diff options
| author | Michael Paquier <michael@paquier.xyz> | 2021-04-03 17:30:49 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2021-04-03 17:30:49 +0900 |
| commit | e6bdfd9700ebfc7df811c97c2fc46d7e94e329a2 (patch) | |
| tree | 2fb0dad9a0ba47b6ba0a6da9780b77a65dc7dffa /src/backend/libpq/auth-scram.c | |
| parent | 1d9c5d0ce2dcac05850401cf266a9df10a68de49 (diff) | |
| download | postgresql-e6bdfd9700ebfc7df811c97c2fc46d7e94e329a2.tar.gz postgresql-e6bdfd9700ebfc7df811c97c2fc46d7e94e329a2.zip | |
Refactor HMAC implementations
Similarly to the cryptohash implementations, this refactors the existing
HMAC code into a single set of APIs that can be plugged with any crypto
libraries PostgreSQL is built with (only OpenSSL currently). If there
is no such libraries, a fallback implementation is available. Those new
APIs are designed similarly to the existing cryptohash layer, so there
is no real new design here, with the same logic around buffer bound
checks and memory handling.
HMAC has a dependency on cryptohashes, so all the cryptohash types
supported by cryptohash{_openssl}.c can be used with HMAC. This
refactoring is an advantage mainly for SCRAM, that included its own
implementation of HMAC with SHA256 without relying on the existing
crypto libraries even if PostgreSQL was built with their support.
This code has been tested on Windows and Linux, with and without
OpenSSL, across all the versions supported on HEAD from 1.1.1 down to
1.0.1. I have also checked that the implementations are working fine
using some sample results, a custom extension of my own, and doing
cross-checks across different major versions with SCRAM with the client
and the backend.
Author: Michael Paquier
Reviewed-by: Bruce Momjian
Discussion: https://postgr.es/m/X9m0nkEJEzIPXjeZ@paquier.xyz
Diffstat (limited to 'src/backend/libpq/auth-scram.c')
| -rw-r--r-- | src/backend/libpq/auth-scram.c | 61 |
1 files changed, 33 insertions, 28 deletions
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c index b9b6d464a05..f9e1026a12c 100644 --- a/src/backend/libpq/auth-scram.c +++ b/src/backend/libpq/auth-scram.c @@ -95,6 +95,7 @@ #include "catalog/pg_authid.h" #include "catalog/pg_control.h" #include "common/base64.h" +#include "common/hmac.h" #include "common/saslprep.h" #include "common/scram-common.h" #include "common/sha2.h" @@ -1100,7 +1101,7 @@ verify_client_proof(scram_state *state) uint8 ClientSignature[SCRAM_KEY_LEN]; uint8 ClientKey[SCRAM_KEY_LEN]; uint8 client_StoredKey[SCRAM_KEY_LEN]; - scram_HMAC_ctx ctx; + pg_hmac_ctx *ctx = pg_hmac_create(PG_SHA256); int i; /* @@ -1108,23 +1109,25 @@ verify_client_proof(scram_state *state) * here even when processing the calculations as this could involve a mock * authentication. */ - if (scram_HMAC_init(&ctx, state->StoredKey, SCRAM_KEY_LEN) < 0 || - scram_HMAC_update(&ctx, - state->client_first_message_bare, - strlen(state->client_first_message_bare)) < 0 || - scram_HMAC_update(&ctx, ",", 1) < 0 || - scram_HMAC_update(&ctx, - state->server_first_message, - strlen(state->server_first_message)) < 0 || - scram_HMAC_update(&ctx, ",", 1) < 0 || - scram_HMAC_update(&ctx, - state->client_final_message_without_proof, - strlen(state->client_final_message_without_proof)) < 0 || - scram_HMAC_final(ClientSignature, &ctx) < 0) + if (pg_hmac_init(ctx, state->StoredKey, SCRAM_KEY_LEN) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->client_first_message_bare, + strlen(state->client_first_message_bare)) < 0 || + pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->server_first_message, + strlen(state->server_first_message)) < 0 || + pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->client_final_message_without_proof, + strlen(state->client_final_message_without_proof)) < 0 || + pg_hmac_final(ctx, ClientSignature, sizeof(ClientSignature)) < 0) { elog(ERROR, "could not calculate client signature"); } + pg_hmac_free(ctx); + /* Extract the ClientKey that the client calculated from the proof */ for (i = 0; i < SCRAM_KEY_LEN; i++) ClientKey[i] = state->ClientProof[i] ^ ClientSignature[i]; @@ -1359,26 +1362,28 @@ build_server_final_message(scram_state *state) uint8 ServerSignature[SCRAM_KEY_LEN]; char *server_signature_base64; int siglen; - scram_HMAC_ctx ctx; + pg_hmac_ctx *ctx = pg_hmac_create(PG_SHA256); /* calculate ServerSignature */ - if (scram_HMAC_init(&ctx, state->ServerKey, SCRAM_KEY_LEN) < 0 || - scram_HMAC_update(&ctx, - state->client_first_message_bare, - strlen(state->client_first_message_bare)) < 0 || - scram_HMAC_update(&ctx, ",", 1) < 0 || - scram_HMAC_update(&ctx, - state->server_first_message, - strlen(state->server_first_message)) < 0 || - scram_HMAC_update(&ctx, ",", 1) < 0 || - scram_HMAC_update(&ctx, - state->client_final_message_without_proof, - strlen(state->client_final_message_without_proof)) < 0 || - scram_HMAC_final(ServerSignature, &ctx) < 0) + if (pg_hmac_init(ctx, state->ServerKey, SCRAM_KEY_LEN) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->client_first_message_bare, + strlen(state->client_first_message_bare)) < 0 || + pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->server_first_message, + strlen(state->server_first_message)) < 0 || + pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->client_final_message_without_proof, + strlen(state->client_final_message_without_proof)) < 0 || + pg_hmac_final(ctx, ServerSignature, sizeof(ServerSignature)) < 0) { elog(ERROR, "could not calculate server signature"); } + pg_hmac_free(ctx); + siglen = pg_b64_enc_len(SCRAM_KEY_LEN); /* don't forget the zero-terminator */ server_signature_base64 = palloc(siglen + 1); |