107 const char *shadow_pass);
109 char **
output,
int *outputlen,
110 const char **logdetail);
180 int *
iterations,
int *key_length,
char **salt,
210 if (
port->ssl_in_use)
255 state->channel_binding_in_use =
true;
259 state->channel_binding_in_use =
false;
262 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
263 errmsg(
"client selected an invalid SASL authentication mechanism")));
287 (
errmsg(
"invalid SCRAM secret for user \"%s\"",
288 state->port->user_name)));
298 state->logdetail =
psprintf(
_(
"User \"%s\" does not have a valid SCRAM secret."),
299 state->port->user_name);
325 state->doomed =
true;
349 char **
output,
int *outputlen,
const char **logdetail)
377 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
378 errmsg(
"malformed SCRAM message"),
380 if (inputlen != strlen(
input))
382 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
383 errmsg(
"malformed SCRAM message"),
384 errdetail(
"Message length does not match input length.")));
386 switch (
state->state)
415 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
416 errmsg(
"invalid SCRAM response"),
453 elog(
ERROR,
"invalid SCRAM exchange state");
458 *logdetail =
state->logdetail;
461 *outputlen = strlen(*
output);
478 const char *errstr = NULL;
487 password = (
const char *) prep_password;
492 (
errcode(ERRCODE_INTERNAL_ERROR),
493 errmsg(
"could not generate random salt")));
501 pfree(prep_password);
527 const char *errstr = NULL;
530 &encoded_salt, stored_key, server_key))
542 saltlen =
pg_b64_decode(encoded_salt, strlen(encoded_salt), salt,
559 salted_password, &errstr) < 0 ||
561 computed_key, &errstr) < 0)
563 elog(
ERROR,
"could not compute server key: %s", errstr);
567 pfree(prep_password);
573 return memcmp(computed_key, server_key, key_length) == 0;
591 char **salt,
uint8 *stored_key,
uint8 *server_key)
597 char *iterations_str;
601 char *decoded_salt_buf;
602 char *decoded_stored_buf;
603 char *decoded_server_buf;
611 if ((scheme_str =
strsep(&v,
"$")) == NULL)
613 if ((iterations_str =
strsep(&v,
":")) == NULL)
615 if ((salt_str =
strsep(&v,
"$")) == NULL)
617 if ((storedkey_str =
strsep(&v,
":")) == NULL)
622 if (strcmp(scheme_str,
"SCRAM-SHA-256") != 0)
629 if (*p || errno != 0)
637 decoded_salt_buf =
palloc(decoded_len);
639 decoded_salt_buf, decoded_len);
648 decoded_stored_buf =
palloc(decoded_len);
649 decoded_len =
pg_b64_decode(storedkey_str, strlen(storedkey_str),
650 decoded_stored_buf, decoded_len);
651 if (decoded_len != *key_length)
653 memcpy(stored_key, decoded_stored_buf, *key_length);
656 decoded_server_buf =
palloc(decoded_len);
657 decoded_len =
pg_b64_decode(serverkey_str, strlen(serverkey_str),
658 decoded_server_buf, decoded_len);
659 if (decoded_len != *key_length)
661 memcpy(server_key, decoded_server_buf, *key_length);
683 int *
iterations,
int *key_length,
char **salt,
703 if (raw_salt == NULL)
708 encoded_salt = (
char *)
palloc(encoded_len + 1);
714 encoded_salt[encoded_len] =
'\0';
716 *salt = encoded_salt;
730 char *begin = *
input;
735 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
736 errmsg(
"malformed SCRAM message"),
737 errdetail(
"Expected attribute \"%c\" but found \"%s\".",
743 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
744 errmsg(
"malformed SCRAM message"),
745 errdetail(
"Expected character \"=\" for attribute \"%c\".", attr)));
749 while (*end && *end !=
',')
777 if (*p < 0x21 || *p > 0x7E || *p == 0x2C )
796 if (
c >= 0x21 &&
c <= 0x7E)
814 static char buf[30 + 1];
817 for (
i = 0;
i <
sizeof(
buf) - 1;
i++)
824 if (
c >= 0x21 &&
c <= 0x7E)
842 char *begin = *
input;
848 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
