107 const char *shadow_pass);
109 char **
output,
int *outputlen,
110 const char **logdetail);
180 int *
iterations,
int *key_length,
char **salt,
210 if (
port->ssl_in_use)
255 state->channel_binding_in_use =
true;
259 state->channel_binding_in_use =
false;
262 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
263 errmsg(
"client selected an invalid SASL authentication mechanism")));
287 (
errmsg(
"invalid SCRAM secret for user \"%s\"",
288 state->port->user_name)));
298 state->logdetail =
psprintf(
_(
"User \"%s\" does not have a valid SCRAM secret."),
299 state->port->user_name);
325 state->doomed =
true;
349 char **
output,
int *outputlen,
const char **logdetail)
377 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
378 errmsg(
"malformed SCRAM message"),
380 if (inputlen != strlen(
input))
382 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
383 errmsg(
"malformed SCRAM message"),
384 errdetail(
"Message length does not match input length.")));
386 switch (
state->state)
415 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
416 errmsg(
"invalid SCRAM response"),
453 elog(
ERROR,
"invalid SCRAM exchange state");
458 *logdetail =
state->logdetail;
461 *outputlen = strlen(*
output);
478 const char *errstr = NULL;
487 password = (
const char *) prep_password;
492 (
errcode(ERRCODE_INTERNAL_ERROR),
493 errmsg(
"could not generate random salt")));
501 pfree(prep_password);
527 const char *errstr = NULL;
530 &encoded_salt, stored_key, server_key))
542 saltlen =
pg_b64_decode(encoded_salt, strlen(encoded_salt), salt,
559 salted_password, &errstr) < 0 ||
561 computed_key, &errstr) < 0)
563 elog(
ERROR,
"could not compute server key: %s", errstr);
567 pfree(prep_password);
573 return memcmp(computed_key, server_key, key_length) == 0;
591 char **salt,
uint8 *stored_key,
uint8 *server_key)
597 char *iterations_str;
601 char *decoded_salt_buf;
602 char *decoded_stored_buf;
603 char *decoded_server_buf;
611 if ((scheme_str = strtok(v,
"$")) == NULL)
613 if ((iterations_str = strtok(NULL,
":")) == NULL)
615 if ((salt_str = strtok(NULL,
"$")) == NULL)
617 if ((storedkey_str = strtok(NULL,
":")) == NULL)
619 if ((serverkey_str = strtok(NULL,
"")) == NULL)
623 if (strcmp(scheme_str,
"SCRAM-SHA-256") != 0)
630 if (*p || errno != 0)
638 decoded_salt_buf =
palloc(decoded_len);
640 decoded_salt_buf, decoded_len);
649 decoded_stored_buf =
palloc(decoded_len);
650 decoded_len =
pg_b64_decode(storedkey_str, strlen(storedkey_str),
651 decoded_stored_buf, decoded_len);
652 if (decoded_len != *key_length)
654 memcpy(stored_key, decoded_stored_buf, *key_length);
657 decoded_server_buf =
palloc(decoded_len);
658 decoded_len =
pg_b64_decode(serverkey_str, strlen(serverkey_str),
659 decoded_server_buf, decoded_len);
660 if (decoded_len != *key_length)
662 memcpy(server_key, decoded_server_buf, *key_length);
684 int *
iterations,
int *key_length,
char **salt,
704 if (raw_salt == NULL)
709 encoded_salt = (
char *)
palloc(encoded_len + 1);
715 encoded_salt[encoded_len] =
'\0';
717 *salt = encoded_salt;
731 char *begin = *
input;
736 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
737 errmsg(
"malformed SCRAM message"),
738 errdetail(
"Expected attribute \"%c\" but found \"%s\".",
744 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
745 errmsg(
"malformed SCRAM message"),
746 errdetail(
"Expected character \"=\" for attribute \"%c\".", attr)));
750 while (*end && *end !=
',')
778 if (*p < 0x21 || *p > 0x7E || *p == 0x2C )
797 if (
c >= 0x21 &&
c <= 0x7E)
815 static char buf[30 + 1];
818 for (
i = 0;
i <
sizeof(
buf) - 1;
i++)
825 if (
c >= 0x21 &&
c <= 0x7E)
843 char *begin = *
input;
849 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
850 errmsg(
"malformed SCRAM message"),
851 errdetail(
"Attribute expected, but found end of string.")));
859 if (!((attr >=
'A' && attr <=
'Z') ||
860 (attr >=
'a' && attr <=
'z')))
862 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
863 errmsg(
"malformed SCRAM message"),
864 errdetail(
"Attribute expected, but found invalid character \"%s\".",
872 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
873 errmsg(
"malformed SCRAM message"),
874 errdetail(
"Expected character \"=\" for attribute \"%c\".", attr)));
878 while (*end && *end !=
',')
902 char *channel_binding_type;
969 state->cbind_flag = *p;
978 if (
state->channel_binding_in_use)
980 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
981 errmsg(
"malformed SCRAM message"),
982 errdetail(
"The client selected SCRAM-SHA-256-PLUS, but the SCRAM message does not include channel binding data.")));
987 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
988 errmsg(
"malformed SCRAM message"),
989 errdetail(
"Comma expected, but found character \"%s\".",
1000 if (
state->channel_binding_in_use)
1002 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1003 errmsg(
"malformed SCRAM message"),
1004 errdetail(
"The client selected SCRAM-SHA-256-PLUS, but the SCRAM message does not include channel binding data.")));
1007 if (
state->port->ssl_in_use)
1009 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1010 errmsg(
"SCRAM channel binding negotiation error"),
1011 errdetail(
"The client supports SCRAM channel binding but thinks the server does not. "
1012 "However, this server does support channel binding.")));
1017 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1018 errmsg(
"malformed SCRAM message"),
1019 errdetail(
"Comma expected, but found character \"%s\".",
1029 if (!
