xref: /openssl/doc/man3/SRP_create_verifier.pod (revision 3dbf8243)
1=pod
2
3=head1 NAME
4
5SRP_create_verifier_ex,
6SRP_create_verifier,
7SRP_create_verifier_BN_ex,
8SRP_create_verifier_BN,
9SRP_check_known_gN_param,
10SRP_get_default_gN
11- SRP authentication primitives
12
13=head1 SYNOPSIS
14
15 #include <openssl/srp.h>
16
17The following functions have been deprecated since OpenSSL 3.0, and can be
18hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
19see L<openssl_user_macros(7)>:
20
21 int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt,
22                               BIGNUM **verifier, const BIGNUM *N,
23                               const BIGNUM *g, OSSL_LIB_CTX *libctx,
24                               const char *propq);
25 char *SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
26                              BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g);
27 char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt,
28                              char **verifier, const char *N, const char *g,
29                              OSSL_LIB_CTX *libctx, const char *propq);
30 char *SRP_create_verifier(const char *user, const char *pass, char **salt,
31                           char **verifier, const char *N, const char *g);
32
33 char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
34 SRP_gN *SRP_get_default_gN(const char *id);
35
36=head1 DESCRIPTION
37
38All of the functions described on this page are deprecated. There are no
39available replacement functions at this time.
40
41The SRP_create_verifier_BN_ex() function creates an SRP password verifier from
42the supplied parameters as defined in section 2.4 of RFC 5054 using the library
43context I<libctx> and property query string I<propq>. Any cryptographic
44algorithms that need to be fetched will use the I<libctx> and I<propq>. See
45L<crypto(7)/ALGORITHM FETCHING>.
46
47SRP_create_verifier_BN() is the same as SRP_create_verifier_BN_ex() except the
48default library context and property query string is used.
49
50On successful exit I<*verifier> will point to a newly allocated BIGNUM containing
51the verifier and (if a salt was not provided) I<*salt> will be populated with a
52newly allocated BIGNUM containing a random salt. If I<*salt> is not NULL then
53the provided salt is used instead.
54The caller is responsible for freeing the allocated I<*salt> and I<*verifier>
55BIGNUMS (use L<BN_free(3)>).
56
57The SRP_create_verifier() function is similar to SRP_create_verifier_BN() but
58all numeric parameters are in a non-standard base64 encoding originally designed
59for compatibility with libsrp. This is mainly present for historical compatibility
60and its use is discouraged.
61It is possible to pass NULL as I<N> and an SRP group id as I<g> instead to
62load the appropriate gN values (see SRP_get_default_gN()).
63If both I<N> and I<g> are NULL the 8192-bit SRP group parameters are used.
64The caller is responsible for freeing the allocated I<*salt> and I<*verifier>
65(use L<OPENSSL_free(3)>).
66
67The SRP_check_known_gN_param() function checks that I<g> and I<N> are valid
68SRP group parameters from RFC 5054 appendix A.
69
70The SRP_get_default_gN() function returns the gN parameters for the RFC 5054 I<id>
71SRP group size.
72The known ids are "1024", "1536", "2048", "3072", "4096", "6144" and "8192".
73
74=head1 RETURN VALUES
75
76SRP_create_verifier_BN_ex() and SRP_create_verifier_BN() return 1 on success and
770 on failure.
78
79SRP_create_verifier_ex() and SRP_create_verifier() return NULL on failure and a
80non-NULL value on success:
81"*" if I<N> is not NULL, the selected group id otherwise. This value should
82not be freed.
83
84SRP_check_known_gN_param() returns the text representation of the group id
85(i.e. the prime bit size) or NULL if the arguments are not valid SRP group parameters.
86This value should not be freed.
87
88SRP_get_default_gN() returns NULL if I<id> is not a valid group size,
89or the 8192-bit group parameters if I<id> is NULL.
90
91=head1 EXAMPLES
92
93Generate and store a 8192 bit password verifier (error handling
94omitted for clarity):
95
96 #include <openssl/bn.h>
97 #include <openssl/srp.h>
98
99 const char *username = "username";
100 const char *password = "password";
101
102 SRP_VBASE *srpData = SRP_VBASE_new(NULL);
103
104 SRP_gN *gN = SRP_get_default_gN("8192");
105
106 BIGNUM *salt = NULL, *verifier = NULL;
107 SRP_create_verifier_BN_ex(username, password, &salt, &verifier, gN->N, gN->g,
108                           NULL, NULL);
109
110 SRP_user_pwd *pwd = SRP_user_pwd_new();
111 SRP_user_pwd_set1_ids(pwd, username, NULL);
112 SRP_user_pwd_set0_sv(pwd, salt, verifier);
113 SRP_user_pwd_set_gN(pwd, gN->g, gN->N);
114
115 SRP_VBASE_add0_user(srpData, pwd);
116
117=head1 SEE ALSO
118
119L<openssl-srp(1)>,
120L<SRP_VBASE_new(3)>,
121L<SRP_user_pwd_new(3)>
122
123=head1 HISTORY
124
125SRP_create_verifier_BN_ex() and SRP_create_verifier_ex() were introduced in
126OpenSSL 3.0. All other functions were added in OpenSSL 1.0.1.
127
128All of these functions were deprecated in OpenSSL 3.0.
129
130=head1 COPYRIGHT
131
132Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
133
134Licensed under the Apache License 2.0 (the "License").  You may not use
135this file except in compliance with the License.  You can obtain a copy
136in the file LICENSE in the source distribution or at
137L<https://www.openssl.org/source/license.html>.
138
139=cut
140