diff options
| author | Peter Eisentraut <peter@eisentraut.org> | 2019-10-12 21:17:34 +0200 |
|---|---|---|
| committer | Peter Eisentraut <peter@eisentraut.org> | 2019-10-12 21:41:59 +0200 |
| commit | b4675a8ae2d0aaafeb136c46c92bb56eaf018d32 (patch) | |
| tree | bb1219cbd64f0498e13c5485736870cfc171d79a /src/include | |
| parent | 5f3d271d03b249f5c80e3d3ca946f62a33d7862f (diff) | |
Fix use of term "verifier"
Within the context of SCRAM, "verifier" has a specific meaning in the
protocol, per RFCs. The existing code used "verifier" differently, to
mean whatever is or would be stored in pg_auth.rolpassword.
Fix this by using the term "secret" for this, following RFC 5803.
Reviewed-by: Michael Paquier <michael@paquier.xyz>
Discussion: https://www.postgresql.org/message-id/flat/be397b06-6e4b-ba71-c7fb-54cae84a7e18%402ndquadrant.com
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/common/scram-common.h | 6 | ||||
| -rw-r--r-- | src/include/libpq/crypt.h | 2 | ||||
| -rw-r--r-- | src/include/libpq/scram.h | 8 |
3 files changed, 8 insertions, 8 deletions
diff --git a/src/include/common/scram-common.h b/src/include/common/scram-common.h index d52df67ec8b..1c46dee58cd 100644 --- a/src/include/common/scram-common.h +++ b/src/include/common/scram-common.h @@ -33,14 +33,14 @@ #define SCRAM_RAW_NONCE_LEN 18 /* - * Length of salt when generating new verifiers, in bytes. (It will be stored + * Length of salt when generating new secrets, in bytes. (It will be stored * and sent over the wire encoded in Base64.) 16 bytes is what the example in * RFC 7677 uses. */ #define SCRAM_DEFAULT_SALT_LEN 16 /* - * Default number of iterations when generating verifier. Should be at least + * Default number of iterations when generating secret. Should be at least * 4096 per RFC 7677. */ #define SCRAM_DEFAULT_ITERATIONS 4096 @@ -64,7 +64,7 @@ extern void scram_H(const uint8 *str, int len, uint8 *result); extern void scram_ClientKey(const uint8 *salted_password, uint8 *result); extern void scram_ServerKey(const uint8 *salted_password, uint8 *result); -extern char *scram_build_verifier(const char *salt, int saltlen, int iterations, +extern char *scram_build_secret(const char *salt, int saltlen, int iterations, const char *password); #endif /* SCRAM_COMMON_H */ diff --git a/src/include/libpq/crypt.h b/src/include/libpq/crypt.h index e6b50a72888..3564ef39d87 100644 --- a/src/include/libpq/crypt.h +++ b/src/include/libpq/crypt.h @@ -16,7 +16,7 @@ #include "datatype/timestamp.h" /* - * Types of password hashes or verifiers. + * Types of password hashes or secrets. * * Plaintext passwords can be passed in by the user, in a CREATE/ALTER USER * command. They will be encrypted to MD5 or SCRAM-SHA-256 format, before diff --git a/src/include/libpq/scram.h b/src/include/libpq/scram.h index 87e2d56301c..71fcb51c5a5 100644 --- a/src/include/libpq/scram.h +++ b/src/include/libpq/scram.h @@ -27,11 +27,11 @@ extern void *pg_be_scram_init(Port *port, const char *selected_mech, const char extern int pg_be_scram_exchange(void *opaq, const char *input, int inputlen, char **output, int *outputlen, char **logdetail); -/* Routines to handle and check SCRAM-SHA-256 verifier */ -extern char *pg_be_scram_build_verifier(const char *password); -extern bool parse_scram_verifier(const char *verifier, int *iterations, char **salt, +/* Routines to handle and check SCRAM-SHA-256 secret */ +extern char *pg_be_scram_build_secret(const char *password); +extern bool parse_scram_secret(const char *secret, int *iterations, char **salt, uint8 *stored_key, uint8 *server_key); extern bool scram_verify_plain_password(const char *username, - const char *password, const char *verifier); + const char *password, const char *secret); #endif /* PG_SCRAM_H */ |