summaryrefslogtreecommitdiffstats
path: root/src/include/common/scram-common.h
blob: 5ccff96eceec0dfefa02fd7b1b182b266a0d443d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/*-------------------------------------------------------------------------
 *
 * scram-common.h
 *		Declarations for helper functions used for SCRAM authentication
 *
 * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
 * src/include/common/scram-common.h
 *
 *-------------------------------------------------------------------------
 */
#ifndef SCRAM_COMMON_H
#define SCRAM_COMMON_H

#include "common/cryptohash.h"
#include "common/sha2.h"

/* Name of SCRAM mechanisms per IANA */
#define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
#define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS"	/* with channel binding */

/* Length of SCRAM keys (client and server) */
#define SCRAM_SHA_256_KEY_LEN				PG_SHA256_DIGEST_LENGTH

/*
 * Size of buffers used internally by SCRAM routines, that should be the
 * maximum of SCRAM_SHA_*_KEY_LEN among the hash methods supported.
 */
#define SCRAM_MAX_KEY_LEN					SCRAM_SHA_256_KEY_LEN

/*
 * Size of random nonce generated in the authentication exchange.  This
 * is in "raw" number of bytes, the actual nonces sent over the wire are
 * encoded using only ASCII-printable characters.
 */
#define SCRAM_RAW_NONCE_LEN			18

/*
 * Length of salt when generating new secrets, in bytes.  (It will be stored
 * and sent over the wire encoded in Base64.)  16 bytes is what the example in
 * RFC 7677 uses.
 */
#define SCRAM_DEFAULT_SALT_LEN		16

/*
 * Default number of iterations when generating secret.  Should be at least
 * 4096 per RFC 7677.
 */
#define SCRAM_SHA_256_DEFAULT_ITERATIONS	4096

extern int	scram_SaltedPassword(const char *password,
								 pg_cryptohash_type hash_type, int key_length,
								 const char *salt, int saltlen, int iterations,
								 uint8 *result, const char **errstr);
extern int	scram_H(const uint8 *input, pg_cryptohash_type hash_type,
					int key_length, uint8 *result,
					const char **errstr);
extern int	scram_ClientKey(const uint8 *salted_password,
							pg_cryptohash_type hash_type, int key_length,
							uint8 *result, const char **errstr);
extern int	scram_ServerKey(const uint8 *salted_password,
							pg_cryptohash_type hash_type, int key_length,
							uint8 *result, const char **errstr);

extern char *scram_build_secret(pg_cryptohash_type hash_type, int key_length,
								const char *salt, int saltlen, int iterations,
								const char *password, const char **errstr);

#endif							/* SCRAM_COMMON_H */