SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSCSI: Authenticating with SRP



    Hi Julo,
    
    When authenticating with SRP, I'm not sure exactly which parameters are 
    required. In particular, the example in appendix C conflicts with section 
    11.1.3.
    
    Based on the example login transaction (Appendix C):
    
         I-> Login (CSG,NSG=0,1 T=1)
             InitiatorName=iqn.1999-07.com.os:hostid.77
             TargetName=iqn.1999-07.com.example:diskarray.sn.88
             AuthMethod=KRB5,SRP,None
    
         T-> Login-PR  (CSG,NSG=0,0 T=0)
             AuthMethod=SRP
    
         I-> Login (CSG,NSG=0,0 T=0)
             SRP_U=bob
             TargetAuth=Yes
    
         T-> Login (CSG,NSG=0,0 T=0)
             SRP_g=2
             SRP_s=0X12343456745ABCDS (well, lots o' hex digits)
             SRP_N=??????
    
    In 11.1.3, the suggested sequence is:
    
         I-> Login (CSG,NSG=0,1 T=1)
             InitiatorName=iqn.1999-07.com.os:hostid.77
             TargetName=iqn.1999-07.com.example:diskarray.sn.88
             AuthMethod=KRB5,SRP,None
    
         T-> Login-PR  (CSG,NSG=0,0 T=0)
             AuthMethod=SRP
    
         I-> Login (CSG,NSG=0,0 T=0)
             SRP_U=bob
             TargetAuth=Yes
    
         T-> Login (CSG,NSG=0,0 T=0)
             SRP_GROUP=SRP-768,SRP-1024,SRP-1280,SRP-1536,SRP-2048
             SRP_s=0X12343456745ABCDS (well, lots o' hex digits)
    
         I-> Login (CSG,NSG=0,0 T=0)
             SRP_A=0xABCDEF12345345354
             SRP_GROUP=SRP-1536
    
           ......
    
    
    I don't understand this sequence, and neither does the initiator we are 
    playing with! ;-)
    
    The first sequence doesn't negotiate the SRP_GROUP parameter, and the second 
    doesn't let the target provide a SRP_N or a SRP_g.
    
    Should the full sequence be (try 1):
    
         I-> Login (CSG,NSG=0,1 T=1)
             InitiatorName=iqn.1999-07.com.os:hostid.77
             TargetName=iqn.1999-07.com.example:diskarray.sn.88
             AuthMethod=KRB5,SRP,None
    
         T-> Login-PR  (CSG,NSG=0,0 T=0)
             AuthMethod=SRP
    
         I-> Login (CSG,NSG=0,0 T=0)
             SRP_U=bob
             TargetAuth=Yes
    
         T-> Login (CSG,NSG=0,0 T=0)
             SRP_GROUP=SRP-768,SRP-1024,SRP-1280,SRP-1536,SRP-2048
             SRP_s=0X12343456745ABCDS (well, lots o' hex digits)
    
         I-> Login (CSG,NSG=0,0 T=0)
             SRP_GROUP=SRP-1536
    
         T-> Login (CSG,NSG=0,0 T=0)
             SRP_g=2
             SRP_N=0XABCD123132523453 (as per SRP_GROUP)
    
         I-> Login (CSG,NSG=0,0 T=0)
             SRP_A=0xABCDEF12345345354
    
          .... and things proceed from here
    
    
    However, this introduces an extra step which may be collapsed (try 2):
    
         I-> Login (CSG,NSG=0,1 T=1)
             InitiatorName=iqn.1999-07.com.os:hostid.77
             TargetName=iqn.1999-07.com.example:diskarray.sn.88
             AuthMethod=KRB5,SRP,None
    
         T-> Login-PR  (CSG,NSG=0,0 T=0)
             AuthMethod=SRP
             SRP_GROUP=SRP-768,SRP-1024,SRP-1280,SRP-1536,SRP-2048
    
         I-> Login (CSG,NSG=0,0 T=0)
             SRP_GROUP=SRP-1536
             SRP_U=bob
             TargetAuth=Yes
    
         T-> Login (CSG,NSG=0,0 T=0)
             SRP_g=2
             SRP_s=0X12343456745ABCDS (well, lots o' hex digits)
             SRP_N=0XABCD123132523453 (as per SRP_GROUP)
    
         I-> Login (CSG,NSG=0,0 T=0)
             SRP_A=0xABCDEF12345345354
    
          .... and things proceed from here
    
    
    Does this look right? 
    
    Thanks,
    Ken
    
    
    
    
    
    Ken Sandars
    Eurologic Systems
    Howard House
    Queens Avenue
    Bristol
    United Kingdom
    -----------------------------
    Tel : +44 (0)117 9309616
    Fax : +44 (0)117 9309601
    -----------------------------
    


Home

Last updated: Fri Feb 07 10:19:11 2003
12295 messages in chronological order