mirror of
https://git.postgresql.org/git/postgresql.git
synced 2026-02-21 22:07:01 +08:00
b28c59a6cd
A 'void *' argument suggests that the caller might pass an arbitrary struct, which is appropriate for functions like libc's read/write, or pq_sendbytes(). 'uint8 *' is more appropriate for byte arrays that have no structure, like the cancellation keys or SCRAM tokens. Some places used 'char *', but 'uint8 *' is better because 'char *' is commonly used for null-terminated strings. Change code around SCRAM, MD5 authentication, and cancellation key handling to follow these conventions. Discussion: https://www.postgresql.org/message-id/61be9e31-7b7d-49d5-bc11-721800d89d64@eisentraut.org
71 lines
2.4 KiB
C
71 lines
2.4 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* scram-common.h
|
|
* Declarations for helper functions used for SCRAM authentication
|
|
*
|
|
* Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
*
|
|
* src/include/common/scram-common.h
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#ifndef SCRAM_COMMON_H
|
|
#define SCRAM_COMMON_H
|
|
|
|
#include "common/cryptohash.h"
|
|
#include "common/sha2.h"
|
|
|
|
/* Name of SCRAM mechanisms per IANA */
|
|
#define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
|
|
#define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
|
|
|
|
/* Length of SCRAM keys (client and server) */
|
|
#define SCRAM_SHA_256_KEY_LEN PG_SHA256_DIGEST_LENGTH
|
|
|
|
/*
|
|
* Size of buffers used internally by SCRAM routines, that should be the
|
|
* maximum of SCRAM_SHA_*_KEY_LEN among the hash methods supported.
|
|
*/
|
|
#define SCRAM_MAX_KEY_LEN SCRAM_SHA_256_KEY_LEN
|
|
|
|
/*
|
|
* Size of random nonce generated in the authentication exchange. This
|
|
* is in "raw" number of bytes, the actual nonces sent over the wire are
|
|
* encoded using only ASCII-printable characters.
|
|
*/
|
|
#define SCRAM_RAW_NONCE_LEN 18
|
|
|
|
/*
|
|
* Length of salt when generating new secrets, in bytes. (It will be stored
|
|
* and sent over the wire encoded in Base64.) 16 bytes is what the example in
|
|
* RFC 7677 uses.
|
|
*/
|
|
#define SCRAM_DEFAULT_SALT_LEN 16
|
|
|
|
/*
|
|
* Default number of iterations when generating secret. Should be at least
|
|
* 4096 per RFC 7677.
|
|
*/
|
|
#define SCRAM_SHA_256_DEFAULT_ITERATIONS 4096
|
|
|
|
extern int scram_SaltedPassword(const char *password,
|
|
pg_cryptohash_type hash_type, int key_length,
|
|
const uint8 *salt, int saltlen, int iterations,
|
|
uint8 *result, const char **errstr);
|
|
extern int scram_H(const uint8 *input, pg_cryptohash_type hash_type,
|
|
int key_length, uint8 *result,
|
|
const char **errstr);
|
|
extern int scram_ClientKey(const uint8 *salted_password,
|
|
pg_cryptohash_type hash_type, int key_length,
|
|
uint8 *result, const char **errstr);
|
|
extern int scram_ServerKey(const uint8 *salted_password,
|
|
pg_cryptohash_type hash_type, int key_length,
|
|
uint8 *result, const char **errstr);
|
|
|
|
extern char *scram_build_secret(pg_cryptohash_type hash_type, int key_length,
|
|
const uint8 *salt, int saltlen, int iterations,
|
|
const char *password, const char **errstr);
|
|
|
|
#endif /* SCRAM_COMMON_H */
|