#include "postgres.h"
#include "common/base64.h"
#include "common/hmac.h"
#include "common/scram-common.h"
#include "miscadmin.h"
#include "port/pg_bswap.h"

Include dependency graph for scram-common.c:

Functions
int	scram_SaltedPassword (const char password, pg_cryptohash_type hash_type, int key_length, const uint8 salt, int saltlen, int iterations, uint8 result, const char *errstr)

int	scram_H (const uint8 input, pg_cryptohash_type hash_type, int key_length, uint8 result, const char **errstr)

int	scram_ClientKey (const uint8 salted_password, pg_cryptohash_type hash_type, int key_length, uint8 result, const char **errstr)

int	scram_ServerKey (const uint8 salted_password, pg_cryptohash_type hash_type, int key_length, uint8 result, const char **errstr)

char *	scram_build_secret (pg_cryptohash_type hash_type, int key_length, const uint8 salt, int saltlen, int iterations, const char password, const char **errstr)

Function Documentation

◆ scram_build_secret()

char * scram_build_secret	(	pg_cryptohash_type	hash_type,
		int	key_length,
		const uint8 *	salt,
		int	saltlen,
		int	iterations,
		const char *	password,
		const char **	errstr
	)

Definition at line 209 of file scram-common.c.

{
    uint8       salted_password[SCRAM_MAX_KEY_LEN];
    uint8       stored_key[SCRAM_MAX_KEY_LEN];
    uint8       server_key[SCRAM_MAX_KEY_LEN];
    char       *result;
    char       *p;
    int         maxlen;
    int         encoded_salt_len;
    int         encoded_stored_len;
    int         encoded_server_len;
    int         encoded_result;
 
    /* Only this hash method is supported currently */
    Assert(hash_type == PG_SHA256);
 
    Assert(iterations > 0);
 
    /* Calculate StoredKey and ServerKey */
    if (scram_SaltedPassword(password, hash_type, key_length,
                             salt, saltlen, iterations,
                             salted_password, errstr) < 0 ||
        scram_ClientKey(salted_password, hash_type, key_length,
                        stored_key, errstr) < 0 ||
        scram_H(stored_key, hash_type, key_length,
                stored_key, errstr) < 0 ||
        scram_ServerKey(salted_password, hash_type, key_length,
                        server_key, errstr) < 0)
    {
        /* errstr is filled already here */
#ifdef FRONTEND
        return NULL;
#else
        elog(ERROR, "could not calculate stored key and server key: %s",
             *errstr);
#endif
    }
 
    /*----------
     * The format is:
     * SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
     *----------
     */
    encoded_salt_len = pg_b64_enc_len(saltlen);
    encoded_stored_len = pg_b64_enc_len(key_length);
    encoded_server_len = pg_b64_enc_len(key_length);
 
    maxlen = strlen("SCRAM-SHA-256") + 1
        + 10 + 1                /* iteration count */
        + encoded_salt_len + 1  /* Base64-encoded salt */
        + encoded_stored_len + 1    /* Base64-encoded StoredKey */
        + encoded_server_len + 1;   /* Base64-encoded ServerKey */
 
#ifdef FRONTEND
    result = malloc(maxlen);
    if (!result)
    {
        *errstr = _("out of memory");
        return NULL;
    }
#else
    result = palloc(maxlen);
#endif
 
    p = result + sprintf(result, "SCRAM-SHA-256$%d:", iterations);
 
    /* salt */
    encoded_result = pg_b64_encode(salt, saltlen, p, encoded_salt_len);
    if (encoded_result < 0)
    {
        *errstr = _("could not encode salt");
#ifdef FRONTEND
        free(result);
        return NULL;
#else
        elog(ERROR, "%s", *errstr);
#endif
    }
    p += encoded_result;
    *(p++) = '$';
 
    /* stored key */
    encoded_result = pg_b64_encode(stored_key, key_length, p,
                                   encoded_stored_len);
    if (encoded_result < 0)
    {
        *errstr = _("could not encode stored key");
#ifdef FRONTEND
        free(result);
        return NULL;
#else
        elog(ERROR, "%s", *errstr);
#endif
    }
 
    p += encoded_result;
    *(p++) = ':';
 
    /* server key */
    encoded_result = pg_b64_encode(server_key, key_length, p,
                                   encoded_server_len);
    if (encoded_result < 0)
    {
        *errstr = _("could not encode server key");
#ifdef FRONTEND
        free(result);
        return NULL;
#else
        elog(ERROR, "%s", *errstr);
#endif
    }
 
    p += encoded_result;
    *(p++) = '\0';
 
    Assert(p - result <= maxlen);
 
    return result;
}

References _, Assert(), elog, ERROR, free, iterations, malloc, palloc(), password, pg_b64_enc_len(), pg_b64_encode(), PG_SHA256, scram_ClientKey(), scram_H(), SCRAM_MAX_KEY_LEN, scram_SaltedPassword(), scram_ServerKey(), and sprintf.

Referenced by pg_be_scram_build_secret(), and pg_fe_scram_build_secret().

◆ scram_ClientKey()

int scram_ClientKey	(	const uint8 *	salted_password,
		pg_cryptohash_type	hash_type,
		int	key_length,
		uint8 *	result,
		const char **	errstr
	)

Definition at line 142 of file scram-common.c.

