107 const char *shadow_pass);
109 char **
output,
int *outputlen,
110 const char **logdetail);
182 int *
iterations,
int *key_length,
char **salt,
212 if (
port->ssl_in_use)
257 state->channel_binding_in_use =
true;
261 state->channel_binding_in_use =
false;
264 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
265 errmsg(
"client selected an invalid SASL authentication mechanism")));
289 (
errmsg(
"invalid SCRAM secret for user \"%s\"",
290 state->port->user_name)));
300 state->logdetail =
psprintf(
_(
"User \"%s\" does not have a valid SCRAM secret."),
301 state->port->user_name);
327 state->doomed =
true;
351 char **
output,
int *outputlen,
const char **logdetail)
379 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
380 errmsg(
"malformed SCRAM message"),
382 if (inputlen != strlen(
input))
384 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
385 errmsg(
"malformed SCRAM message"),
386 errdetail(
"Message length does not match input length.")));
388 switch (
state->state)
417 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
418 errmsg(
"invalid SCRAM response"),
455 elog(
ERROR,
"invalid SCRAM exchange state");
460 *logdetail =
state->logdetail;
463 *outputlen = strlen(*
output);
480 const char *errstr = NULL;
489 password = (
const char *) prep_password;
494 (
errcode(ERRCODE_INTERNAL_ERROR),
495 errmsg(
"could not generate random salt")));
503 pfree(prep_password);
529 const char *errstr = NULL;
532 &encoded_salt, stored_key, server_key))
544 saltlen =
pg_b64_decode(encoded_salt, strlen(encoded_salt), salt,
561 salted_password, &errstr) < 0 ||
563 computed_key, &errstr) < 0)
565 elog(
ERROR,
"could not compute server key: %s", errstr);
569 pfree(prep_password);
575 return memcmp(computed_key, server_key, key_length) == 0;
593 char **salt,
uint8 *stored_key,
uint8 *server_key)
599 char *iterations_str;
603 char *decoded_salt_buf;
604 char *decoded_stored_buf;
605 char *decoded_server_buf;
613 scheme_str =
strsep(&v,
"$");
616 iterations_str =
strsep(&v,
":");
619 salt_str =
strsep(&v,
"$");
622 storedkey_str =
strsep(&v,
":");
628 if (strcmp(scheme_str,
"SCRAM-SHA-256") != 0)
635 if (*p || errno != 0)
643 decoded_salt_buf =
palloc(decoded_len);
645 decoded_salt_buf, decoded_len);
654 decoded_stored_buf =
palloc(decoded_len);
655 decoded_len =
pg_b64_decode(storedkey_str, strlen(storedkey_str),
656 decoded_stored_buf, decoded_len);
657 if (decoded_len != *key_length)
659 memcpy(stored_key, decoded_stored_buf, *key_length);
662 decoded_server_buf =
palloc(decoded_len);
663 decoded_len =
pg_b64_decode(serverkey_str, strlen(serverkey_str),
664 decoded_server_buf, decoded_len);
665 if (decoded_len != *key_length)
667 memcpy(server_key, decoded_server_buf, *key_length);
689 int *
iterations,
int *key_length,
char **salt,
709 if (raw_salt == NULL)
714 encoded_salt = (
char *)
palloc(encoded_len + 1);
720 encoded_salt[encoded_len] =
'\0';
722 *salt = encoded_salt;
736 char *begin = *
input;
741 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
742 errmsg(
"malformed SCRAM message"),
743 errdetail(
"Expected attribute \"%c\" but found \"%s\".",
749 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
750 errmsg(
"malformed SCRAM message"),
751 errdetail(
"Expected character \"=\" for attribute \"%c\".", attr)));
755 while (*end && *end !=
',')
783 if (*p < 0x21 || *p > 0x7E || *p == 0x2C )
802 if (
c >= 0x21 &&
c <= 0x7E)
820 static char buf[30 + 1];
823 for (
i = 0;
i <
sizeof(
buf) - 1;
i++)
830 if (
c >= 0x21 &&
c <= 0x7E)
848 char *begin = *
input;
854 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
855 errmsg(
"malformed SCRAM message"),
856 errdetail(
"Attribute expected, but found end of string.")));
864 if (!((attr >=
'A' && attr <=
'Z') ||
865 (attr >=
'a' && attr <=
'z')))
867 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
868 errmsg(
"malformed SCRAM message"),
869 errdetail(
"Attribute expected, but found invalid character \"%s\".",
877 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
878 errmsg(
"malformed SCRAM message"),
879 errdetail(
"Expected character \"=\" for attribute \"%c\".", attr)));
883 while (*end && *end !=
',')
907 char *channel_binding_type;
974 state->cbind_flag = *p;
983 if (
state->channel_binding_in_use)
985 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
986 errmsg(
"malformed SCRAM message"),
987 errdetail(
"The client selected SCRAM-SHA-256-PLUS, but the SCRAM message does not include channel binding data.")));
992 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
993 errmsg(
"malformed SCRAM message"),
994 errdetail(
"Comma expected, but found character \"%s\".",
1005 if (
state->channel_binding_in_use)
1007 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1008 errmsg(
"malformed SCRAM message"),
1009 errdetail(
"The client selected SCRAM-SHA-256-PLUS, but the SCRAM message does not include channel binding data.")));
1012 if (
state->port->ssl_in_use)
1014 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1015 errmsg(
"SCRAM channel binding negotiation error"),
1016 errdetail(
"The client supports SCRAM channel binding but thinks the server does not. "
1017 "However, this server does support channel binding.")));
1022 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1023 errmsg(
"malformed SCRAM message"),
1024 errdetail(
"Comma expected, but found character \"%s\".",
1034 if (!
