37 const char *salt,
int saltlen,
int iterations,
38 uint8 *result,
const char **errstr)
71 memcpy(result, Ui_prev, key_length);
74 for (
i = 2;
i <= iterations;
i++)
85 for (
j = 0;
j < key_length;
j++)
87 memcpy(Ui_prev, Ui, key_length);
102 uint8 *result,
const char **errstr)
133 uint8 *result,
const char **errstr)
143 if (
pg_hmac_init(ctx, salted_password, key_length) < 0 ||
163 uint8 *result,
const char **errstr)
173 if (
pg_hmac_init(ctx, salted_password, key_length) < 0 ||
200 const char *salt,
int saltlen,
int iterations,
201 const char *
password,
const char **errstr)
209 int encoded_salt_len;
210 int encoded_stored_len;
211 int encoded_server_len;
221 salt, saltlen, iterations,
222 salted_password, errstr) < 0 ||
224 stored_key, errstr) < 0 ||
225 scram_H(stored_key, hash_type, key_length,
226 stored_key, errstr) < 0 ||
228 server_key, errstr) < 0)
234 elog(
ERROR,
"could not calculate stored key and server key: %s",
248 maxlen = strlen(
"SCRAM-SHA-256") + 1
250 + encoded_salt_len + 1
251 + encoded_stored_len + 1
252 + encoded_server_len + 1;
258 *errstr =
_(
"out of memory");
265 p = result +
sprintf(result,
"SCRAM-SHA-256$%d:", iterations);
268 encoded_result =
pg_b64_encode(salt, saltlen, p, encoded_salt_len);
269 if (encoded_result < 0)
271 *errstr =
_(
"could not encode salt");
283 encoded_result =
pg_b64_encode((
char *) stored_key, key_length, p,
285 if (encoded_result < 0)
287 *errstr =
_(
"could not encode stored key");
300 encoded_result =
pg_b64_encode((
char *) server_key, key_length, p,
302 if (encoded_result < 0)
304 *errstr =
_(
"could not encode server key");
316 Assert(p - result <= maxlen);
int pg_b64_enc_len(int srclen)
int pg_b64_encode(const char *src, int len, char *dst, int dstlen)
int pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
int pg_cryptohash_init(pg_cryptohash_ctx *ctx)
void pg_cryptohash_free(pg_cryptohash_ctx *ctx)
pg_cryptohash_ctx * pg_cryptohash_create(pg_cryptohash_type type)
int pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)
const char * pg_cryptohash_error(pg_cryptohash_ctx *ctx)
elog(ERROR, "%s: %s", p2, msg)
pg_hmac_ctx * pg_hmac_create(pg_cryptohash_type type)
const char * pg_hmac_error(pg_hmac_ctx *ctx)
void pg_hmac_free(pg_hmac_ctx *ctx)
int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *key, size_t len)
int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest, size_t len)
Assert(fmt[strlen(fmt) - 1] !='\n')
int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
int scram_ClientKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
char * scram_build_secret(pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
#define SCRAM_MAX_KEY_LEN