GnuTLS supports authentication via the Secure Remote Password or SRP protocol (see [RFC2945,TOMSRP] for a description). The SRP key exchange is an extension to the TLS protocol, and it provides an authenticated with a password key exchange. The peers can be identified using a single password, or there can be combinations where the client is authenticated using SRP and the server using a certificate.
The advantage of SRP authentication, over other proposed secure password authentication schemes, is that SRP is not susceptible to off-line dictionary attacks. Moreover, SRP does not require the server to hold the user’s password. This kind of protection is similar to the one used traditionally in the UNIX /etc/passwd file, where the contents of this file did not cause harm to the system security if they were revealed. The SRP needs instead of the plain password something called a verifier, which is calculated using the user’s password, and if stolen cannot be used to impersonate the user.
Typical conventions in SRP are a password file, called tpasswd that holds the SRP verifiers (encoded passwords) and another file, tpasswd.conf, which holds the allowed SRP parameters. The included in GnuTLS helper follow those conventions. The srptool program, discussed in the next section is a tool to manipulate the SRP parameters.
The implementation in GnuTLS is based on [TLSSRP]. The supported key exchange methods are shown below.
Authentication using the SRP protocol.
Client authentication using the SRP protocol. Server is authenticated using a certificate with DSA parameters.
Client authentication using the SRP protocol. Server is authenticated using a certificate with RSA parameters.
username: is the user’s name
password: is the user’s password
salt: should be some randomly generated bytes
generator: is the generator of the group
prime: is the group’s prime
res: where the verifier will be stored.
This function will create an SRP verifier, as specified in
generator should be one of the static
parameters defined in gnutls/gnutls.h or may be generated.
The verifier will be allocated with
gnutls_malloc () and will be stored in
res using binary format.
Returns: On success,
GNUTLS_E_SUCCESS (0) is returned, or an
int gnutls_srp_base64_encode2 (const gnutls_datum_t * data, gnutls_datum_t * result)
int gnutls_srp_base64_decode2 (const gnutls_datum_t * b64_data, gnutls_datum_t * result)