PostgreSQL Source Code  git master
Macros | Functions
scram-common.h File Reference
#include "common/cryptohash.h"
#include "common/sha2.h"
Include dependency graph for scram-common.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define SCRAM_SHA_256_NAME   "SCRAM-SHA-256"
 
#define SCRAM_SHA_256_PLUS_NAME   "SCRAM-SHA-256-PLUS" /* with channel binding */
 
#define SCRAM_SHA_256_KEY_LEN   PG_SHA256_DIGEST_LENGTH
 
#define SCRAM_MAX_KEY_LEN   SCRAM_SHA_256_KEY_LEN
 
#define SCRAM_RAW_NONCE_LEN   18
 
#define SCRAM_DEFAULT_SALT_LEN   16
 
#define SCRAM_SHA_256_DEFAULT_ITERATIONS   4096
 

Functions

int scram_SaltedPassword (const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
 
int scram_H (const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
 
int scram_ClientKey (const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
 
int scram_ServerKey (const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
 
char * scram_build_secret (pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
 

Macro Definition Documentation

◆ SCRAM_DEFAULT_SALT_LEN

#define SCRAM_DEFAULT_SALT_LEN   16

Definition at line 44 of file scram-common.h.

◆ SCRAM_MAX_KEY_LEN

#define SCRAM_MAX_KEY_LEN   SCRAM_SHA_256_KEY_LEN

Definition at line 30 of file scram-common.h.

◆ SCRAM_RAW_NONCE_LEN

#define SCRAM_RAW_NONCE_LEN   18

Definition at line 37 of file scram-common.h.

◆ SCRAM_SHA_256_DEFAULT_ITERATIONS

#define SCRAM_SHA_256_DEFAULT_ITERATIONS   4096

Definition at line 50 of file scram-common.h.

◆ SCRAM_SHA_256_KEY_LEN

#define SCRAM_SHA_256_KEY_LEN   PG_SHA256_DIGEST_LENGTH

Definition at line 24 of file scram-common.h.

◆ SCRAM_SHA_256_NAME

#define SCRAM_SHA_256_NAME   "SCRAM-SHA-256"

Definition at line 20 of file scram-common.h.

◆ SCRAM_SHA_256_PLUS_NAME

#define SCRAM_SHA_256_PLUS_NAME   "SCRAM-SHA-256-PLUS" /* with channel binding */

Definition at line 21 of file scram-common.h.

Function Documentation

◆ scram_build_secret()

char* scram_build_secret ( pg_cryptohash_type  hash_type,
int  key_length,
const char *  salt,
int  saltlen,
int  iterations,
const char *  password,
const char **  errstr 
)

Definition at line 199 of file scram-common.c.

