1SRP_CREATE_VERIFIER(3ossl)          OpenSSL         SRP_CREATE_VERIFIER(3ossl)
2
3
4

NAME

6       SRP_create_verifier_ex, SRP_create_verifier, SRP_create_verifier_BN_ex,
7       SRP_create_verifier_BN, SRP_check_known_gN_param, SRP_get_default_gN -
8       SRP authentication primitives
9

SYNOPSIS

11        #include <openssl/srp.h>
12
13       The following functions have been deprecated since OpenSSL 3.0, and can
14       be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
15       version value, see openssl_user_macros(7):
16
17        int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt,
18                                      BIGNUM **verifier, const BIGNUM *N,
19                                      const BIGNUM *g, OSSL_LIB_CTX *libctx,
20                                      const char *propq);
21        char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
22                                     BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g);
23        char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt,
24                                     char **verifier, const char *N, const char *g,
25                                     OSSL_LIB_CTX *libctx, const char *propq);
26        char *SRP_create_verifier(const char *user, const char *pass, char **salt,
27                                  char **verifier, const char *N, const char *g);
28
29        char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
30        SRP_gN *SRP_get_default_gN(const char *id);
31

DESCRIPTION

33       All of the functions described on this page are deprecated. There are
34       no available replacement functions at this time.
35
36       The SRP_create_verifier_BN_ex() function creates an SRP password
37       verifier from the supplied parameters as defined in section 2.4 of RFC
38       5054 using the library context libctx and property query string propq.
39       Any cryptographic algorithms that need to be fetched will use the
40       libctx and propq. See "ALGORITHM FETCHING" in crypto(7).
41
42       SRP_create_verifier_BN() is the same as SRP_create_verifier_BN_ex()
43       except the default library context and property query string is used.
44
45       On successful exit *verifier will point to a newly allocated BIGNUM
46       containing the verifier and (if a salt was not provided) *salt will be
47       populated with a newly allocated BIGNUM containing a random salt. If
48       *salt is not NULL then the provided salt is used instead.  The caller
49       is responsible for freeing the allocated *salt and *verifier BIGNUMS
50       (use BN_free(3)).
51
52       The SRP_create_verifier() function is similar to
53       SRP_create_verifier_BN() but all numeric parameters are in a non-
54       standard base64 encoding originally designed for compatibility with
55       libsrp. This is mainly present for historical compatibility and its use
56       is discouraged.  It is possible to pass NULL as N and an SRP group id
57       as g instead to load the appropriate gN values (see
58       SRP_get_default_gN()).  If both N and g are NULL the 8192-bit SRP group
59       parameters are used.  The caller is responsible for freeing the
60       allocated *salt and *verifier (use OPENSSL_free(3)).
61
62       The SRP_check_known_gN_param() function checks that g and N are valid
63       SRP group parameters from RFC 5054 appendix A.
64
65       The SRP_get_default_gN() function returns the gN parameters for the RFC
66       5054 id SRP group size.  The known ids are "1024", "1536", "2048",
67       "3072", "4096", "6144" and "8192".
68

RETURN VALUES

70       SRP_create_verifier_BN_ex() and SRP_create_verifier_BN() return 1 on
71       success and 0 on failure.
72
73       SRP_create_verifier_ex() and SRP_create_verifier() return NULL on
74       failure and a non-NULL value on success: "*" if N is not NULL, the
75       selected group id otherwise. This value should not be freed.
76
77       SRP_check_known_gN_param() returns the text representation of the group
78       id (i.e. the prime bit size) or NULL if the arguments are not valid SRP
79       group parameters.  This value should not be freed.
80
81       SRP_get_default_gN() returns NULL if id is not a valid group size, or
82       the 8192-bit group parameters if id is NULL.
83

EXAMPLES

85       Generate and store a 8192 bit password verifier (error handling omitted
86       for clarity):
87
88        #include <openssl/bn.h>
89        #include <openssl/srp.h>
90
91        const char *username = "username";
92        const char *password = "password";
93
94        SRP_VBASE *srpData = SRP_VBASE_new(NULL);
95
96        SRP_gN *gN = SRP_get_default_gN("8192");
97
98        BIGNUM *salt = NULL, *verifier = NULL;
99        SRP_create_verifier_BN_ex(username, password, &salt, &verifier, gN->N, gN->g,
100                                  NULL, NULL);
101
102        SRP_user_pwd *pwd = SRP_user_pwd_new();
103        SRP_user_pwd_set1_ids(pwd, username, NULL);
104        SRP_user_pwd_set0_sv(pwd, salt, verifier);
105        SRP_user_pwd_set_gN(pwd, gN->g, gN->N);
106
107        SRP_VBASE_add0_user(srpData, pwd);
108

SEE ALSO

110       openssl-srp(1), SRP_VBASE_new(3), SRP_user_pwd_new(3)
111

HISTORY

113       SRP_create_verifier_BN_ex() and SRP_create_verifier_ex() were
114       introduced in OpenSSL 3.0. All other functions were added in OpenSSL
115       1.0.1.
116
117       All of these functions were deprecated in OpenSSL 3.0.
118
120       Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
121
122       Licensed under the Apache License 2.0 (the "License").  You may not use
123       this file except in compliance with the License.  You can obtain a copy
124       in the file LICENSE in the source distribution or at
125       <https://www.openssl.org/source/license.html>.
126
127
128
1293.1.1                             2023-08-31        SRP_CREATE_VERIFIER(3ossl)
Impressum