state->channel_binding_in_use)
1036 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1037 errmsg(
"malformed SCRAM message"),
1038 errdetail(
"The client selected SCRAM-SHA-256 without channel binding, but the SCRAM message includes channel binding data.")));
1046 if (strcmp(channel_binding_type,
"tls-server-end-point") != 0)
1048 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1049 errmsg(
"unsupported SCRAM channel-binding type \"%s\"",
1054 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1055 errmsg(
"malformed SCRAM message"),
1056 errdetail(
"Unexpected channel-binding flag \"%s\".",
1065 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1066 errmsg(
"client uses authorization identity, but it is not supported")));
1069 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1070 errmsg(
"malformed SCRAM message"),
1071 errdetail(
"Unexpected attribute \"%s\" in client-first-message.",
1086 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1087 errmsg(
"client requires an unsupported SCRAM extension")));
1100 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1101 errmsg(
"non-printable characters in SCRAM nonce")));
1120 int client_nonce_len = strlen(
state->client_nonce);
1121 int server_nonce_len = strlen(
state->server_nonce);
1122 int final_nonce_len = strlen(
state->client_final_nonce);
1124 if (final_nonce_len != client_nonce_len + server_nonce_len)
1126 if (memcmp(
state->client_final_nonce,
state->client_nonce, client_nonce_len) != 0)
1128 if (memcmp(
state->client_final_nonce + client_nonce_len,
state->server_nonce, server_nonce_len) != 0)
1147 const char *errstr = NULL;
1157 strlen(
state->client_first_message_bare)) < 0 ||
1161 strlen(
state->server_first_message)) < 0 ||
1164 (
uint8 *)
state->client_final_message_without_proof,
1165 strlen(
state->client_final_message_without_proof)) < 0 ||
1168 elog(
ERROR,
"could not calculate client signature: %s",
1175 for (
i = 0;
i <
state->key_length;
i++)
1176 ClientKey[
i] =
state->ClientProof[
i] ^ ClientSignature[
i];
1180 client_StoredKey, &errstr) < 0)
1181 elog(
ERROR,
"could not hash stored key: %s", errstr);
1183 if (memcmp(client_StoredKey,
state->StoredKey,
state->key_length) != 0)
1231 (
errcode(ERRCODE_INTERNAL_ERROR),
1232 errmsg(
"could not generate random nonce")));
1238 state->server_nonce, encoded_len);
1239 if (encoded_len < 0)
1241 (
errcode(ERRCODE_INTERNAL_ERROR),
1242 errmsg(
"could not encode random nonce")));
1243 state->server_nonce[encoded_len] =
'\0';
1245 state->server_first_message =
1261 char *channel_binding;
1267 int client_proof_len;
1305 if (
state->channel_binding_in_use)
1308 const char *cbind_data = NULL;
1309 size_t cbind_data_len = 0;
1310 size_t cbind_header_len;
1312 size_t cbind_input_len;
1314 int b64_message_len;
1323 if (cbind_data == NULL || cbind_data_len == 0)
1324 elog(
ERROR,
"could not get server certificate hash");
1326 cbind_header_len = strlen(
"p=tls-server-end-point,,");
1327 cbind_input_len = cbind_header_len + cbind_data_len;
1328 cbind_input =
palloc(cbind_input_len);
1329 snprintf(cbind_input, cbind_input_len,
"p=tls-server-end-point,,");
1330 memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len);
1334 b64_message =
palloc(b64_message_len + 1);
1335 b64_message_len =
pg_b64_encode(cbind_input, cbind_input_len,
1336 b64_message, b64_message_len);
1337 if (b64_message_len < 0)
1338 elog(
ERROR,
"could not encode channel binding data");
1339 b64_message[b64_message_len] =
'\0';
1345 if (strcmp(channel_binding, b64_message) != 0)
1347 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1348 errmsg(
"SCRAM channel binding check failed")));
1351 elog(
ERROR,
"channel binding not supported by this build");
1362 if (!(strcmp(channel_binding,
"biws") == 0 &&
state->cbind_flag ==
'n') &&
1363 !(strcmp(channel_binding,
"eSws") == 0 &&
state->cbind_flag ==
'y'))
1365 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1366 errmsg(
"unexpected SCRAM channel-binding attribute in client-final-message")));
1376 }
while (attr !=
'p');
1379 client_proof =
palloc(client_proof_len);
1381 client_proof_len) !=
state->key_length)
1383 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1384 errmsg(
"malformed SCRAM message"),
1385 errdetail(
"Malformed proof in client-final-message.")));
1386 memcpy(
state->ClientProof, client_proof,
state->key_length);
1387 pfree(client_proof);
1391 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1392 errmsg(
"malformed SCRAM message"),
1393 errdetail(
"Garbage found at the end of client-final-message.")));