849 errmsg(
"malformed SCRAM message"),
850 errdetail(
"Attribute expected, but found end of string.")));
858 if (!((attr >=
'A' && attr <=
'Z') ||
859 (attr >=
'a' && attr <=
'z')))
861 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
862 errmsg(
"malformed SCRAM message"),
863 errdetail(
"Attribute expected, but found invalid character \"%s\".",
871 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
872 errmsg(
"malformed SCRAM message"),
873 errdetail(
"Expected character \"=\" for attribute \"%c\".", attr)));
877 while (*end && *end !=
',')
901 char *channel_binding_type;
968 state->cbind_flag = *p;
977 if (
state->channel_binding_in_use)
979 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
980 errmsg(
"malformed SCRAM message"),
981 errdetail(
"The client selected SCRAM-SHA-256-PLUS, but the SCRAM message does not include channel binding data.")));
986 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
987 errmsg(
"malformed SCRAM message"),
988 errdetail(
"Comma expected, but found character \"%s\".",
999 if (
state->channel_binding_in_use)
1001 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1002 errmsg(
"malformed SCRAM message"),
1003 errdetail(
"The client selected SCRAM-SHA-256-PLUS, but the SCRAM message does not include channel binding data.")));
1006 if (
state->port->ssl_in_use)
1008 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1009 errmsg(
"SCRAM channel binding negotiation error"),
1010 errdetail(
"The client supports SCRAM channel binding but thinks the server does not. "
1011 "However, this server does support channel binding.")));
1016 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1017 errmsg(
"malformed SCRAM message"),
1018 errdetail(
"Comma expected, but found character \"%s\".",
1028 if (!
state->channel_binding_in_use)
1030 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1031 errmsg(
"malformed SCRAM message"),
1032 errdetail(
"The client selected SCRAM-SHA-256 without channel binding, but the SCRAM message includes channel binding data.")));
1040 if (strcmp(channel_binding_type,
"tls-server-end-point") != 0)
1042 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1043 errmsg(
"unsupported SCRAM channel-binding type \"%s\"",
1048 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1049 errmsg(
"malformed SCRAM message"),
1050 errdetail(
"Unexpected channel-binding flag \"%s\".",
1059 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1060 errmsg(
"client uses authorization identity, but it is not supported")));
1063 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1064 errmsg(
"malformed SCRAM message"),
1065 errdetail(
"Unexpected attribute \"%s\" in client-first-message.",
1080 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
1081 errmsg(
"client requires an unsupported SCRAM extension")));
1094 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1095 errmsg(
"non-printable characters in SCRAM nonce")));
1114 int client_nonce_len = strlen(
state->client_nonce);
1115 int server_nonce_len = strlen(
state->server_nonce);
1116 int final_nonce_len = strlen(
state->client_final_nonce);
1118 if (final_nonce_len != client_nonce_len + server_nonce_len)
1120 if (memcmp(
state->client_final_nonce,
state->client_nonce, client_nonce_len) != 0)
1122 if (memcmp(
state->client_final_nonce + client_nonce_len,
state->server_nonce, server_nonce_len) != 0)
1141 const char *errstr = NULL;
1151 strlen(
state->client_first_message_bare)) < 0 ||
1155 strlen(
state->server_first_message)) < 0 ||
1158 (
uint8 *)
state->client_final_message_without_proof,
1159 strlen(
state->client_final_message_without_proof)) < 0 ||