state->channel_binding_in_use)
1031 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1032 errmsg(
"malformed SCRAM message"),
1033 errdetail(
"The client selected SCRAM-SHA-256 without channel binding, but the SCRAM message includes channel binding data.")));
1041 if (strcmp(channel_binding_type,
"tls-server-end-point") != 0)
1043 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1044 errmsg(
"unsupported SCRAM channel-binding type \"%s\"",
1049 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1050 errmsg(
"malformed SCRAM message"),
1051 errdetail(
"Unexpected channel-binding flag \"%s\".",
1060 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1061 errmsg(
"client uses authorization identity, but it is not supported")));
1064 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1065 errmsg(
"malformed SCRAM message"),
1066 errdetail(
"Unexpected attribute \"%s\" in client-first-message.",
1081 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1082 errmsg(
"client requires an unsupported SCRAM extension")));
1095 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1096 errmsg(
"non-printable characters in SCRAM nonce")));
1115 int client_nonce_len = strlen(
state->client_nonce);
1116 int server_nonce_len = strlen(
state->server_nonce);
1117 int final_nonce_len = strlen(
state->client_final_nonce);
1119 if (final_nonce_len != client_nonce_len + server_nonce_len)
1121 if (memcmp(
state->client_final_nonce,
state->client_nonce, client_nonce_len) != 0)
1123 if (memcmp(
state->client_final_nonce + client_nonce_len,
state->server_nonce, server_nonce_len) != 0)
1142 const char *errstr = NULL;
1152 strlen(
state->client_first_message_bare)) < 0 ||
1156 strlen(
state->server_first_message)) < 0 ||
1159 (
uint8 *)
state->client_final_message_without_proof,
1160 strlen(
state->client_final_message_without_proof)) < 0 ||
1163 elog(
ERROR,
"could not calculate client signature: %s",
1170 for (
i = 0;
i <
state->key_length;
i++)
1171 ClientKey[
i] =
state->ClientProof[
i] ^ ClientSignature[
i];
1175 client_StoredKey, &errstr) < 0)
1176 elog(
ERROR,
"could not hash stored key: %s", errstr);
1178 if (memcmp(client_StoredKey,
state->StoredKey,
state->key_length) != 0)
1226 (
errcode(ERRCODE_INTERNAL_ERROR),
1227 errmsg(
"could not generate random nonce")));
1233 state->server_nonce, encoded_len);
1234 if (encoded_len < 0)
1236 (
errcode(ERRCODE_INTERNAL_ERROR),
1237 errmsg(
"could not encode random nonce")));
1238 state->server_nonce[encoded_len] =
'\0';
1240 state->server_first_message =
1256 char *channel_binding;
1262 int client_proof_len;
1300 if (
state->channel_binding_in_use)
1303 const char *cbind_data = NULL;
1304 size_t cbind_data_len = 0;
1305 size_t cbind_header_len;
1307 size_t cbind_input_len;
1309 int b64_message_len;
1318 if (cbind_data == NULL || cbind_data_len == 0)
1319 elog(
ERROR,
"could not get server certificate hash");
1321 cbind_header_len = strlen(
"p=tls-server-end-point,,");
1322 cbind_input_len = cbind_header_len + cbind_data_len;
1323 cbind_input =
palloc(cbind_input_len);
1324 snprintf(cbind_input, cbind_input_len,
"p=tls-server-end-point,,");
1325 memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len);
1329 b64_message =
palloc(b64_message_len + 1);
1330 b64_message_len =
pg_b64_encode(cbind_input, cbind_input_len,
1331 b64_message, b64_message_len);
1332 if (b64_message_len < 0)
1333 elog(
ERROR,
"could not encode channel binding data");
1334 b64_message[b64_message_len] =
'\0';
1340 if (strcmp(channel_binding, b64_message) != 0)
1342 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1343 errmsg(
"SCRAM channel binding check failed")));
1346 elog(
ERROR,
"channel binding not supported by this build");
1357 if (!(strcmp(channel_binding,
"biws") == 0 &&
state->cbind_flag ==
'n') &&
1358 !(strcmp(channel_binding,
"eSws") == 0 &&
state->cbind_flag ==
'y'))
1360 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1361 errmsg(
"unexpected SCRAM channel-binding attribute in client-final-message")));
1371 }
while (attr !=
'p');
1374 client_proof =
palloc(client_proof_len);
1376 client_proof_len) !=
state->key_length)
1378 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1379 errmsg(
"malformed SCRAM message"),
1380 errdetail(
"Malformed proof in client-final-message.")));
1381 memcpy(
state->ClientProof, client_proof,
state->key_length);
1382 pfree(client_proof);
1386 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1387 errmsg(
"malformed SCRAM message"),
1388 errdetail(
"Garbage found at the end of client-final-message.")));
