How to call OpenSSL SRP APIs from Android app? -
i trying implement srp protocol server , client app in android. checked openssl supports srp protocol how can access openssl apis android app? jni way access openssl c apis? there samples can refer how build openssl android , call openssl srp apis through jni.
i trying implement srp protocol
i srp, too. sure use thomas wu's specification, or version 6 of ietf's specification.
openssl supports srp protocol how can access openssl apis android app? jni way access openssl c apis?
yes.
you might bouncy castle java implementation.
are there samples can refer how build openssl android...
see openssl , android on openssl wiki.
android carries around copy of openssl, i'm not sure of includes srp.
are there samples can refer ... call openssl srp apis through jni.
not aware. closest find source code s_client
, options -srpuser <user>
, , data structures srp_arg_st
, , functions ssl_srp_verify_param_cb
, ssl_give_srp_client_pwd_cb
.
you can find source code s_client
@ <openssl src dir>/apps/s_client.c
. line 1365 looks interesting (from 1.0.2h):
# ifndef openssl_no_srp if (srp_arg.srplogin) { if (!srp_lateuser && !ssl_ctx_set_srp_username(ctx, srp_arg.srplogin)) { bio_printf(bio_err, "unable set srp username\n"); goto end; } srp_arg.msg = c_msg; srp_arg.debug = c_debug; ssl_ctx_set_srp_cb_arg(ctx, &srp_arg); ssl_ctx_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb); ssl_ctx_set_srp_strength(ctx, srp_arg.strength); if (c_msg || c_debug || srp_arg.amp == 0) ssl_ctx_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb); } # endif
and srp_arg_st
around line 475:
/* context pass callbacks */ typedef struct srp_arg_st { char *srppassin; char *srplogin; int msg; /* copy c_msg */ int debug; /* copy c_debug */ int amp; /* allow more groups */ int strength /* minimal size n */ ; } srp_arg;
obviously, openssl native c , not use jni.
how call openssl srp apis ...?
at highest levels, need 2 or 3 things in c. think of them supplement standard tls client openssl wiki. (i'm side stepping android/jni part).
first, need set ssl_ctx_set_srp_*_callback
. callbacks how library prompts tls client information username , password.
second, remove non-srp cipher suites. means do not use cipher list "high:!anull:!md5:!rc4"
.
third, use srp cipher suites. i'm not sure how cipher list when using "high:!anull:..."
. can hand pick list of ciphers with:
$ openssl ciphers -v | grep srp | grep -v dss | cut -f 1 -d ' ' srp-rsa-aes-256-cbc-sha srp-aes-256-cbc-sha srp-rsa-aes-128-cbc-sha srp-aes-128-cbc-sha srp-rsa-3des-ede-cbc-sha srp-3des-ede-cbc-sha
if go openssl ciphers
man page, should able cross reference srp-rsa-aes-256-cbc-sha
name needed in cipher list. unfortunately, srp cipher suites missing.
however, can go icann's tls paramter registry , names:
- srp-rsa-aes-256-cbc-sha → tls_srp_sha_rsa_with_aes_256_cbc_sha
- srp-aes-256-cbc-sha → tls_srp_sha_with_aes_256_cbc_sha
- srp-rsa-aes-128-cbc-sha → tls_srp_sha_rsa_with_aes_128_cbc_sha
- srp-aes-128-cbc-sha → tls_srp_sha_with_aes_128_cbc_sha
- srp-rsa-3des-ede-cbc-sha → tls_srp_sha_rsa_with_3des_ede_cbc_sha
- srp-3des-ede-cbc-sha → tls_srp_sha_with_3des_ede_cbc_sha
so string use ssl_ctx_set_cipher_list
or ssl_set_cipher_list
:
static const char const preferred_ciphers[] = "tls_srp_sha_rsa_with_aes_256_cbc_sha:tls_srp_sha_with_aes_256_cbc_sha: tls_srp_sha_rsa_with_aes_128_cbc_sha:tls_srp_sha_with_aes_128_cbc_sha: tls_srp_sha_rsa_with_3des_ede_cbc_sha:tls_srp_sha_with_3des_ede_cbc_sha";
Comments
Post a Comment