How to call OpenSSL SRP APIs from Android app? -

-

i trying implement srp protocol server , client app in android. checked openssl supports srp protocol how can access openssl apis android app? jni way access openssl c apis? there samples can refer how build openssl android , call openssl srp apis through jni.

i trying implement srp protocol

i srp, too. sure use thomas wu's specification, or version 6 of ietf's specification.

openssl supports srp protocol how can access openssl apis android app? jni way access openssl c apis?

yes.

you might bouncy castle java implementation.

are there samples can refer how build openssl android...

see openssl , android on openssl wiki.

android carries around copy of openssl, i'm not sure of includes srp.

are there samples can refer ... call openssl srp apis through jni.

not aware. closest find source code s_client, options -srpuser <user>, , data structures srp_arg_st, , functions ssl_srp_verify_param_cb , ssl_give_srp_client_pwd_cb.

you can find source code s_client @ <openssl src dir>/apps/s_client.c. line 1365 looks interesting (from 1.0.2h):

# ifndef openssl_no_srp     if (srp_arg.srplogin) {         if (!srp_lateuser && !ssl_ctx_set_srp_username(ctx, srp_arg.srplogin)) {             bio_printf(bio_err, "unable set srp username\n");             goto end;         }         srp_arg.msg = c_msg;         srp_arg.debug = c_debug;         ssl_ctx_set_srp_cb_arg(ctx, &srp_arg);         ssl_ctx_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);         ssl_ctx_set_srp_strength(ctx, srp_arg.strength);         if (c_msg || c_debug || srp_arg.amp == 0)             ssl_ctx_set_srp_verify_param_callback(ctx,                                                   ssl_srp_verify_param_cb);     } # endif

and srp_arg_st around line 475:

/* context pass callbacks */ typedef struct srp_arg_st {     char *srppassin;     char *srplogin;     int msg;                    /* copy c_msg */     int debug;                  /* copy c_debug */     int amp;                    /* allow more groups */     int strength /* minimal size n */ ; } srp_arg;

obviously, openssl native c , not use jni.

how call openssl srp apis ...?

at highest levels, need 2 or 3 things in c. think of them supplement standard tls client openssl wiki. (i'm side stepping android/jni part).

first, need set ssl_ctx_set_srp_*_callback. callbacks how library prompts tls client information username , password.

second, remove non-srp cipher suites. means do not use cipher list "high:!anull:!md5:!rc4".

third, use srp cipher suites. i'm not sure how cipher list when using "high:!anull:...". can hand pick list of ciphers with:

$ openssl ciphers -v | grep srp | grep -v dss | cut -f 1 -d ' ' srp-rsa-aes-256-cbc-sha srp-aes-256-cbc-sha srp-rsa-aes-128-cbc-sha srp-aes-128-cbc-sha srp-rsa-3des-ede-cbc-sha srp-3des-ede-cbc-sha

if go openssl ciphers man page, should able cross reference srp-rsa-aes-256-cbc-sha name needed in cipher list. unfortunately, srp cipher suites missing.

however, can go icann's tls paramter registry , names:

  • srp-rsa-aes-256-cbc-sha → tls_srp_sha_rsa_with_aes_256_cbc_sha
  • srp-aes-256-cbc-sha → tls_srp_sha_with_aes_256_cbc_sha
  • srp-rsa-aes-128-cbc-sha → tls_srp_sha_rsa_with_aes_128_cbc_sha
  • srp-aes-128-cbc-sha → tls_srp_sha_with_aes_128_cbc_sha
  • srp-rsa-3des-ede-cbc-sha → tls_srp_sha_rsa_with_3des_ede_cbc_sha
  • srp-3des-ede-cbc-sha → tls_srp_sha_with_3des_ede_cbc_sha

so string use ssl_ctx_set_cipher_list or ssl_set_cipher_list:

static const char const preferred_ciphers[] =    "tls_srp_sha_rsa_with_aes_256_cbc_sha:tls_srp_sha_with_aes_256_cbc_sha:     tls_srp_sha_rsa_with_aes_128_cbc_sha:tls_srp_sha_with_aes_128_cbc_sha:     tls_srp_sha_rsa_with_3des_ede_cbc_sha:tls_srp_sha_with_3des_ede_cbc_sha";

Comments

Post a Comment

Popular posts from this blog

Spring Boot + JPA + Hibernate: Unable to locate persister -

-
i trying work entity inside request method of spring boot application. entity in project , pom.xml has dependencies it. why error message?: org.hibernate.unknownentitytypeexception: unable locate persister: com.ric.bill.model.bs.par package com.ric.web; import java.util.concurrent.atomic.atomiclong; import javax.persistence.entitymanager; import javax.persistence.persistencecontext; import net.sf.ehcache.cachemanager; import net.sf.ehcache.management.cache; import net.sf.ehcache.management.cachestatistics; import org.hibernate.stat.statistics; import org.springframework.beans.factory.annotation.autowired; import org.springframework.boot.autoconfigure.domain.entityscan; import org.springframework.cache.annotation.enablecaching; import org.springframework.transaction.annotation.enabletransactionmanagement; import org.springframework.transaction.annotation.propagation; import org.springframework.transaction.annotation.transactional; import org.springframework.web.bind.annotati
Read more

go - Golang: panic: runtime error: invalid memory address or nil pointer dereference using bufio.Scanner -

-
i implementing go program uses bufio.scanner , bufio.writer have packaged code follows package main import ( "fmt" "player/command" "strings" ) func main() { //enter code here. read input stdin. print output stdout commands.scanner.scan() { //scan new line , send comand variable check command exist or not input := strings.split(strings.trim(commands.scanner.text(), " "), " ") command := input[0] if command == "" { fmt.printf("$ %s:", commands.pwd) continue } if !commands.commands[command] { commands.throwerror("cannot recognize input.") } else { commands.execute(command, input[1:], nil) } fmt.printf("$ %s:", commands.pwd) } } i using init.go file in main package follows package main import ( "flag" "player/sourc
Read more

c - double free or corruption (fasttop) -

-
this code reads null terminated string file (file containing null terminated strings & should provide index wanted string). error: *** error in `./main': double free or corruption (fasttop): 0x090a4a80 *** aborted code: char *tmp_realloc=null; char *sstring=null; int i=1; /*set file pointer point string*/ fseek(fh,index,seek_set); sstring=(char*)malloc(sizeof(char)); if(sstring == null) return null; tmp_realloc=sstring; while( (*(sstring+i-1)=(char)fgetc((file*)fh)) != 0x0 ) { /*reallocate more memory*/ tmp_realloc=(char*)realloc((char*)sstring,++i); /*if not same address copy old new & set old point new*/ if(tmp_realloc != sstring){ strcpy((char*)tmp_realloc,(char*)sstring); free(sstring); sstring=tmp_realloc; } } could tell me pointer causing issue (& reason) ? remove part /*if not same address copy old new & set old point new*/ if(tmp_realloc != sstring){ strc
Read more