26 const char *sasl_mechanism);
28 char **
output,
int *outputlen,
86 const char *client_final_message_without_proof,
87 uint8 *result,
const char **errstr);
95 const char *sasl_mechanism)
101 Assert(sasl_mechanism != NULL);
109 state->sasl_mechanism = strdup(sasl_mechanism);
111 if (!
state->sasl_mechanism)
135 state->password = prep_password;
183 free(
state->client_final_message_without_proof);
201 char **
output,
int *outputlen,
206 const char *errstr = NULL;
225 if (inputlen != strlen(input))
228 libpq_gettext(
"malformed SCRAM message (length mismatch)\n"));
233 switch (
state->state)
241 *outputlen = strlen(*
output);
255 *outputlen = strlen(*
output);
272 libpq_gettext(
"could not verify server signature: %s\n"), errstr);
309 char *begin = *input;
315 libpq_gettext(
"malformed SCRAM message (attribute \"%c\" expected)\n"),
324 libpq_gettext(
"malformed SCRAM message (expected character \"=\" for attribute \"%c\")\n"),
331 while (*end && *end !=
',')
354 int channel_info_len;
372 if (
state->client_nonce == NULL)
379 state->client_nonce, encoded_len);
386 state->client_nonce[encoded_len] =
'\0';
405 #ifdef HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH
426 channel_info_len =
buf.len;
436 state->client_first_message_bare = strdup(
buf.data + channel_info_len + 2);
437 if (!
state->client_first_message_bare)
440 result = strdup(
buf.data);
465 const char *errstr = NULL;
479 #ifdef HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH
480 char *cbind_data = NULL;
481 size_t cbind_data_len = 0;
482 size_t cbind_header_len;
484 size_t cbind_input_len;
485 int encoded_cbind_len;
489 pgtls_get_peer_certificate_hash(
state->conn,
491 if (cbind_data == NULL)
501 cbind_header_len = strlen(
"p=tls-server-end-point,,");
502 cbind_input_len = cbind_header_len + cbind_data_len;
503 cbind_input =
malloc(cbind_input_len);
509 memcpy(cbind_input,
"p=tls-server-end-point,,", cbind_header_len);
510 memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len);
519 encoded_cbind_len =
pg_b64_encode(cbind_input, cbind_input_len,
522 if (encoded_cbind_len < 0)
528 "could not encode cbind data for channel binding\n");
531 buf.len += encoded_cbind_len;
543 "channel binding not supported by this build\n");
547 #ifdef HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH
562 state->client_final_message_without_proof = strdup(
buf.data);
563 if (
state->client_final_message_without_proof == NULL)
568 state->client_final_message_without_proof,
569 client_proof, &errstr))
593 buf.len += encoded_len;
596 result = strdup(
buf.data);
617 char *iterations_str;
621 int decoded_salt_len;
623 state->server_first_message = strdup(input);
624 if (
state->server_first_message == NULL)
641 if (strlen(nonce) < strlen(
state->client_nonce) ||
642 memcmp(nonce,
state->client_nonce, strlen(
state->client_nonce)) != 0)
649 state->nonce = strdup(nonce);
650 if (
state->nonce == NULL)
658 if (encoded_salt == NULL)
665 if (
state->salt == NULL)
672 strlen(encoded_salt),
675 if (
state->saltlen < 0)
683 if (iterations_str == NULL)
688 state->iterations = strtol(iterations_str, &endptr, 10);
689 if (*endptr !=
'\0' ||
state->iterations < 1)
692 libpq_gettext(
"malformed SCRAM message (invalid iteration count)\n"));
698 libpq_gettext(
"malformed SCRAM message (garbage at end of server-first-message)\n"));
710 char *encoded_server_signature;
711 char *decoded_server_signature;
712 int server_signature_len;
714 state->server_final_message = strdup(input);
715 if (!