1390 state->client_final_message_without_proof =
palloc(proof - begin + 1);
1391 memcpy(
state->client_final_message_without_proof,
input, proof - begin);
1392 state->client_final_message_without_proof[proof - begin] =
'\0';
1402 char *server_signature_base64;
1410 strlen(
state->client_first_message_bare)) < 0 ||
1414 strlen(
state->server_first_message)) < 0 ||
1417 (
uint8 *)
state->client_final_message_without_proof,
1418 strlen(
state->client_final_message_without_proof)) < 0 ||
1421 elog(
ERROR,
"could not calculate server signature: %s",
1429 server_signature_base64 =
palloc(siglen + 1);
1431 state->key_length, server_signature_base64,
1434 elog(
ERROR,
"could not encode server signature");
1435 server_signature_base64[siglen] =
'\0';
1448 return psprintf(
"v=%s", server_signature_base64);
1472 "salt length greater than SHA256 digest length");
1491 return (
char *) sha_digest;
static void * scram_init(Port *port, const char *selected_mech, const char *shadow_pass)
static char * build_server_first_message(scram_state *state)
const pg_be_sasl_mech pg_be_scram_mech
static void read_client_first_message(scram_state *state, const char *input)
static char * read_attr_value(char **input, char attr)
bool parse_scram_secret(const char *secret, int *iterations, pg_cryptohash_type *hash_type, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
static char * read_any_attr(char **input, char *attr_p)
static bool verify_client_proof(scram_state *state)
static bool verify_final_nonce(scram_state *state)
static char * sanitize_str(const char *s)
static char * scram_mock_salt(const char *username, pg_cryptohash_type hash_type, int key_length)
static int scram_exchange(void *opaq, const char *input, int inputlen, char **output, int *outputlen, const char **logdetail)
static bool is_scram_printable(char *p)
static char * sanitize_char(char c)
char * pg_be_scram_build_secret(const char *password)
bool scram_verify_plain_password(const char *username, const char *password, const char *secret)
static void read_client_final_message(scram_state *state, const char *input)
static void mock_scram_secret(const char *username, pg_cryptohash_type *hash_type, int *iterations, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
static char * build_server_final_message(scram_state *state)
static void scram_get_mechanisms(Port *port, StringInfo buf)
int scram_sha_256_iterations
int pg_b64_decode(const char *src, int len, char *dst, int dstlen)
int pg_b64_enc_len(int srclen)
int pg_b64_encode(const char *src, int len, char *dst, int dstlen)
int pg_b64_dec_len(int srclen)
char * be_tls_get_certificate_hash(Port *port, size_t *len)
#define Assert(condition)
#define StaticAssertDecl(condition, errmessage)
PasswordType get_password_type(const char *shadow_pass)
@ PASSWORD_TYPE_SCRAM_SHA_256
int pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
int pg_cryptohash_init(pg_cryptohash_ctx *ctx)
void pg_cryptohash_free(pg_cryptohash_ctx *ctx)
pg_cryptohash_ctx * pg_cryptohash_create(pg_cryptohash_type type)
int pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)
int errdetail(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
pg_hmac_ctx * pg_hmac_create(pg_cryptohash_type type)
const char * pg_hmac_error(pg_hmac_ctx *ctx)
void pg_hmac_free(pg_hmac_ctx *ctx)
int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *key, size_t len)
int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest, size_t len)
if(TABLE==NULL||TABLE_index==NULL)
char * pstrdup(const char *in)
void pfree(void *pointer)
void * palloc0(Size size)
#define MOCK_AUTH_NONCE_LEN
bool pg_strong_random(void *buf, size_t len)
char * psprintf(const char *fmt,...)
#define PG_SASL_EXCHANGE_FAILURE
#define PG_SASL_EXCHANGE_CONTINUE
#define PG_SASL_EXCHANGE_SUCCESS
pg_saslprep_rc pg_saslprep(const char *input, char **output)
int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
char * scram_build_secret(pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
#define SCRAM_SHA_256_PLUS_NAME
#define SCRAM_SHA_256_NAME
#define SCRAM_RAW_NONCE_LEN
#define SCRAM_DEFAULT_SALT_LEN
#define SCRAM_MAX_KEY_LEN
#define SCRAM_SHA_256_KEY_LEN
#define SCRAM_SHA_256_DEFAULT_ITERATIONS
#define PG_SHA256_DIGEST_LENGTH
void appendStringInfoString(StringInfo str, const char *s)
void appendStringInfoChar(StringInfo str, char ch)
char * client_final_nonce
char * client_first_message_bare
char * client_final_message_without_proof
char * server_first_message
bool channel_binding_in_use
pg_cryptohash_type hash_type
char * GetMockAuthenticationNonce(void)