202 {
203  uint8 salted_password[SCRAM_MAX_KEY_LEN];
204  uint8 stored_key[SCRAM_MAX_KEY_LEN];
205  uint8 server_key[SCRAM_MAX_KEY_LEN];
206  char *result;
207  char *p;
208  int maxlen;
209  int encoded_salt_len;
210  int encoded_stored_len;
211  int encoded_server_len;
212  int encoded_result;
213 
214  /* Only this hash method is supported currently */
215  Assert(hash_type == PG_SHA256);
216 
217  Assert(iterations > 0);
218 
219  /* Calculate StoredKey and ServerKey */
220  if (scram_SaltedPassword(password, hash_type, key_length,
221  salt, saltlen, iterations,
222  salted_password, errstr) < 0 ||
223  scram_ClientKey(salted_password, hash_type, key_length,
224  stored_key, errstr) < 0 ||
225  scram_H(stored_key, hash_type, key_length,
226  stored_key, errstr) < 0 ||
227  scram_ServerKey(salted_password, hash_type, key_length,
228  server_key, errstr) < 0)
229  {
230  /* errstr is filled already here */
231 #ifdef FRONTEND
232  return NULL;
233 #else
234  elog(ERROR, "could not calculate stored key and server key: %s",
235  *errstr);
236 #endif
237  }
238 
239  /*----------
240  * The format is:
241  * SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
242  *----------
243  */
244  encoded_salt_len = pg_b64_enc_len(saltlen);
245  encoded_stored_len = pg_b64_enc_len(key_length);
246  encoded_server_len = pg_b64_enc_len(key_length);
247 
248  maxlen = strlen("SCRAM-SHA-256") + 1
249  + 10 + 1 /* iteration count */
250  + encoded_salt_len + 1 /* Base64-encoded salt */
251  + encoded_stored_len + 1 /* Base64-encoded StoredKey */
252  + encoded_server_len + 1; /* Base64-encoded ServerKey */
253 
254 #ifdef FRONTEND
255  result = malloc(maxlen);
256  if (!result)
257  {
258  *errstr = _("out of memory");
259  return NULL;
260  }
261 #else
262  result = palloc(maxlen);
263 #endif
264 
265  p = result + sprintf(result, "SCRAM-SHA-256$%d:", iterations);
266 
267  /* salt */
268  encoded_result = pg_b64_encode(salt, saltlen, p, encoded_salt_len);
269  if (encoded_result < 0)
270  {
271  *errstr = _("could not encode salt");
272 #ifdef FRONTEND
273  free(result);
274  return NULL;
275 #else
276  elog(ERROR, "%s", *errstr);
277 #endif
278  }
279  p += encoded_result;
280  *(p++) = '$';
281 
282  /* stored key */
283  encoded_result = pg_b64_encode((char *) stored_key, key_length, p,
284  encoded_stored_len);
285  if (encoded_result < 0)
286  {
287  *errstr = _("could not encode stored key");
288 #ifdef FRONTEND
289  free(result);
290  return NULL;
291 #else
292  elog(ERROR, "%s", *errstr);
293 #endif
294  }
295 
296  p += encoded_result;
297  *(p++) = ':';
298 
299  /* server key */
300  encoded_result = pg_b64_encode((char *) server_key, key_length, p,
301  encoded_server_len);
302  if (encoded_result < 0)
303  {
304  *errstr = _("could not encode server key");
305 #ifdef FRONTEND
306  free(result);
307  return NULL;
308 #else
309  elog(ERROR, "%s", *errstr);
310 #endif
311  }
312 
313  p += encoded_result;
314  *(p++) = '\0';
315 
316  Assert(p - result <= maxlen);
317 
318  return result;
319 }
pg_b64_enc_len
int pg_b64_enc_len(int srclen)
Definition: base64.c:224
pg_b64_encode
int pg_b64_encode(const char *src, int len, char *dst, int dstlen)
Definition: base64.c:49
uint8
unsigned char uint8
Definition: c.h:488
PG_SHA256
@ PG_SHA256
Definition: cryptohash.h:24
_
#define _(x)
Definition: elog.c:91
ERROR
#define ERROR
Definition: elog.h:39
free
#define free(a)
Definition: header.h:65
malloc
#define malloc(a)
Definition: header.h:50
Assert
Assert(fmt[strlen(fmt) - 1] !='\n')
palloc
void * palloc(Size size)
Definition: mcxt.c:1226
sprintf
#define sprintf
Definition: port.h:240
scram_ServerKey
int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:161
scram_SaltedPassword
int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
Definition: scram-common.c:35
scram_ClientKey
int scram_ClientKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:131
scram_H
int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:101
SCRAM_MAX_KEY_LEN
#define SCRAM_MAX_KEY_LEN
Definition: scram-common.h:30
password
static char * password
Definition: streamutil.c:53

References _, Assert(), elog(), ERROR, free, malloc, palloc(), password, pg_b64_enc_len(), pg_b64_encode(), PG_SHA256, scram_ClientKey(), scram_H(), SCRAM_MAX_KEY_LEN, scram_SaltedPassword(), scram_ServerKey(), and sprintf.

Referenced by pg_be_scram_build_secret(), and pg_fe_scram_build_secret().

