src/include/common/scram-common.h

   1 /*-------------------------------------------------------------------------
   2  *
   3  * scram-common.h
   4  *              Declarations for helper functions used for SCRAM authentication
   5  *
   6  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
   7  * Portions Copyright (c) 1994, Regents of the University of California
   8  *
   9  * src/include/common/scram-common.h
  10  *
  11  *-------------------------------------------------------------------------
  12  */
  13 #ifndef SCRAM_COMMON_H
  14 #define SCRAM_COMMON_H
  15
  16 #include "common/cryptohash.h"
  17 #include "common/sha2.h"
  18
  19 /* Name of SCRAM mechanisms per IANA */
  20 #define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
  21 #define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS"    /* with channel binding */
  22
  23 /* Length of SCRAM keys (client and server) */
  24 #define SCRAM_SHA_256_KEY_LEN                           PG_SHA256_DIGEST_LENGTH
  25
  26 /*
  27  * Size of buffers used internally by SCRAM routines, that should be the
  28  * maximum of SCRAM_SHA_*_KEY_LEN among the hash methods supported.
  29  */
  30 #define SCRAM_MAX_KEY_LEN                                       SCRAM_SHA_256_KEY_LEN
  31
  32 /*
  33  * Size of random nonce generated in the authentication exchange.  This
  34  * is in "raw" number of bytes, the actual nonces sent over the wire are
  35  * encoded using only ASCII-printable characters.
  36  */
  37 #define SCRAM_RAW_NONCE_LEN                     18
  38
  39 /*
  40  * Length of salt when generating new secrets, in bytes.  (It will be stored
  41  * and sent over the wire encoded in Base64.)  16 bytes is what the example in
  42  * RFC 7677 uses.
  43  */
  44 #define SCRAM_DEFAULT_SALT_LEN          16
  45
  46 /*
  47  * Default number of iterations when generating secret.  Should be at least
  48  * 4096 per RFC 7677.
  49  */
  50 #define SCRAM_SHA_256_DEFAULT_ITERATIONS        4096
  51
  52 extern int      scram_SaltedPassword(const char *password,
  53                                                                  pg_cryptohash_type hash_type, int key_length,
  54                                                                  const char *salt, int saltlen, int iterations,
  55                                                                  uint8 *result, const char **errstr);
  56 extern int      scram_H(const uint8 *input, pg_cryptohash_type hash_type,
  57                                         int key_length, uint8 *result,
  58                                         const char **errstr);
  59 extern int      scram_ClientKey(const uint8 *salted_password,
  60                                                         pg_cryptohash_type hash_type, int key_length,
  61                                                         uint8 *result, const char **errstr);
  62 extern int      scram_ServerKey(const uint8 *salted_password,
  63                                                         pg_cryptohash_type hash_type, int key_length,
  64                                                         uint8 *result, const char **errstr);
  65
  66 extern char *scram_build_secret(pg_cryptohash_type hash_type, int key_length,
  67                                                                 const char *salt, int saltlen, int iterations,
  68                                                                 const char *password, const char **errstr);
  69
  70 #endif                                                  /* SCRAM_COMMON_H */