PostgreSQL Source Code: src/common/scram-common.c Source File (original) (raw)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16#ifndef FRONTEND

18#else

20#endif

21

25#ifndef FRONTEND

27#endif

29

30

31

32

33

34

35

36

37int

41 uint8 *result, const char **errstr)

42{

43 int password_len = strlen(password);

45 int i,

46 j;

50

51 if (hmac_ctx == NULL)

52 {

54 return -1;

55 }

56

57

58

59

60

61

62

63

68 {

71 return -1;

72 }

73

74 memcpy(result, Ui_prev, key_length);

75

76

78 {

79#ifndef FRONTEND

80

81

82

83

85#endif

86

90 {

93 return -1;

94 }

95

96 for (j = 0; j < key_length; j++)

97 result[j] ^= Ui[j];

98 memcpy(Ui_prev, Ui, key_length);

99 }

100

102 return 0;

103}

104

105

106

107

108

109

110

111int

113 uint8 *result, const char **errstr)

114{

116

118 if (ctx == NULL)

119 {

121 return -1;

122 }

123

127 {

130 return -1;

131 }

132

134 return 0;

135}

136

137

138

139

140

141int

144 uint8 *result, const char **errstr)

145{

147

148 if (ctx == NULL)

149 {

151 return -1;

152 }

153

154 if (pg_hmac_init(ctx, salted_password, key_length) < 0 ||

157 {

160 return -1;

161 }

162

164 return 0;

165}

166

167

168

169

170

171int

174 uint8 *result, const char **errstr)

175{

177

178 if (ctx == NULL)

179 {

181 return -1;

182 }

183

184 if (pg_hmac_init(ctx, salted_password, key_length) < 0 ||

187 {

190 return -1;

191 }

192

194 return 0;

195}

196

197

198

199

200

201

202

203

204

205

206

207

208char *

211 const char *password, const char **errstr)

212{

216 char *result;

217 char *p;

218 int maxlen;

219 int encoded_salt_len;

220 int encoded_stored_len;

221 int encoded_server_len;

222 int encoded_result;

223

224

226

228

229

232 salted_password, errstr) < 0 ||

234 stored_key, errstr) < 0 ||

235 scram_H(stored_key, hash_type, key_length,

236 stored_key, errstr) < 0 ||

238 server_key, errstr) < 0)

239 {

240

241#ifdef FRONTEND

242 return NULL;

243#else

244 elog(ERROR, "could not calculate stored key and server key: %s",

245 *errstr);

246#endif

247 }

248

249

250

251

252

253

257

258 maxlen = strlen("SCRAM-SHA-256") + 1

259 + 10 + 1

260 + encoded_salt_len + 1

261 + encoded_stored_len + 1

262 + encoded_server_len + 1;

263

264#ifdef FRONTEND

265 result = malloc(maxlen);

266 if (!result)

267 {

268 *errstr = _("out of memory");

269 return NULL;

270 }

271#else

272 result = palloc(maxlen);

273#endif

274

276

277

278 encoded_result = pg_b64_encode(salt, saltlen, p, encoded_salt_len);

279 if (encoded_result < 0)

280 {

281 *errstr = _("could not encode salt");

282#ifdef FRONTEND

283 free(result);

284 return NULL;

285#else

287#endif

288 }

289 p += encoded_result;

290 *(p++) = '$';

291

292

293 encoded_result = pg_b64_encode(stored_key, key_length, p,

294 encoded_stored_len);

295 if (encoded_result < 0)

296 {

297 *errstr = _("could not encode stored key");

298#ifdef FRONTEND

299 free(result);

300 return NULL;

301#else

303#endif

304 }

305

306 p += encoded_result;

307 *(p++) = ':';

308

309

310 encoded_result = pg_b64_encode(server_key, key_length, p,

311 encoded_server_len);

312 if (encoded_result < 0)

313 {

314 *errstr = _("could not encode server key");

315#ifdef FRONTEND

316 free(result);

317 return NULL;

318#else

320#endif

321 }

322

323 p += encoded_result;

324 *(p++) = '\0';

325

326 Assert(p - result <= maxlen);

327

328 return result;

329}

int pg_b64_enc_len(int srclen)

int pg_b64_encode(const uint8 *src, int len, char *dst, int dstlen)

const char * pg_cryptohash_error(pg_cryptohash_ctx *ctx)

int pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len)

pg_cryptohash_ctx * pg_cryptohash_create(pg_cryptohash_type type)

int pg_cryptohash_init(pg_cryptohash_ctx *ctx)

void pg_cryptohash_free(pg_cryptohash_ctx *ctx)

int pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len)

Assert(PointerIsAligned(start, uint64))

pg_hmac_ctx * pg_hmac_create(pg_cryptohash_type type)

void pg_hmac_free(pg_hmac_ctx *ctx)

const char * pg_hmac_error(pg_hmac_ctx *ctx)

int pg_hmac_update(pg_hmac_ctx *ctx, const uint8 *data, size_t len)

int pg_hmac_init(pg_hmac_ctx *ctx, const uint8 *key, size_t len)

int pg_hmac_final(pg_hmac_ctx *ctx, uint8 *dest, size_t len)

#define CHECK_FOR_INTERRUPTS()

int scram_ServerKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)

int scram_SaltedPassword(const char *password, pg_cryptohash_type hash_type, int key_length, const uint8 *salt, int saltlen, int iterations, uint8 *result, const char **errstr)

char * scram_build_secret(pg_cryptohash_type hash_type, int key_length, const uint8 *salt, int saltlen, int iterations, const char *password, const char **errstr)

int scram_ClientKey(const uint8 *salted_password, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)

int scram_H(const uint8 *input, pg_cryptohash_type hash_type, int key_length, uint8 *result, const char **errstr)

#define SCRAM_MAX_KEY_LEN