PostgreSQL Source Code  git master
scram-common.h
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * scram-common.h
4  * Declarations for helper functions used for SCRAM authentication
5  *
6  * Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  * src/include/common/scram-common.h
10  *
11  *-------------------------------------------------------------------------
12  */
13 #ifndef SCRAM_COMMON_H
14 #define SCRAM_COMMON_H
15 
16 #include "common/sha2.h"
17 
18 /* Name of SCRAM mechanisms per IANA */
19 #define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
20 #define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
21 
22 /* Length of SCRAM keys (client and server) */
23 #define SCRAM_KEY_LEN PG_SHA256_DIGEST_LENGTH
24 
25 /* length of HMAC */
26 #define SHA256_HMAC_B PG_SHA256_BLOCK_LENGTH
27 
28 /*
29  * Size of random nonce generated in the authentication exchange. This
30  * is in "raw" number of bytes, the actual nonces sent over the wire are
31  * encoded using only ASCII-printable characters.
32  */
33 #define SCRAM_RAW_NONCE_LEN 18
34 
35 /*
36  * Length of salt when generating new secrets, in bytes. (It will be stored
37  * and sent over the wire encoded in Base64.) 16 bytes is what the example in
38  * RFC 7677 uses.
39  */
40 #define SCRAM_DEFAULT_SALT_LEN 16
41 
42 /*
43  * Default number of iterations when generating secret. Should be at least
44  * 4096 per RFC 7677.
45  */
46 #define SCRAM_DEFAULT_ITERATIONS 4096
47 
48 /*
49  * Context data for HMAC used in SCRAM authentication.
50  */
51 typedef struct
52 {
53  pg_sha256_ctx sha256ctx;
54  uint8 k_opad[SHA256_HMAC_B];
55 } scram_HMAC_ctx;
56 
57 extern void scram_HMAC_init(scram_HMAC_ctx *ctx, const uint8 *key, int keylen);
58 extern void scram_HMAC_update(scram_HMAC_ctx *ctx, const char *str, int slen);
59 extern void scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx);
60 
61 extern void scram_SaltedPassword(const char *password, const char *salt,
62  int saltlen, int iterations, uint8 *result);
63 extern void scram_H(const uint8 *str, int len, uint8 *result);
64 extern void scram_ClientKey(const uint8 *salted_password, uint8 *result);
65 extern void scram_ServerKey(const uint8 *salted_password, uint8 *result);
66 
67 extern char *scram_build_secret(const char *salt, int saltlen, int iterations,
68  const char *password);
69 
70 #endif /* SCRAM_COMMON_H */
pg_sha256_ctx
Definition: sha2.h:78
scram_HMAC_update
void scram_HMAC_update(scram_HMAC_ctx *ctx, const char *str, int slen)
Definition: scram-common.c:75
scram_build_secret
char * scram_build_secret(const char *salt, int saltlen, int iterations, const char *password)
Definition: scram-common.c:192
uint8
unsigned char uint8
Definition: c.h:372
scram_HMAC_ctx::sha256ctx
pg_sha256_ctx sha256ctx
Definition: scram-common.h:53
scram_ServerKey
void scram_ServerKey(const uint8 *salted_password, uint8 *result)
Definition: scram-common.c:173
scram_SaltedPassword
void scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations, uint8 *result)
Definition: scram-common.c:104
scram_HMAC_ctx
Definition: scram-common.h:51
scram_H
void scram_H(const uint8 *str, int len, uint8 *result)
Definition: scram-common.c:147
generate_unaccent_rules.str
str
Definition: generate_unaccent_rules.py:282
password
static char * password
Definition: streamutil.c:53
SHA256_HMAC_B
#define SHA256_HMAC_B
Definition: scram-common.h:26
scram_HMAC_final
void scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx)
Definition: scram-common.c:85
scram_HMAC_init
void scram_HMAC_init(scram_HMAC_ctx *ctx, const uint8 *key, int keylen)
Definition: scram-common.c:35
scram_ClientKey
void scram_ClientKey(const uint8 *salted_password, uint8 *result)
Definition: scram-common.c:160