PostgreSQL Source Code  git master
scram-common.h
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * scram-common.h
4  * Declarations for helper functions used for SCRAM authentication
5  *
6  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  * src/include/common/scram-common.h
10  *
11  *-------------------------------------------------------------------------
12  */
13 #ifndef SCRAM_COMMON_H
14 #define SCRAM_COMMON_H
15 
16 #include "common/cryptohash.h"
17 #include "common/sha2.h"
18 
19 /* Name of SCRAM mechanisms per IANA */
20 #define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
21 #define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
22 
23 /* Length of SCRAM keys (client and server) */
24 #define SCRAM_SHA_256_KEY_LEN PG_SHA256_DIGEST_LENGTH
25 
26 /*
27  * Size of buffers used internally by SCRAM routines, that should be the
28  * maximum of SCRAM_SHA_*_KEY_LEN among the hash methods supported.
29  */
30 #define SCRAM_MAX_KEY_LEN SCRAM_SHA_256_KEY_LEN
31 
32 /*
33  * Size of random nonce generated in the authentication exchange. This
34  * is in "raw" number of bytes, the actual nonces sent over the wire are
35  * encoded using only ASCII-printable characters.
36  */
37 #define SCRAM_RAW_NONCE_LEN 18
38 
39 /*
40  * Length of salt when generating new secrets, in bytes. (It will be stored
41  * and sent over the wire encoded in Base64.) 16 bytes is what the example in
42  * RFC 7677 uses.
43  */
44 #define SCRAM_DEFAULT_SALT_LEN 16
45 
46 /*
47  * Default number of iterations when generating secret. Should be at least
48  * 4096 per RFC 7677.
49  */
50 #define SCRAM_SHA_256_DEFAULT_ITERATIONS 4096
51 
52 extern int scram_SaltedPassword(const char *password,
53  pg_cryptohash_type hash_type, int key_length,
54  const char *salt, int saltlen, int iterations,
55  uint8 *result, const char **errstr);
56 extern int scram_H(const uint8 *input, pg_cryptohash_type hash_type,
57  int key_length, uint8 *result,
58  const char **errstr);
59 extern int scram_ClientKey(const uint8 *salted_password,
60  pg_cryptohash_type hash_type, int key_length,
61  uint8 *result, const char **errstr);
62 extern int scram_ServerKey(const uint8 *salted_password,
63  pg_cryptohash_type hash_type, int key_length,
64  uint8 *result, const char **errstr);
65 
66 extern char *scram_build_secret(pg_cryptohash_type hash_type, int key_length,
67  const char *salt, int saltlen, int iterations,
68  const char *password, const char **errstr);
69 
70 #endif /* SCRAM_COMMON_H */
uint8
unsigned char uint8
Definition: c.h:504
pg_cryptohash_type
pg_cryptohash_type
Definition: cryptohash.h:20
input
FILE * input
scram_ServerKey
int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:172
scram_SaltedPassword
int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
Definition: scram-common.c:38
scram_ClientKey
int scram_ClientKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:142
scram_build_secret
char * scram_build_secret(pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
Definition: scram-common.c:210
scram_H
int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:112
password
static char * password
Definition: streamutil.c:54
iterations
int iterations
Definition: thread-thread.c:39