state->server_final_message)
734 libpq_gettext(
"error received from server in SCRAM exchange: %s\n"),
742 if (encoded_server_signature == NULL)
750 libpq_gettext(
"malformed SCRAM message (garbage at end of server-final-message)\n"));
752 server_signature_len =
pg_b64_dec_len(strlen(encoded_server_signature));
753 decoded_server_signature =
malloc(server_signature_len);
754 if (!decoded_server_signature)
761 server_signature_len =
pg_b64_decode(encoded_server_signature,
762 strlen(encoded_server_signature),
763 decoded_server_signature,
764 server_signature_len);
767 free(decoded_server_signature);
769 libpq_gettext(
"malformed SCRAM message (invalid server signature)\n"));
773 free(decoded_server_signature);
785 const char *client_final_message_without_proof,
786 uint8 *result,
const char **errstr)
819 strlen(
state->client_first_message_bare)) < 0 ||
823 strlen(
state->server_first_message)) < 0 ||
826 (
uint8 *) client_final_message_without_proof,
827 strlen(client_final_message_without_proof)) < 0 ||
828 pg_hmac_final(ctx, ClientSignature,
sizeof(ClientSignature)) < 0)
836 result[
i] = ClientKey[
i] ^ ClientSignature[
i];
875 strlen(
state->client_first_message_bare)) < 0 ||
879 strlen(
state->server_first_message)) < 0 ||
882 (
uint8 *)
state->client_final_message_without_proof,
883 strlen(
state->client_final_message_without_proof)) < 0 ||
885 sizeof(expected_ServerSignature)) < 0)
925 *errstr =
_(
"out of memory");
929 password = (
const char *) prep_password;
934 *errstr =
_(
"failed to generate random salt");
int pg_b64_decode(const char *src, int len, char *dst, int dstlen)
int pg_b64_enc_len(int srclen)
int pg_b64_encode(const char *src, int len, char *dst, int dstlen)
int pg_b64_dec_len(int srclen)
int errmsg(const char *fmt,...)
static char * build_client_first_message(fe_scram_state *state)
char * pg_fe_scram_build_secret(const char *password, const char **errstr)
const pg_fe_sasl_mech pg_scram_mech
static bool verify_server_signature(fe_scram_state *state, bool *match, const char **errstr)
static void * scram_init(PGconn *conn, const char *password, const char *sasl_mechanism)
static void scram_free(void *opaq)
static void scram_exchange(void *opaq, char *input, int inputlen, char **output, int *outputlen, bool *done, bool *success)
static bool read_server_first_message(fe_scram_state *state, char *input)
static bool scram_channel_bound(void *opaq)
static char * read_attr_value(char **input, char attr, PQExpBuffer errorMessage)
static bool calculate_client_proof(fe_scram_state *state, const char *client_final_message_without_proof, uint8 *result, const char **errstr)
static char * build_client_final_message(fe_scram_state *state)
static bool read_server_final_message(fe_scram_state *state, char *input)
pg_hmac_ctx * pg_hmac_create(pg_cryptohash_type type)
const char * pg_hmac_error(pg_hmac_ctx *ctx)
void pg_hmac_free(pg_hmac_ctx *ctx)
int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *key, size_t len)
int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest, size_t len)
Assert(fmt[strlen(fmt) - 1] !='\n')
static void output(uint64 loop_count)
bool pg_strong_random(void *buf, size_t len)
void initPQExpBuffer(PQExpBuffer str)
int enlargePQExpBuffer(PQExpBuffer str, size_t needed)
void appendPQExpBuffer(PQExpBuffer str, const char *fmt,...)
void appendPQExpBufferChar(PQExpBuffer str, char ch)
void appendPQExpBufferStr(PQExpBuffer str, const char *data)
void termPQExpBuffer(PQExpBuffer str)
#define PQExpBufferDataBroken(buf)
pg_saslprep_rc pg_saslprep(const char *input, char **output)
int scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
int scram_H(const uint8 *input, int len, uint8 *result, const char **errstr)
int scram_ClientKey(const uint8 *salted_password, uint8 *result, const char **errstr)
int scram_ServerKey(const uint8 *salted_password, uint8 *result, const char **errstr)
char * scram_build_secret(const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
#define SCRAM_DEFAULT_ITERATIONS
#define SCRAM_SHA_256_PLUS_NAME
#define SCRAM_RAW_NONCE_LEN
#define SCRAM_DEFAULT_SALT_LEN
char * client_final_message_without_proof
fe_scram_state_enum state
char * client_first_message_bare
char * server_final_message
char * server_first_message
PQExpBufferData errorMessage