{
    pg_hmac_ctx *ctx = pg_hmac_create(hash_type);
 
    if (ctx == NULL)
    {
        *errstr = pg_hmac_error(NULL);  /* returns OOM */
        return -1;
    }
 
    if (pg_hmac_init(ctx, salted_password, key_length) < 0 ||
        pg_hmac_update(ctx, (uint8 *) "Client Key", strlen("Client Key")) < 0 ||
        pg_hmac_final(ctx, result, key_length) < 0)
    {
        *errstr = pg_hmac_error(ctx);
        pg_hmac_free(ctx);
        return -1;
    }
 
    pg_hmac_free(ctx);
    return 0;
}

References pg_hmac_create(), pg_hmac_error(), pg_hmac_final(), pg_hmac_free(), pg_hmac_init(), and pg_hmac_update().

Referenced by calculate_client_proof(), and scram_build_secret().

◆ scram_H()

int scram_H	(	const uint8 *	input,
		pg_cryptohash_type	hash_type,
		int	key_length,
		uint8 *	result,
		const char **	errstr
	)

Definition at line 112 of file scram-common.c.

{
    pg_cryptohash_ctx *ctx;
 
    ctx = pg_cryptohash_create(hash_type);
    if (ctx == NULL)
    {
        *errstr = pg_cryptohash_error(NULL);    /* returns OOM */
        return -1;
    }
 
    if (pg_cryptohash_init(ctx) < 0 ||
        pg_cryptohash_update(ctx, input, key_length) < 0 ||
        pg_cryptohash_final(ctx, result, key_length) < 0)
    {
        *errstr = pg_cryptohash_error(ctx);
        pg_cryptohash_free(ctx);
        return -1;
    }
 
    pg_cryptohash_free(ctx);
    return 0;
}

References input, pg_cryptohash_create(), pg_cryptohash_error(), pg_cryptohash_final(), pg_cryptohash_free(), pg_cryptohash_init(), and pg_cryptohash_update().

Referenced by calculate_client_proof(), scram_build_secret(), and verify_client_proof().

◆ scram_SaltedPassword()

int scram_SaltedPassword	(	const char *	password,
		pg_cryptohash_type	hash_type,
		int	key_length,
		const uint8 *	salt,
		int	saltlen,
		int	iterations,
		uint8 *	result,
		const char **	errstr
	)

Definition at line 38 of file scram-common.c.

{
    int         password_len = strlen(password);
    uint32      one = pg_hton32(1);
    int         i,
                j;
    uint8       Ui[SCRAM_MAX_KEY_LEN];
    uint8       Ui_prev[SCRAM_MAX_KEY_LEN];
    pg_hmac_ctx *hmac_ctx = pg_hmac_create(hash_type);
 
    if (hmac_ctx == NULL)
    {
        *errstr = pg_hmac_error(NULL);  /* returns OOM */
        return -1;
    }
 
    /*
     * Iterate hash calculation of HMAC entry using given salt.  This is
     * essentially PBKDF2 (see RFC2898) with HMAC() as the pseudorandom
     * function.
     */
 
    /* First iteration */
    if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
        pg_hmac_update(hmac_ctx, salt, saltlen) < 0 ||
        pg_hmac_update(hmac_ctx, (uint8 *) &one, sizeof(uint32)) < 0 ||
        pg_hmac_final(hmac_ctx, Ui_prev, key_length) < 0)
    {
        *errstr = pg_hmac_error(hmac_ctx);
        pg_hmac_free(hmac_ctx);
        return -1;
    }
 
    memcpy(result, Ui_prev, key_length);
 
    /* Subsequent iterations */
    for (i = 1; i < iterations; i++)
    {
#ifndef FRONTEND
        /*
         * Make sure that this is interruptible as scram_iterations could be
         * set to a large value.
         */
        CHECK_FOR_INTERRUPTS();
#endif
 
        if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
            pg_hmac_update(hmac_ctx, (uint8 *) Ui_prev, key_length) < 0 ||
            pg_hmac_final(hmac_ctx, Ui, key_length) < 0)
        {
            *errstr = pg_hmac_error(hmac_ctx);
            pg_hmac_free(hmac_ctx);
            return -1;
        }
 
        for (j = 0; j < key_length; j++)
            result[j] ^= Ui[j];
        memcpy(Ui_prev, Ui, key_length);
    }
 
    pg_hmac_free(hmac_ctx);
    return 0;
}

References CHECK_FOR_INTERRUPTS, i, iterations, j, password, pg_hmac_create(), pg_hmac_error(), pg_hmac_final(), pg_hmac_free(), pg_hmac_init(), pg_hmac_update(), pg_hton32, and SCRAM_MAX_KEY_LEN.

Referenced by calculate_client_proof(), scram_build_secret(), and scram_verify_plain_password().

◆ scram_ServerKey()

int scram_ServerKey	(	const uint8 *	salted_password,
		pg_cryptohash_type	hash_type,
		int	key_length,
		uint8 *	result,
		const char **	errstr
	)

Definition at line 172 of file scram-common.c.

{
    pg_hmac_ctx *ctx = pg_hmac_create(hash_type);
 
    if (ctx == NULL)
    {
        *errstr = pg_hmac_error(NULL);  /* returns OOM */
        return -1;
    }
 
    if (pg_hmac_init(ctx, salted_password, key_length) < 0 ||
        pg_hmac_update(ctx, (uint8 *) "Server Key", strlen("Server Key")) < 0 ||
        pg_hmac_final(ctx, result, key_length) < 0)
    {
        *errstr = pg_hmac_error(ctx);
        pg_hmac_free(ctx);
        return -1;
    }
 
    pg_hmac_free(ctx);
    return 0;
}