1 /*------------------------------------------------------------------------- 2 * 3 * scram-common.h 4 * Declarations for helper functions used for SCRAM authentication 5 * 6 * Portions Copyright (c) 1996-2021, PostgreSQL Global Development Group 7 * Portions Copyright (c) 1994, Regents of the University of California 8 * 9 * src/include/common/scram-common.h 10 * 11 *------------------------------------------------------------------------- 12 */ 13 #ifndef SCRAM_COMMON_H 14 #define SCRAM_COMMON_H 15 16 #include "common/cryptohash.h" 17 #include "common/sha2.h" 18 19 /* Name of SCRAM mechanisms per IANA */ 20 #define SCRAM_SHA_256_NAME "SCRAM-SHA-256" 21 #define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */ 22 23 /* Length of SCRAM keys (client and server) */ 24 #define SCRAM_KEY_LEN PG_SHA256_DIGEST_LENGTH 25 26 /* length of HMAC */ 27 #define SHA256_HMAC_B PG_SHA256_BLOCK_LENGTH 28 29 /* 30 * Size of random nonce generated in the authentication exchange. This 31 * is in "raw" number of bytes, the actual nonces sent over the wire are 32 * encoded using only ASCII-printable characters. 33 */ 34 #define SCRAM_RAW_NONCE_LEN 18 35 36 /* 37 * Length of salt when generating new secrets, in bytes. (It will be stored 38 * and sent over the wire encoded in Base64.) 16 bytes is what the example in 39 * RFC 7677 uses. 40 */ 41 #define SCRAM_DEFAULT_SALT_LEN 16 42 43 /* 44 * Default number of iterations when generating secret. Should be at least 45 * 4096 per RFC 7677. 46 */ 47 #define SCRAM_DEFAULT_ITERATIONS 4096 48 49 extern int scram_SaltedPassword(const char *password, const char *salt, 50 int saltlen, int iterations, uint8 *result); 51 extern int scram_H(const uint8 *str, int len, uint8 *result); 52 extern int scram_ClientKey(const uint8 *salted_password, uint8 *result); 53 extern int scram_ServerKey(const uint8 *salted_password, uint8 *result); 54 55 extern char *scram_build_secret(const char *salt, int saltlen, int iterations, 56 const char *password); 57 58 #endif /* SCRAM_COMMON_H */ 59