26 const char *sasl_mechanism);
28 char **
output,
int *outputlen);
89 const char *client_final_message_without_proof,
90 uint8 *result,
const char **errstr);
98 const char *sasl_mechanism)
104 Assert(sasl_mechanism != NULL);
115 state->sasl_mechanism = strdup(sasl_mechanism);
116 if (!
state->sasl_mechanism)
140 state->password = prep_password;
188 free(
state->client_final_message_without_proof);
206 char **
output,
int *outputlen)
210 const char *errstr = NULL;
226 if (inputlen != strlen(
input))
233 switch (
state->state)
241 *outputlen = strlen(*
output);
254 *outputlen = strlen(*
output);
281 state->conn->client_finished_auth =
true;
305 char *begin = *
input;
311 "malformed SCRAM message (attribute \"%c\" expected)",
320 "malformed SCRAM message (expected character \"=\" for attribute \"%c\")",
327 while (*end && *end !=
',')
350 int channel_info_len;
367 if (
state->client_nonce == NULL)
373 state->client_nonce, encoded_len);
379 state->client_nonce[encoded_len] =
'\0';
419 channel_info_len =
buf.len;
429 state->client_first_message_bare = strdup(
buf.data + channel_info_len + 2);
430 if (!
state->client_first_message_bare)
433 result = strdup(
buf.data);
457 const char *errstr = NULL;
472 char *cbind_data = NULL;
473 size_t cbind_data_len = 0;
474 size_t cbind_header_len;
476 size_t cbind_input_len;
477 int encoded_cbind_len;
483 if (cbind_data == NULL)
493 cbind_header_len = strlen(
"p=tls-server-end-point,,");
494 cbind_input_len = cbind_header_len + cbind_data_len;
495 cbind_input =
malloc(cbind_input_len);
501 memcpy(cbind_input,
"p=tls-server-end-point,,", cbind_header_len);
502 memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len);
511 encoded_cbind_len =
pg_b64_encode(cbind_input, cbind_input_len,
514 if (encoded_cbind_len < 0)
520 "could not encode cbind data for channel binding\n");
523 buf.len += encoded_cbind_len;
535 "channel binding not supported by this build\n");
554 state->client_final_message_without_proof = strdup(
buf.data);
555 if (
state->client_final_message_without_proof == NULL)
560 state->client_final_message_without_proof,
561 client_proof, &errstr))
582 buf.len += encoded_len;
585 result = strdup(
buf.data);
605 char *iterations_str;
609 int decoded_salt_len;
612 if (
state->server_first_message == NULL)
628 if (strlen(nonce) < strlen(
state->client_nonce) ||
629 memcmp(nonce,
state->client_nonce, strlen(
state->client_nonce)) != 0)
635 state->nonce = strdup(nonce);
636 if (
state->nonce == NULL)
643 if (encoded_salt == NULL)
650 if (
state->salt == NULL)
656 strlen(encoded_salt),
659 if (
state->saltlen < 0)
666 if (iterations_str == NULL)
671 state->iterations = strtol(iterations_str, &endptr, 10);
672 if (*endptr !=
'\0' ||
state->iterations < 1)
691 char *encoded_server_signature;
692 char *decoded_server_signature;
693 int server_signature_len;
696 if (!
state->server_final_message)
721 if (encoded_server_signature == NULL)
730 server_signature_len =
pg_b64_dec_len(strlen(encoded_server_signature));
731 decoded_server_signature =
malloc(server_signature_len);
732 if (!decoded_server_signature)
738 server_signature_len =
pg_b64_decode(encoded_server_signature,
739 strlen(encoded_server_signature),
740 decoded_server_signature,
741 server_signature_len);
742 if (server_signature_len !=
state->key_length)
744 free(decoded_server_signature);
748 memcpy(
state->ServerSignature, decoded_server_signature,
750 free(decoded_server_signature);
762 const char *client_final_message_without_proof,
763 uint8 *result,
const char **errstr)
787 state->key_length, ClientKey, errstr) < 0 ||
789 StoredKey, errstr) < 0)
799 strlen(
state->client_first_message_bare)) < 0 ||
803 strlen(
state->server_first_message)) < 0 ||
806 (
uint8 *) client_final_message_without_proof,
807 strlen(client_final_message_without_proof)) < 0 ||
815 for (
i = 0;
i <
state->key_length;
i++)
816 result[
i] = ClientKey[
i] ^ ClientSignature[
i];
845 state->key_length, ServerKey, errstr) < 0)
856 strlen(
state->client_first_message_bare)) < 0 ||
860 strlen(
state->server_first_message)) < 0 ||
863 (
uint8 *)
state->client_final_message_without_proof,
864 strlen(
state->client_final_message_without_proof)) < 0 ||
866 state->key_length) < 0)
876 if (memcmp(expected_ServerSignature,
state->ServerSignature,
877 state->key_length) != 0)
912 password = (
const char *) prep_password;
int pg_b64_decode(const char *src, int len, char *dst, int dstlen)
int pg_b64_enc_len(int srclen)
int pg_b64_encode(const char *src, int len, char *dst, int dstlen)
int pg_b64_dec_len(int srclen)
#define Assert(condition)
int errmsg(const char *fmt,...)
static char * build_client_first_message(fe_scram_state *state)
const pg_fe_sasl_mech pg_scram_mech
static bool verify_server_signature(fe_scram_state *state, bool *match, const char **errstr)
static void * scram_init(PGconn *conn, const char *password, const char *sasl_mechanism)
static void scram_free(void *opaq)
static bool read_server_first_message(fe_scram_state *state, char *input)
static bool scram_channel_bound(void *opaq)
static SASLStatus scram_exchange(void *opaq, char *input, int inputlen, char **output, int *outputlen)
static char * read_attr_value(char **input, char attr, PQExpBuffer errorMessage)
char * pg_fe_scram_build_secret(const char *password, int iterations, const char **errstr)
static bool calculate_client_proof(fe_scram_state *state, const char *client_final_message_without_proof, uint8 *result, const char **errstr)
static char * build_client_final_message(fe_scram_state *state)
static bool read_server_final_message(fe_scram_state *state, char *input)
void libpq_append_error(PQExpBuffer errorMessage, const char *fmt,...)
void libpq_append_conn_error(PGconn *conn, const char *fmt,...)
char * pgtls_get_peer_certificate_hash(PGconn *conn, size_t *len)
pg_hmac_ctx * pg_hmac_create(pg_cryptohash_type type)
const char * pg_hmac_error(pg_hmac_ctx *ctx)
void pg_hmac_free(pg_hmac_ctx *ctx)
int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *key, size_t len)
int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest, size_t len)
bool pg_strong_random(void *buf, size_t len)
void initPQExpBuffer(PQExpBuffer str)
int enlargePQExpBuffer(PQExpBuffer str, size_t needed)
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
void appendPQExpBufferChar(PQExpBuffer str, char ch)
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
void termPQExpBuffer(PQExpBuffer str)
#define PQExpBufferDataBroken(buf)
pg_saslprep_rc pg_saslprep(const char *input, char **output)
int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
int scram_ClientKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
char * scram_build_secret(pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
#define SCRAM_SHA_256_PLUS_NAME
#define SCRAM_RAW_NONCE_LEN
#define SCRAM_DEFAULT_SALT_LEN
#define SCRAM_MAX_KEY_LEN
#define SCRAM_SHA_256_KEY_LEN
char * client_final_message_without_proof
fe_scram_state_enum state
char * client_first_message_bare
char * server_final_message
char * server_first_message
pg_cryptohash_type hash_type
PQExpBufferData errorMessage