◆ scram_ClientKey()

int scram_ClientKey ( const uint8 salted_password,
pg_cryptohash_type  hash_type,
int  key_length,
uint8 result,
const char **  errstr 
)

Definition at line 131 of file scram-common.c.

134 {
135  pg_hmac_ctx *ctx = pg_hmac_create(hash_type);
136 
137  if (ctx == NULL)
138  {
139  *errstr = pg_hmac_error(NULL); /* returns OOM */
140  return -1;
141  }
142 
143  if (pg_hmac_init(ctx, salted_password, key_length) < 0 ||
144  pg_hmac_update(ctx, (uint8 *) "Client Key", strlen("Client Key")) < 0 ||
145  pg_hmac_final(ctx, result, key_length) < 0)
146  {
147  *errstr = pg_hmac_error(ctx);
148  pg_hmac_free(ctx);
149  return -1;
150  }
151 
152  pg_hmac_free(ctx);
153  return 0;
154 }
pg_hmac_create
pg_hmac_ctx * pg_hmac_create(pg_cryptohash_type type)
Definition: hmac.c:77
pg_hmac_error
const char * pg_hmac_error(pg_hmac_ctx *ctx)
Definition: hmac.c:306
pg_hmac_free
void pg_hmac_free(pg_hmac_ctx *ctx)
Definition: hmac.c:289
pg_hmac_update
int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)
Definition: hmac.c:223
pg_hmac_init
int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *key, size_t len)
Definition: hmac.c:138
pg_hmac_final
int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest, size_t len)
Definition: hmac.c:244
pg_hmac_ctx
Definition: hmac.c:51

References pg_hmac_create(), pg_hmac_error(), pg_hmac_final(), pg_hmac_free(), pg_hmac_init(), and pg_hmac_update().

Referenced by calculate_client_proof(), and scram_build_secret().

◆ scram_H()

int scram_H ( const uint8 input,
pg_cryptohash_type  hash_type,
int  key_length,
uint8 result,
const char **  errstr 
)

Definition at line 101 of file scram-common.c.

103 {
104  pg_cryptohash_ctx *ctx;
105 
106  ctx = pg_cryptohash_create(hash_type);
107  if (ctx == NULL)
108  {
109  *errstr = pg_cryptohash_error(NULL); /* returns OOM */
110  return -1;
111  }
112 
113  if (pg_cryptohash_init(ctx) < 0 ||
114  pg_cryptohash_update(ctx, input, key_length) < 0 ||
115  pg_cryptohash_final(ctx, result, key_length) < 0)
116  {
117  *errstr = pg_cryptohash_error(ctx);
118  pg_cryptohash_free(ctx);
119  return -1;
120  }
121 
122  pg_cryptohash_free(ctx);
123  return 0;
124 }
pg_cryptohash_update
int pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)
Definition: cryptohash.c:136
pg_cryptohash_init
int pg_cryptohash_init(pg_cryptohash_ctx *ctx)
Definition: cryptohash.c:100
pg_cryptohash_free
void pg_cryptohash_free(pg_cryptohash_ctx *ctx)
Definition: cryptohash.c:238
pg_cryptohash_create
pg_cryptohash_ctx * pg_cryptohash_create(pg_cryptohash_type type)
Definition: cryptohash.c:74
pg_cryptohash_final
int pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)
Definition: cryptohash.c:172
pg_cryptohash_error
const char * pg_cryptohash_error(pg_cryptohash_ctx *ctx)
Definition: cryptohash.c:254
input
FILE * input
pg_cryptohash_ctx
Definition: cryptohash.c:52

References input, pg_cryptohash_create(), pg_cryptohash_error(), pg_cryptohash_final(), pg_cryptohash_free(), pg_cryptohash_init(), and pg_cryptohash_update().

Referenced by calculate_client_proof(), scram_build_secret(), and verify_client_proof().

