PostgreSQL Source Code git master
scram-common.h
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * scram-common.h
4 * Declarations for helper functions used for SCRAM authentication
5 *
6 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
7 * Portions Copyright (c) 1994, Regents of the University of California
8 *
9 * src/include/common/scram-common.h
10 *
11 *-------------------------------------------------------------------------
12 */
13#ifndef SCRAM_COMMON_H
14#define SCRAM_COMMON_H
15
16#include "common/cryptohash.h"
17#include "common/sha2.h"
18
19/* Name of SCRAM mechanisms per IANA */
20#define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
21#define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
22
23/* Length of SCRAM keys (client and server) */
24#define SCRAM_SHA_256_KEY_LEN PG_SHA256_DIGEST_LENGTH
25
26/*
27 * Size of buffers used internally by SCRAM routines, that should be the
28 * maximum of SCRAM_SHA_*_KEY_LEN among the hash methods supported.
29 */
30#define SCRAM_MAX_KEY_LEN SCRAM_SHA_256_KEY_LEN
31
32/*
33 * Size of random nonce generated in the authentication exchange. This
34 * is in "raw" number of bytes, the actual nonces sent over the wire are
35 * encoded using only ASCII-printable characters.
36 */
37#define SCRAM_RAW_NONCE_LEN 18
38
39/*
40 * Length of salt when generating new secrets, in bytes. (It will be stored
41 * and sent over the wire encoded in Base64.) 16 bytes is what the example in
42 * RFC 7677 uses.
43 */
44#define SCRAM_DEFAULT_SALT_LEN 16
45
46/*
47 * Default number of iterations when generating secret. Should be at least
48 * 4096 per RFC 7677.
49 */
50#define SCRAM_SHA_256_DEFAULT_ITERATIONS 4096
51
52extern int scram_SaltedPassword(const char *password,
53 pg_cryptohash_type hash_type, int key_length,
54 const char *salt, int saltlen, int iterations,
55 uint8 *result, const char **errstr);
56extern int scram_H(const uint8 *input, pg_cryptohash_type hash_type,
57 int key_length, uint8 *result,
58 const char **errstr);
59extern int scram_ClientKey(const uint8 *salted_password,
60 pg_cryptohash_type hash_type, int key_length,
61 uint8 *result, const char **errstr);
62extern int scram_ServerKey(const uint8 *salted_password,
63 pg_cryptohash_type hash_type, int key_length,
64 uint8 *result, const char **errstr);
65
66extern char *scram_build_secret(pg_cryptohash_type hash_type, int key_length,
67 const char *salt, int saltlen, int iterations,
68 const char *password, const char **errstr);
69
70#endif /* SCRAM_COMMON_H */
uint8_t uint8
Definition: c.h:486
pg_cryptohash_type
Definition: cryptohash.h:20
FILE * input
char * scram_build_secret(pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, const char *password, const char **errstr)
Definition: scram-common.c:209
int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:172
int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const char *salt, int saltlen, int iterations, uint8 *result, const char **errstr)
Definition: scram-common.c:38
int scram_ClientKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:142
int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)
Definition: scram-common.c:112
static char * password
Definition: streamutil.c:52
int iterations
Definition: thread-thread.c:39