Pronchery 79*b077aed3SPierre ProncherySRP_create_verifier_ex() and SRP_create_verifier() return NULL on failure and a 80*b077aed3SPierre Proncherynon-NULL value on success: 81*b077aed3SPierre Pronchery"*" if I<N> is not NULL, the selected group id otherwise. This value should 82*b077aed3SPierre Proncherynot be freed. 83*b077aed3SPierre Pronchery 84*b077aed3SPierre ProncherySRP_check_known_gN_param() returns the text representation of the group id 85*b077aed3SPierre Pronchery(i.e. the prime bit size) or NULL if the arguments are not valid SRP group parameters. 86*b077aed3SPierre ProncheryThis value should not be freed. 87*b077aed3SPierre Pronchery 88*b077aed3SPierre ProncherySRP_get_default_gN() returns NULL if I<id> is not a valid group size, 89*b077aed3SPierre Proncheryor the 8192-bit group parameters if I<id> is NULL. 90*b077aed3SPierre Pronchery 91*b077aed3SPierre Pronchery=head1 EXAMPLES 92*b077aed3SPierre Pronchery 93*b077aed3SPierre ProncheryGenerate and store a 8192 bit password verifier (error handling 94*b077aed3SPierre Proncheryomitted for clarity): 95*b077aed3SPierre Pronchery 96*b077aed3SPierre Pronchery #include <openssl/bn.h> 97*b077aed3SPierre Pronchery #include <openssl/srp.h> 98*b077aed3SPierre Pronchery 99*b077aed3SPierre Pronchery const char *username = "username"; 100*b077aed3SPierre Pronchery const char *password = "password"; 101*b077aed3SPierre Pronchery 102*b077aed3SPierre Pronchery SRP_VBASE *srpData = SRP_VBASE_new(NULL); 103*b077aed3SPierre Pronchery 104*b077aed3SPierre Pronchery SRP_gN *gN = SRP_get_default_gN("8192"); 105*b077aed3SPierre Pronchery 106*b077aed3SPierre Pronchery BIGNUM *salt = NULL, *verifier = NULL; 107*b077aed3SPierre Pronchery SRP_create_verifier_BN_ex(username, password, &salt, &verifier, gN->N, gN->g, 108*b077aed3SPierre Pronchery NULL, NULL); 109*b077aed3SPierre Pronchery 110*b077aed3SPierre Pronchery SRP_user_pwd *pwd = SRP_user_pwd_new(); 111*b077aed3SPierre Pronchery SRP_user_pwd_set1_ids(pwd, username, NULL); 112*b077aed3SPierre Pronchery SRP_user_pwd_set0_sv(pwd, salt, verifier); 113*b077aed3SPierre Pronchery SRP_user_pwd_set_gN(pwd, gN->g, gN->N); 114*b077aed3SPierre Pronchery 115*b077aed3SPierre Pronchery SRP_VBASE_add0_user(srpData, pwd); 116*b077aed3SPierre Pronchery 117*b077aed3SPierre Pronchery=head1 SEE ALSO 118*b077aed3SPierre Pronchery 119*b077aed3SPierre ProncheryL<openssl-srp(1)>, 120*b077aed3SPierre ProncheryL<SRP_VBASE_new(3)>, 121*b077aed3SPierre ProncheryL<SRP_user_pwd_new(3)> 122*b077aed3SPierre Pronchery 123*b077aed3SPierre Pronchery=head1 HISTORY 124*b077aed3SPierre Pronchery 125*b077aed3SPierre ProncherySRP_create_verifier_BN_ex() and SRP_create_verifier_ex() were introduced in 126*b077aed3SPierre ProncheryOpenSSL 3.0. All other functions were added in OpenSSL 1.0.1. 127*b077aed3SPierre Pronchery 128*b077aed3SPierre ProncheryAll of these functions were deprecated in OpenSSL 3.0. 129*b077aed3SPierre Pronchery 130*b077aed3SPierre Pronchery=head1 COPYRIGHT 131*b077aed3SPierre Pronchery 132*b077aed3SPierre ProncheryCopyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. 133*b077aed3SPierre Pronchery 134*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 135*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 136*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 137*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 138*b077aed3SPierre Pronchery 139*b077aed3SPierre Pronchery=cut 140