1395 state->client_final_message_without_proof =
palloc(proof - begin + 1);
1396 memcpy(
state->client_final_message_without_proof,
input, proof - begin);
1397 state->client_final_message_without_proof[proof - begin] =
'\0';
1407 char *server_signature_base64;
1415 strlen(
state->client_first_message_bare)) < 0 ||
1419 strlen(
state->server_first_message)) < 0 ||
1422 (
uint8 *)
state->client_final_message_without_proof,
1423 strlen(
state->client_final_message_without_proof)) < 0 ||
1426 elog(
ERROR,
"could not calculate server signature: %s",
1434 server_signature_base64 =
palloc(siglen + 1);
1436 state->key_length, server_signature_base64,
1439 elog(
ERROR,
"could not encode server signature");
1440 server_signature_base64[siglen] =
'\0';
1453 return psprintf(
"v=%s", server_signature_base64);
1477 "salt length greater than SHA256 digest length");
1496 return (
char *) sha_digest;
static void * scram_init(Port *port, const char *selected_mech, const char *shadow_pass)
static char * build_server_first_message(scram_state *state)
const pg_be_sasl_mech pg_be_scram_mech
static void read_client_first_message(scram_state *state, const char *input)
bool parse_scram_secret(const char *secret, int *iterations, pg_cryptohash_type *hash_type, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
static bool verify_client_proof(scram_state *state)
static bool verify_final_nonce(scram_state *state)
static char * sanitize_str(const char *s)
static char * scram_mock_salt(const char *username, pg_cryptohash_type hash_type, int key_length)
char * pg_be_scram_build_secret(const char *password)
static int scram_exchange(void *opaq, const char *input, int inputlen, char **output, int *outputlen, const char **logdetail)
static bool is_scram_printable(char *p)
static char * sanitize_char(char c)
bool scram_verify_plain_password(const char *username, const char *password, const char *secret)
static char * read_attr_value(char **input, char attr)
static void read_client_final_message(scram_state *state, const char *input)
static void mock_scram_secret(const char *username, pg_cryptohash_type *hash_type, int *iterations, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
static char * read_any_attr(char **input, char *attr_p)
static char * build_server_final_message(scram_state *state)
static void scram_get_mechanisms(Port *port, StringInfo buf)
int scram_sha_256_iterations
int pg_b64_decode(const char *src, int len, char *dst, int dstlen)
int pg_b64_enc_len(int srclen)
int pg_b64_encode(const char *src, int len, char *dst, int dstlen)
int pg_b64_dec_len(int srclen)
char * be_tls_get_certificate_hash(Port *port, size_t *len)
#define Assert(condition)
#define StaticAssertDecl(condition, errmessage)
PasswordType get_password_type(const char *shadow_pass)
@ PASSWORD_TYPE_SCRAM_SHA_256
int pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
pg_cryptohash_ctx * pg_cryptohash_create(pg_cryptohash_type type)
int pg_cryptohash_init(pg_cryptohash_ctx *ctx)
void pg_cryptohash_free(pg_cryptohash_ctx *ctx)
int pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)
int errdetail(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
pg_hmac_ctx * pg_hmac_create(pg_cryptohash_type type)
void pg_hmac_free(pg_hmac_ctx *ctx)
const char * pg_hmac_error(pg_hmac_ctx *ctx)
int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *key, size_t len)
int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest, size_t len)
if(TABLE==NULL||TABLE_index==NULL)
char * pstrdup(const char *in)
void pfree(void *pointer)
void * palloc0(Size size)
#define MOCK_AUTH_NONCE_LEN
char * strsep(char **stringp, const char *delim)
bool pg_strong_random(void *buf, size_t len)
char * psprintf(const char *fmt,...)
#define PG_MAX_SASL_MESSAGE_LENGTH
#define PG_SASL_EXCHANGE_FAILURE
#define PG_SASL_EXCHANGE_CONTINUE
#define PG_SASL_EXCHANGE_SUCCESS
pg_saslprep_rc pg_saslprep(const char *input, char **output)
char * scram_build_secret(pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
#define SCRAM_SHA_256_PLUS_NAME
#define SCRAM_SHA_256_NAME
#define SCRAM_RAW_NONCE_LEN
#define SCRAM_DEFAULT_SALT_LEN
#define SCRAM_MAX_KEY_LEN
#define SCRAM_SHA_256_KEY_LEN
#define SCRAM_SHA_256_DEFAULT_ITERATIONS
#define PG_SHA256_DIGEST_LENGTH
void appendStringInfoString(StringInfo str, const char *s)
void appendStringInfoChar(StringInfo str, char ch)
char * client_final_nonce
char * client_first_message_bare
char * client_final_message_without_proof
char * server_first_message
bool channel_binding_in_use
pg_cryptohash_type hash_type
char * GetMockAuthenticationNonce(void)