1162 elog(
ERROR,
"could not calculate client signature: %s",
1169 for (
i = 0;
i <
state->key_length;
i++)
1170 ClientKey[
i] =
state->ClientProof[
i] ^ ClientSignature[
i];
1174 client_StoredKey, &errstr) < 0)
1175 elog(
ERROR,
"could not hash stored key: %s", errstr);
1177 if (memcmp(client_StoredKey,
state->StoredKey,
state->key_length) != 0)
1225 (
errcode(ERRCODE_INTERNAL_ERROR),
1226 errmsg(
"could not generate random nonce")));
1232 state->server_nonce, encoded_len);
1233 if (encoded_len < 0)
1235 (
errcode(ERRCODE_INTERNAL_ERROR),
1236 errmsg(
"could not encode random nonce")));
1237 state->server_nonce[encoded_len] =
'\0';
1239 state->server_first_message =
1255 char *channel_binding;
1261 int client_proof_len;
1299 if (
state->channel_binding_in_use)
1302 const char *cbind_data = NULL;
1303 size_t cbind_data_len = 0;
1304 size_t cbind_header_len;
1306 size_t cbind_input_len;
1308 int b64_message_len;
1317 if (cbind_data == NULL || cbind_data_len == 0)
1318 elog(
ERROR,
"could not get server certificate hash");
1320 cbind_header_len = strlen(
"p=tls-server-end-point,,");
1321 cbind_input_len = cbind_header_len + cbind_data_len;
1322 cbind_input =
palloc(cbind_input_len);
1323 snprintf(cbind_input, cbind_input_len,
"p=tls-server-end-point,,");
1324 memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len);
1328 b64_message =
palloc(b64_message_len + 1);
1329 b64_message_len =
pg_b64_encode(cbind_input, cbind_input_len,
1330 b64_message, b64_message_len);
1331 if (b64_message_len < 0)
1332 elog(
ERROR,
"could not encode channel binding data");
1333 b64_message[b64_message_len] =
'\0';
1339 if (strcmp(channel_binding, b64_message) != 0)
1341 (
errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
1342 errmsg(
"SCRAM channel binding check failed")));
1345 elog(
ERROR,
"channel binding not supported by this build");
1356 if (!(strcmp(channel_binding,
"biws") == 0 &&
state->cbind_flag ==
'n') &&
1357 !(strcmp(channel_binding,
"eSws") == 0 &&
state->cbind_flag ==
'y'))
1359 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1360 errmsg(
"unexpected SCRAM channel-binding attribute in client-final-message")));
1370 }
while (attr !=
'p');
1373 client_proof =
palloc(client_proof_len);
1375 client_proof_len) !=
state->key_length)
1377 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1378 errmsg(
"malformed SCRAM message"),
1379 errdetail(
"Malformed proof in client-final-message.")));
1380 memcpy(
state->ClientProof, client_proof,
state->key_length);
1381 pfree(client_proof);
1385 (
errcode(ERRCODE_PROTOCOL_VIOLATION),
1386 errmsg(
"malformed SCRAM message"),
1387 errdetail(
"Garbage found at the end of client-final-message.")));
1389 state->client_final_message_without_proof =
palloc(proof - begin + 1);
1390 memcpy(
state->client_final_message_without_proof,
input, proof - begin);
1391 state->client_final_message_without_proof[proof - begin] =
'\0';
1401 char *server_signature_base64;
1409 strlen(
state->client_first_message_bare)) < 0 ||
1413 strlen(
state->server_first_message)) < 0 ||
1416 (
uint8 *)
state->client_final_message_without_proof,
1417 strlen(
state->client_final_message_without_proof)) < 0 ||
1420 elog(
ERROR,
"could not calculate server signature: %s",
1428 server_signature_base64 =
palloc(siglen + 1);
1430 state->key_length, server_signature_base64,
1433 elog(
ERROR,
"could not encode server signature");
1434 server_signature_base64[siglen] =
'\0';
1447 return psprintf(
"v=%s", server_signature_base64);
1471 "salt length greater than SHA256 digest length");
1490 return (
char *) sha_digest;
static void * scram_init(Port *port, const char *selected_mech, const char *shadow_pass)
