1 (edited by sungyun 2015-08-13 23:38:15)

Topic: [SOLVED] Some questions for SRP(Secure Remote Protocol)

Hello

I have some questions for SRP of wolfssl.

1st question

How I can build the srp feature in master version ?
1.    #> git clone https://github.com/wolfSSL/wolfssl.git
2.    #> ./configure --enable-srp
3.    #> bash: ./configure: No such file or directory

I can’t find configure  in source code folder.

2nd question
Do you have SRP client / server sample code ?
I can find a just single side sample.

3rd question

How to share a SRP structure between server and client?
In case opensssl, srp_ctx is a part of SSL structure, so user can access srp information like username and etc in both(client/server) side.

I marked my questions in below sample source.

https://github.com/wolfSSL/wolfssl/blob … est/test.c


Int srp_test(void)
    {
        Srp cli, srv;
        int r;
   

        byte clientPubKey[80]; /* A */
        byte serverPubKey[80]; /* B */
        word32 clientPubKeySz = 80;
        word32 serverPubKeySz = 80;
        byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
        byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
        word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
        word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
   

        byte username[] = "user";
        word32 usernameSz = 4;
   

        byte password[] = "password";
        word32 passwordSz = 8;
    ………………………………………………………………
   
        /* client knows username and password.   */
        /* server knows N, g, salt and verifier. */
   

                r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
        if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz);
   

        /* client sends username to server */ sad  sad  How to send username ?
   

        if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE);
        if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz);
        if (!r) r = wc_SrpSetParams(&srv, N,    sizeof(N),
                                          g,    sizeof(g),
                                          salt, sizeof(salt));
        if (!r) r = wc_SrpSetVerifier(&srv, verifier, sizeof(verifier));
        if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz);
   

        /* server sends N, g, salt and B to client */ sad  sad  How to send N ?
   

        if (!r) r = wc_SrpSetParams(&cli, N,    sizeof(N),
                                          g,    sizeof(g),
                                          salt, sizeof(salt));
        if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz);
        if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz);
        if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
                                           serverPubKey, serverPubKeySz);
        if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz);
   

        /* client sends A and M1 to server */ sad  sad  How to send A and M1 ?
   

        if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
                                           serverPubKey, serverPubKeySz);
        if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz);
        if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz);
   

        /* server sends M2 to client */  How to send M2 ?
   

        if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz);
   

        wc_SrpTerm(&cli);
        wc_SrpTerm(&srv);
   

        return r;
    }


4th question.
What function can I use instead of the SSL_CTX_set_srp_username_callback of OpenSSL?
SSL_CTX_set_srp_username_callback is a very important to know valid timing.

Regards
Sunyun

Share

Re: [SOLVED] Some questions for SRP(Secure Remote Protocol)

Hi Sungyun,

sungyun wrote:

How I can build the srp feature in master version ?

First, you'll need to call ./autogen.sh when using our source code directly from github, it will generate the configure and makefile files for you.

sungyun wrote:

Do you have SRP client / server sample code ?

Our implementation of SRP only computes the values, it doesn't handles communication. Each protocol or software that uses SRP have it's own way to exchange the SRP values over the network.

In order to better answer your other questions, could you explain to me how are you trying to use SRP? You should also notice that our implementation of SRP is a part of wolfCrypt and hasn't been integrated to our SSL/TLS implementation (wolfSSL) yet.

Best regards,
Moisés

[ ]'s
Moisés

Share

Re: [SOLVED] Some questions for SRP(Secure Remote Protocol)

Hi sungyun,

What functionality were you looking for in your project. What is the overall goal of your project? Perhaps with a little better understanding we may better support your efforts.

Kind Regards,

Kaleb

Re: [SOLVED] Some questions for SRP(Secure Remote Protocol)

Thank you moises.guimaraes. smile
I understood current status for SRP feature.
I will use another key exchange method instead of SRP.

Share