diff options
| author | Heikki Linnakangas | 2017-04-28 12:04:02 +0000 |
|---|---|---|
| committer | Heikki Linnakangas | 2017-04-28 12:22:38 +0000 |
| commit | d981074c24d2f1e4f44bc6d80e967e523ce64f50 (patch) | |
| tree | aca39492e91899c6fca0e7a23e72b0894c438eed /src/include | |
| parent | b9a3ef55b253d885081c2d0e9dc45802cab71c7b (diff) | |
Misc SCRAM code cleanups.
* Move computation of SaltedPassword to a separate function from
scram_ClientOrServerKey(). This saves a lot of cycles in libpq, by
computing SaltedPassword only once per authentication. (Computing
SaltedPassword is expensive by design.)
* Split scram_ClientOrServerKey() into two functions. Improves
readability, by making the calling code less verbose.
* Rename "server proof" to "server signature", to better match the
nomenclature used in RFC 5802.
* Rename SCRAM_SALT_LEN to SCRAM_DEFAULT_SALT_LEN, to make it more clear
that the salt can be of any length, and the constant only specifies how
long a salt we use when we generate a new verifier. Also rename
SCRAM_ITERATIONS_DEFAULT to SCRAM_DEFAULT_ITERATIONS, for consistency.
These things caught my eye while working on other upcoming changes.
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/common/scram-common.h | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/src/include/common/scram-common.h b/src/include/common/scram-common.h index 6740069eee..656d9e1e6b 100644 --- a/src/include/common/scram-common.h +++ b/src/include/common/scram-common.h @@ -29,14 +29,10 @@ #define SCRAM_RAW_NONCE_LEN 10 /* length of salt when generating new verifiers */ -#define SCRAM_SALT_LEN 10 +#define SCRAM_DEFAULT_SALT_LEN 10 /* default number of iterations when generating verifier */ -#define SCRAM_ITERATIONS_DEFAULT 4096 - -/* Base name of keys used for proof generation */ -#define SCRAM_SERVER_KEY_NAME "Server Key" -#define SCRAM_CLIENT_KEY_NAME "Client Key" +#define SCRAM_DEFAULT_ITERATIONS 4096 /* * Context data for HMAC used in SCRAM authentication. @@ -51,9 +47,10 @@ extern void scram_HMAC_init(scram_HMAC_ctx *ctx, const uint8 *key, int keylen); extern void scram_HMAC_update(scram_HMAC_ctx *ctx, const char *str, int slen); extern void scram_HMAC_final(uint8 *result, scram_HMAC_ctx *ctx); +extern void scram_SaltedPassword(const char *password, const char *salt, + int saltlen, int iterations, uint8 *result); extern void scram_H(const uint8 *str, int len, uint8 *result); -extern void scram_ClientOrServerKey(const char *password, const char *salt, - int saltlen, int iterations, - const char *keystr, uint8 *result); +extern void scram_ClientKey(const uint8 *salted_password, uint8 *result); +extern void scram_ServerKey(const uint8 *salted_password, uint8 *result); #endif /* SCRAM_COMMON_H */ |