Line data Source code
1 : //! Salted Challenge Response Authentication Mechanism.
2 : //!
3 : //! RFC: <https://datatracker.ietf.org/doc/html/rfc5802>.
4 : //!
5 : //! Reference implementation:
6 : //! * <https://github.com/postgres/postgres/blob/94226d4506e66d6e7cbf4b391f1e7393c1962841/src/backend/libpq/auth-scram.c>
7 : //! * <https://github.com/postgres/postgres/blob/94226d4506e66d6e7cbf4b391f1e7393c1962841/src/interfaces/libpq/fe-auth-scram.c>
8 :
9 : mod exchange;
10 : mod key;
11 : mod messages;
12 : mod secret;
13 : mod signature;
14 :
15 : pub use exchange::{exchange, Exchange};
16 : pub use key::ScramKey;
17 : pub use secret::ServerSecret;
18 :
19 : use hmac::{Hmac, Mac};
20 : use sha2::{Digest, Sha256};
21 :
22 : const SCRAM_SHA_256: &str = "SCRAM-SHA-256";
23 : const SCRAM_SHA_256_PLUS: &str = "SCRAM-SHA-256-PLUS";
24 :
25 : /// A list of supported SCRAM methods.
26 : pub const METHODS: &[&str] = &[SCRAM_SHA_256_PLUS, SCRAM_SHA_256];
27 : pub const METHODS_WITHOUT_PLUS: &[&str] = &[SCRAM_SHA_256];
28 :
29 : /// Decode base64 into array without any heap allocations
30 88 : fn base64_decode_array<const N: usize>(input: impl AsRef<[u8]>) -> Option<[u8; N]> {
31 88 : let mut bytes = [0u8; N];
32 :
33 88 : let size = base64::decode_config_slice(input, base64::STANDARD, &mut bytes).ok()?;
34 88 : if size != N {
35 0 : return None;
36 88 : }
37 88 :
38 88 : Some(bytes)
39 88 : }
40 :
41 : /// This function essentially is `Hmac(sha256, key, input)`.
42 : /// Further reading: <https://datatracker.ietf.org/doc/html/rfc2104>.
43 32 : fn hmac_sha256<'a>(key: &[u8], parts: impl IntoIterator<Item = &'a [u8]>) -> [u8; 32] {
44 32 : let mut mac = Hmac::<Sha256>::new_from_slice(key).expect("bad key size");
45 160 : parts.into_iter().for_each(|s| mac.update(s));
46 32 :
47 32 : mac.finalize().into_bytes().into()
48 32 : }
49 :
50 32 : fn sha256<'a>(parts: impl IntoIterator<Item = &'a [u8]>) -> [u8; 32] {
51 32 : let mut hasher = Sha256::new();
52 46 : parts.into_iter().for_each(|s| hasher.update(s));
53 32 :
54 32 : hasher.finalize().into()
55 32 : }
56 :
57 : #[cfg(test)]
58 : mod tests {
59 : use postgres_protocol::authentication::sasl::{ChannelBinding, ScramSha256};
60 :
61 : use crate::sasl::{Mechanism, Step};
62 :
63 : use super::{Exchange, ServerSecret};
64 :
65 2 : #[test]
66 2 : fn snapshot() {
67 2 : let iterations = 4096;
68 2 : let salt = "QSXCR+Q6sek8bf92";
69 2 : let stored_key = "FO+9jBb3MUukt6jJnzjPZOWc5ow/Pu6JtPyju0aqaE8=";
70 2 : let server_key = "qxJ1SbmSAi5EcS0J5Ck/cKAm/+Ixa+Kwp63f4OHDgzo=";
71 2 : let secret = format!("SCRAM-SHA-256${iterations}:{salt}${stored_key}:{server_key}",);
72 2 : let secret = ServerSecret::parse(&secret).unwrap();
73 2 :
74 2 : const NONCE: [u8; 18] = [
75 2 : 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
76 2 : ];
77 2 : let mut exchange = Exchange::new(
78 2 : &secret,
79 2 : || NONCE,
80 2 : crate::config::TlsServerEndPoint::Undefined,
81 2 : );
82 2 :
83 2 : let client_first = "n,,n=user,r=rOprNGfwEbeRWgbNEkqO";
84 2 : let client_final = "c=biws,r=rOprNGfwEbeRWgbNEkqOAQIDBAUGBwgJCgsMDQ4PEBES,p=rw1r5Kph5ThxmaUBC2GAQ6MfXbPnNkFiTIvdb/Rear0=";
85 2 : let server_first =
86 2 : "r=rOprNGfwEbeRWgbNEkqOAQIDBAUGBwgJCgsMDQ4PEBES,s=QSXCR+Q6sek8bf92,i=4096";
87 2 : let server_final = "v=qtUDIofVnIhM7tKn93EQUUt5vgMOldcDVu1HC+OH0o0=";
88 :
89 2 : exchange = match exchange.exchange(client_first).unwrap() {
90 2 : Step::Continue(exchange, message) => {
91 2 : assert_eq!(message, server_first);
92 2 : exchange
93 : }
94 0 : Step::Success(_, _) => panic!("expected continue, got success"),
95 0 : Step::Failure(f) => panic!("{f}"),
96 : };
97 :
98 2 : let key = match exchange.exchange(client_final).unwrap() {
99 2 : Step::Success(key, message) => {
100 2 : assert_eq!(message, server_final);
101 2 : key
102 : }
103 0 : Step::Continue(_, _) => panic!("expected success, got continue"),
104 0 : Step::Failure(f) => panic!("{f}"),
105 : };
106 :
107 2 : assert_eq!(
108 2 : key.as_bytes(),
109 2 : [
110 2 : 74, 103, 1, 132, 12, 31, 200, 48, 28, 54, 82, 232, 207, 12, 138, 189, 40, 32, 134,
111 2 : 27, 125, 170, 232, 35, 171, 167, 166, 41, 70, 228, 182, 112,
112 2 : ]
113 2 : );
114 2 : }
115 :
116 4 : fn run_round_trip_test(server_password: &str, client_password: &str) {
117 4 : let scram_secret = ServerSecret::build(server_password).unwrap();
118 4 : let sasl_client =
119 4 : ScramSha256::new(client_password.as_bytes(), ChannelBinding::unsupported());
120 4 :
121 4 : let outcome = super::exchange(
122 4 : &scram_secret,
123 4 : sasl_client,
124 4 : crate::config::TlsServerEndPoint::Undefined,
125 4 : )
126 4 : .unwrap();
127 4 :
128 4 : match outcome {
129 2 : crate::sasl::Outcome::Success(_) => {}
130 2 : crate::sasl::Outcome::Failure(r) => panic!("{r}"),
131 : }
132 2 : }
133 :
134 2 : #[test]
135 2 : fn round_trip() {
136 2 : run_round_trip_test("pencil", "pencil")
137 2 : }
138 :
139 2 : #[test]
140 : #[should_panic(expected = "password doesn't match")]
141 2 : fn failure() {
142 2 : run_round_trip_test("pencil", "eraser")
143 2 : }
144 : }
|
