1 /*------------------------------------------------------------------------- 2 * 3 * scram-common.h 4 * Declarations for helper functions used for SCRAM authentication 5 * 6 * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group 7 * Portions Copyright (c) 1994, Regents of the University of California 8 * 9 * src/include/common/scram-common.h 10 * 11 *------------------------------------------------------------------------- 12 */ 13 #ifndef SCRAM_COMMON_H 14 #define SCRAM_COMMON_H 15 16 #include "common/sha2.h" 17 18 /* Length of SCRAM keys (client and server) */ 19 #define SCRAM_KEY_LEN PG_SHA256_DIGEST_LENGTH 20 21 /* length of HMAC */ 22 #define SHA256_HMAC_B PG_SHA256_BLOCK_LENGTH 23 24 /* 25 * Size of random nonce generated in the authentication exchange. This 26 * is in "raw" number of bytes, the actual nonces sent over the wire are 27 * encoded using only ASCII-printable characters. 28 */ 29 #define SCRAM_RAW_NONCE_LEN 18 30 31 /* 32 * Length of salt when generating new verifiers, in bytes. (It will be stored 33 * and sent over the wire encoded in Base64.) 16 bytes is what the example in 34 * RFC 7677 uses. 35 */ 36 #define SCRAM_DEFAULT_SALT_LEN 16 37 38 /* 39 * Default number of iterations when generating verifier. Should be at least 40 * 4096 per RFC 7677. 41 */ 42 #define SCRAM_DEFAULT_ITERATIONS 4096 43 44 /* 45 * Context data for HMAC used in SCRAM authentication. 46 */ 47 typedef struct 48 { 49 pg_sha256_ctx sha256ctx; 50 uint8 k_opad[SHA256_HMAC_B]; 51 } scram_HMAC_ctx; 52 53 extern void scram_HMAC_init(scram_HMAC_ctx *ctx, const uint8 *key, int keylen); 54 extern void scram_HMAC_update(scram_HMAC_ctx *ctx, const char *str, int slen); 55 extern void scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx); 56 57 extern void scram_SaltedPassword(const char *password, const char *salt, 58 int saltlen, int iterations, uint8 *result); 59 extern void scram_H(const uint8 *str, int len, uint8 *result); 60 extern void scram_ClientKey(const uint8 *salted_password, uint8 *result); 61 extern void scram_ServerKey(const uint8 *salted_password, uint8 *result); 62 63 extern char *scram_build_verifier(const char *salt, int saltlen, int iterations, 64 const char *password); 65 66 #endif /* SCRAM_COMMON_H */ 67