static char * build_server_first_message(scram_state *state)
const pg_be_sasl_mech pg_be_scram_mech
static void read_client_first_message(scram_state *state, const char *input)
static char * read_attr_value(char **input, char attr)
bool parse_scram_secret(const char *secret, int *iterations, pg_cryptohash_type *hash_type, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
static char * read_any_attr(char **input, char *attr_p)
static bool verify_client_proof(scram_state *state)
static bool verify_final_nonce(scram_state *state)
static char * sanitize_str(const char *s)
static char * scram_mock_salt(const char *username, pg_cryptohash_type hash_type, int key_length)
static int scram_exchange(void *opaq, const char *input, int inputlen, char **output, int *outputlen, const char **logdetail)
static bool is_scram_printable(char *p)
static char * sanitize_char(char c)
char * pg_be_scram_build_secret(const char *password)
bool scram_verify_plain_password(const char *username, const char *password, const char *secret)
static void read_client_final_message(scram_state *state, const char *input)
static void mock_scram_secret(const char *username, pg_cryptohash_type *hash_type, int *iterations, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
static char * build_server_final_message(scram_state *state)
static void scram_get_mechanisms(Port *port, StringInfo buf)
int scram_sha_256_iterations
int pg_b64_decode(const char *src, int len, char *dst, int dstlen)
int pg_b64_enc_len(int srclen)
int pg_b64_encode(const char *src, int len, char *dst, int dstlen)
int pg_b64_dec_len(int srclen)
char * be_tls_get_certificate_hash(Port *port, size_t *len)
#define Assert(condition)
#define StaticAssertDecl(condition, errmessage)
PasswordType get_password_type(const char *shadow_pass)
@ PASSWORD_TYPE_SCRAM_SHA_256
int pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
int pg_cryptohash_init(pg_cryptohash_ctx *ctx)
void pg_cryptohash_free(pg_cryptohash_ctx *ctx)
pg_cryptohash_ctx * pg_cryptohash_create(pg_cryptohash_type type)
int pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)
int errdetail(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
pg_hmac_ctx * pg_hmac_create(pg_cryptohash_type type)
const char * pg_hmac_error(pg_hmac_ctx *ctx)
void pg_hmac_free(pg_hmac_ctx *ctx)
int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *key, size_t len)
int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest, size_t len)
if(TABLE==NULL||TABLE_index==NULL)
char * pstrdup(const char *in)
void pfree(void *pointer)
void * palloc0(Size size)
#define MOCK_AUTH_NONCE_LEN
bool pg_strong_random(void *buf, size_t len)
char * strsep(char **stringp, const char *delim)
char * psprintf(const char *fmt,...)
#define PG_SASL_EXCHANGE_FAILURE
#define PG_SASL_EXCHANGE_CONTINUE
#define PG_SASL_EXCHANGE_SUCCESS
pg_saslprep_rc pg_saslprep(const char *input, char **output)
int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
char * scram_build_secret(pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
#define SCRAM_SHA_256_PLUS_NAME
#define SCRAM_SHA_256_NAME
#define SCRAM_RAW_NONCE_LEN
#define SCRAM_DEFAULT_SALT_LEN
#define SCRAM_MAX_KEY_LEN
#define SCRAM_SHA_256_KEY_LEN
#define SCRAM_SHA_256_DEFAULT_ITERATIONS
#define PG_SHA256_DIGEST_LENGTH
void appendStringInfoString(StringInfo str, const char *s)
void appendStringInfoChar(StringInfo str, char ch)
char * client_final_nonce
char * client_first_message_bare
char * client_final_message_without_proof
char * server_first_message
bool channel_binding_in_use
pg_cryptohash_type hash_type
char * GetMockAuthenticationNonce(void)