1 /*-------------------------------------------------------------------------
2  *
3  * scram-common.h
4  *		Declarations for helper functions used for SCRAM authentication
5  *
6  * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  * src/include/common/scram-common.h
10  *
11  *-------------------------------------------------------------------------
12  */
13 #ifndef SCRAM_COMMON_H
14 #define SCRAM_COMMON_H
15 
16 #include "common/sha2.h"
17 
18 /* Length of SCRAM keys (client and server) */
19 #define SCRAM_KEY_LEN				PG_SHA256_DIGEST_LENGTH
20 
21 /* length of HMAC */
22 #define SHA256_HMAC_B				PG_SHA256_BLOCK_LENGTH
23 
24 /*
25  * Size of random nonce generated in the authentication exchange.  This
26  * is in "raw" number of bytes, the actual nonces sent over the wire are
27  * encoded using only ASCII-printable characters.
28  */
29 #define SCRAM_RAW_NONCE_LEN			18
30 
31 /*
32  * Length of salt when generating new verifiers, in bytes.  (It will be stored
33  * and sent over the wire encoded in Base64.)  16 bytes is what the example in
34  * RFC 7677 uses.
35  */
36 #define SCRAM_DEFAULT_SALT_LEN		16
37 
38 /*
39  * Default number of iterations when generating verifier.  Should be at least
40  * 4096 per RFC 7677.
41  */
42 #define SCRAM_DEFAULT_ITERATIONS	4096
43 
44 /*
45  * Context data for HMAC used in SCRAM authentication.
46  */
47 typedef struct
48 {
49 	pg_sha256_ctx sha256ctx;
50 	uint8		k_opad[SHA256_HMAC_B];
51 } scram_HMAC_ctx;
52 
53 extern void scram_HMAC_init(scram_HMAC_ctx *ctx, const uint8 *key, int keylen);
54 extern void scram_HMAC_update(scram_HMAC_ctx *ctx, const char *str, int slen);
55 extern void scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx);
56 
57 extern void scram_SaltedPassword(const char *password, const char *salt,
58 					 int saltlen, int iterations, uint8 *result);
59 extern void scram_H(const uint8 *str, int len, uint8 *result);
60 extern void scram_ClientKey(const uint8 *salted_password, uint8 *result);
61 extern void scram_ServerKey(const uint8 *salted_password, uint8 *result);
62 
63 extern char *scram_build_verifier(const char *salt, int saltlen, int iterations,
64 					 const char *password);
65 
66 #endif							/* SCRAM_COMMON_H */
67