diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-12-02 07:37:01 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-12-02 07:37:01 +0000 |
commit | 7aa6bc8b911018b7cedd6fe0aee24fbf2931b639 (patch) | |
tree | 4a5dc620bb3ae5f4754f235aec63f2c5e1b13a79 | |
parent | 7d440c82b062619d7923820166e9257d80cd91fe (diff) | |
download | gnutls-7aa6bc8b911018b7cedd6fe0aee24fbf2931b639.tar.gz |
some updates on srp documentation.
-rw-r--r-- | doc/tex/auth.tex | 47 | ||||
-rw-r--r-- | includes/gnutls/extra.h | 2 | ||||
-rw-r--r-- | libextra/gnutls_srp.c | 4 |
3 files changed, 4 insertions, 49 deletions
diff --git a/doc/tex/auth.tex b/doc/tex/auth.tex index 91bd76d520..b2588938b3 100644 --- a/doc/tex/auth.tex +++ b/doc/tex/auth.tex @@ -70,49 +70,4 @@ ANON\_DH & This algorithm exchanges Diffie Hellman parameters. \end{figure} -\section{Authentication using SRP\index{SRP authentication}} -Authentication using the SRP\footnote{SRP stands for Secure Password Protocol and -is described in RFC2945. The SRP key exchange is not a part of the \tlsI{} protocol} -is actually password authentication, since the two peers are identified by the knowledge of a password. -This protocol also offers protection against off-line attacks, such as password -file stealing. -This is achieved since SRP does not use the plain password to perform authentication, but something called a -verifier. The verifier is $g^{x}mod(n)$ and $x$ is a value calculated -from the user name and the password. -\par SRP is normally used with a SHA based hash function, to calculate -the value of $x$. -\par The advantage of SRP authentication, over other proposed secure password -authentication schemas, is that SRP does not require the server to hold -the user's password. This kind of protection is similar to the one used traditionally -in the \emph{UNIX} ``passwd'' file, where the contents of this file did not cause -harm to the system security if they were revealed. -\par -The implementation in \gnutls{} is based on paper \cite{TLSSRP}. -Available key exchange methods are shown in \hyperref{figure}{figure }{}{fig:srp}. - -\begin{figure}[hbtp] -\begin{tabular}{|l|p{9cm}|} - -\hline -SRP & Authentication using the SRP protocol. -\\ -\hline -SRP\_DSS & Client authentication using the SRP protocol. Server is -authenticated using a certificate with DSA parameters. -\\ -\hline -SRP\_RSA & Client authentication using the SRP protocol. Server is -authenticated using a certificate with RSA parameters. -\\ -\hline -\end{tabular} - -\caption{Supported SRP key exchange algorithms} -\label{fig:srp} - -\end{figure} - -\gnutls{} includes a program to manipulate the required parameters for SRP -authentication. See section \ref{srpcrypt} on page \pageref{srpcrypt} for -more information. - +\input{srp} diff --git a/includes/gnutls/extra.h b/includes/gnutls/extra.h index 10dc614558..6f269b9f46 100644 --- a/includes/gnutls/extra.h +++ b/includes/gnutls/extra.h @@ -57,7 +57,7 @@ typedef int gnutls_srp_server_credentials_function( gnutls_datum* prime ); -void gnutls_srp_server_set_credentials_function( +void gnutls_srp_set_server_credentials_function( gnutls_srp_server_credentials, gnutls_srp_server_credentials_function *); diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index f56ee914f1..1656e34666 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -503,7 +503,7 @@ void gnutls_srp_server_set_select_function(gnutls_session session, } /** - * gnutls_srp_server_set_credentials_function - Used to set a callback to retrieve the user's SRP credentials + * gnutls_srp_set_server_credentials_function - Used to set a callback to retrieve the user's SRP credentials * @cred: is a &gnutls_srp_server_credentials structure. * @func: is the callback function * @@ -525,7 +525,7 @@ void gnutls_srp_server_set_select_function(gnutls_session session, * -1 indicates an error. * **/ -void gnutls_srp_server_set_credentials_function( +void gnutls_srp_set_server_credentials_function( gnutls_srp_server_credentials cred, gnutls_srp_server_credentials_function * func) { |