mirror of
https://github.com/postgres/postgres.git
synced 2026-02-22 17:31:00 -05:00
e6bdfd9700
Similarly to the cryptohash implementations, this refactors the existing
HMAC code into a single set of APIs that can be plugged with any crypto
libraries PostgreSQL is built with (only OpenSSL currently). If there
is no such libraries, a fallback implementation is available. Those new
APIs are designed similarly to the existing cryptohash layer, so there
is no real new design here, with the same logic around buffer bound
checks and memory handling.
HMAC has a dependency on cryptohashes, so all the cryptohash types
supported by cryptohash{_openssl}.c can be used with HMAC. This
refactoring is an advantage mainly for SCRAM, that included its own
implementation of HMAC with SHA256 without relying on the existing
crypto libraries even if PostgreSQL was built with their support.
This code has been tested on Windows and Linux, with and without
OpenSSL, across all the versions supported on HEAD from 1.1.1 down to
1.0.1. I have also checked that the implementations are working fine
using some sample results, a custom extension of my own, and doing
cross-checks across different major versions with SCRAM with the client
and the backend.
Author: Michael Paquier
Reviewed-by: Bruce Momjian
Discussion: https://postgr.es/m/X9m0nkEJEzIPXjeZ@paquier.xyz
58 lines
1.9 KiB
C
58 lines
1.9 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* scram-common.h
|
|
* Declarations for helper functions used for SCRAM authentication
|
|
*
|
|
* Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
*
|
|
* src/include/common/scram-common.h
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#ifndef SCRAM_COMMON_H
|
|
#define SCRAM_COMMON_H
|
|
|
|
#include "common/cryptohash.h"
|
|
#include "common/sha2.h"
|
|
|
|
/* Name of SCRAM mechanisms per IANA */
|
|
#define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
|
|
#define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
|
|
|
|
/* Length of SCRAM keys (client and server) */
|
|
#define SCRAM_KEY_LEN PG_SHA256_DIGEST_LENGTH
|
|
|
|
/* length of HMAC */
|
|
#define SHA256_HMAC_B PG_SHA256_BLOCK_LENGTH
|
|
|
|
/*
|
|
* Size of random nonce generated in the authentication exchange. This
|
|
* is in "raw" number of bytes, the actual nonces sent over the wire are
|
|
* encoded using only ASCII-printable characters.
|
|
*/
|
|
#define SCRAM_RAW_NONCE_LEN 18
|
|
|
|
/*
|
|
* Length of salt when generating new secrets, in bytes. (It will be stored
|
|
* and sent over the wire encoded in Base64.) 16 bytes is what the example in
|
|
* RFC 7677 uses.
|
|
*/
|
|
#define SCRAM_DEFAULT_SALT_LEN 16
|
|
|
|
/*
|
|
* Default number of iterations when generating secret. Should be at least
|
|
* 4096 per RFC 7677.
|
|
*/
|
|
#define SCRAM_DEFAULT_ITERATIONS 4096
|
|
|
|
extern int scram_SaltedPassword(const char *password, const char *salt,
|
|
int saltlen, int iterations, uint8 *result);
|
|
extern int scram_H(const uint8 *str, int len, uint8 *result);
|
|
extern int scram_ClientKey(const uint8 *salted_password, uint8 *result);
|
|
extern int scram_ServerKey(const uint8 *salted_password, uint8 *result);
|
|
|
|
extern char *scram_build_secret(const char *salt, int saltlen, int iterations,
|
|
const char *password);
|
|
|
|
#endif /* SCRAM_COMMON_H */
|