◆ scram_SaltedPassword()

int scram_SaltedPassword ( const char *  password,
pg_cryptohash_type  hash_type,
int  key_length,
const char *  salt,
int  saltlen,
int  iterations,
uint8 result,
const char **  errstr 
)

Definition at line 35 of file scram-common.c.

39 {
40  int password_len = strlen(password);
41  uint32 one = pg_hton32(1);
42  int i,
43  j;
44  uint8 Ui[SCRAM_MAX_KEY_LEN];
45  uint8 Ui_prev[SCRAM_MAX_KEY_LEN];
46  pg_hmac_ctx *hmac_ctx = pg_hmac_create(hash_type);
47 
48  if (hmac_ctx == NULL)
49  {
50  *errstr = pg_hmac_error(NULL); /* returns OOM */
51  return -1;
52  }
53 
54  /*
55  * Iterate hash calculation of HMAC entry using given salt. This is
56  * essentially PBKDF2 (see RFC2898) with HMAC() as the pseudorandom
57  * function.
58  */
59 
60  /* First iteration */
61  if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
62  pg_hmac_update(hmac_ctx, (uint8 *) salt, saltlen) < 0 ||
63  pg_hmac_update(hmac_ctx, (uint8 *) &one, sizeof(uint32)) < 0 ||
64  pg_hmac_final(hmac_ctx, Ui_prev, key_length) < 0)
65  {
66  *errstr = pg_hmac_error(hmac_ctx);
67  pg_hmac_free(hmac_ctx);
68  return -1;
69  }
70 
71  memcpy(result, Ui_prev, key_length);
72 
73  /* Subsequent iterations */
74  for (i = 2; i <= iterations; i++)
75  {
76  if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
77  pg_hmac_update(hmac_ctx, (uint8 *) Ui_prev, key_length) < 0 ||
78  pg_hmac_final(hmac_ctx, Ui, key_length) < 0)
79  {
80  *errstr = pg_hmac_error(hmac_ctx);
81  pg_hmac_free(hmac_ctx);
82  return -1;
83  }
84 
85  for (j = 0; j < key_length; j++)
86  result[j] ^= Ui[j];
87  memcpy(Ui_prev, Ui, key_length);
88  }
89 
90  pg_hmac_free(hmac_ctx);
91  return 0;
92 }
uint32
unsigned int uint32
Definition: c.h:490
j
int j
Definition: isn.c:74
i
int i
Definition: isn.c:73
pg_hton32
#define pg_hton32(x)
Definition: pg_bswap.h:121

References i, j, password, pg_hmac_create(), pg_hmac_error(), pg_hmac_final(), pg_hmac_free(), pg_hmac_init(), pg_hmac_update(), pg_hton32, and SCRAM_MAX_KEY_LEN.

Referenced by calculate_client_proof(), scram_build_secret(), and scram_verify_plain_password().

◆ scram_ServerKey()

int scram_ServerKey ( const uint8 salted_password,
pg_cryptohash_type  hash_type,
int  key_length,
uint8 result,
const char **  errstr 
)

Definition at line 161 of file scram-common.c.

164 {
165  pg_hmac_ctx *ctx = pg_hmac_create(hash_type);
166 
167  if (ctx == NULL)
168  {
169  *errstr = pg_hmac_error(NULL); /* returns OOM */
170  return -1;
171  }
172 
173  if (pg_hmac_init(ctx, salted_password, key_length) < 0 ||
174  pg_hmac_update(ctx, (uint8 *) "Server Key", strlen("Server Key")) < 0 ||
175  pg_hmac_final(ctx, result, key_length) < 0)
176  {
177  *errstr = pg_hmac_error(ctx);
178  pg_hmac_free(ctx);
179  return -1;
180  }
181 
182  pg_hmac_free(ctx);
183  return 0;
184 }

References pg_hmac_create(), pg_hmac_error(), pg_hmac_final(), pg_hmac_free(), pg_hmac_init(), and pg_hmac_update().

Referenced by scram_build_secret(), scram_verify_plain_password(), and verify_server_signature().