From b4675a8ae2d0aaafeb136c46c92bb56eaf018d32 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Sat, 12 Oct 2019 21:17:34 +0200 Subject: Fix use of term "verifier" Within the context of SCRAM, "verifier" has a specific meaning in the protocol, per RFCs. The existing code used "verifier" differently, to mean whatever is or would be stored in pg_auth.rolpassword. Fix this by using the term "secret" for this, following RFC 5803. Reviewed-by: Michael Paquier Discussion: https://www.postgresql.org/message-id/flat/be397b06-6e4b-ba71-c7fb-54cae84a7e18%402ndquadrant.com --- src/include/common/scram-common.h | 6 +++--- src/include/libpq/crypt.h | 2 +- src/include/libpq/scram.h | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'src/include') diff --git a/src/include/common/scram-common.h b/src/include/common/scram-common.h index d52df67ec8b..1c46dee58cd 100644 --- a/src/include/common/scram-common.h +++ b/src/include/common/scram-common.h @@ -33,14 +33,14 @@ #define SCRAM_RAW_NONCE_LEN 18 /* - * Length of salt when generating new verifiers, in bytes. (It will be stored + * Length of salt when generating new secrets, in bytes. (It will be stored * and sent over the wire encoded in Base64.) 16 bytes is what the example in * RFC 7677 uses. */ #define SCRAM_DEFAULT_SALT_LEN 16 /* - * Default number of iterations when generating verifier. Should be at least + * Default number of iterations when generating secret. Should be at least * 4096 per RFC 7677. */ #define SCRAM_DEFAULT_ITERATIONS 4096 @@ -64,7 +64,7 @@ extern void scram_H(const uint8 *str, int len, uint8 *result); extern void scram_ClientKey(const uint8 *salted_password, uint8 *result); extern void scram_ServerKey(const uint8 *salted_password, uint8 *result); -extern char *scram_build_verifier(const char *salt, int saltlen, int iterations, +extern char *scram_build_secret(const char *salt, int saltlen, int iterations, const char *password); #endif /* SCRAM_COMMON_H */ diff --git a/src/include/libpq/crypt.h b/src/include/libpq/crypt.h index e6b50a72888..3564ef39d87 100644 --- a/src/include/libpq/crypt.h +++ b/src/include/libpq/crypt.h @@ -16,7 +16,7 @@ #include "datatype/timestamp.h" /* - * Types of password hashes or verifiers. + * Types of password hashes or secrets. * * Plaintext passwords can be passed in by the user, in a CREATE/ALTER USER * command. They will be encrypted to MD5 or SCRAM-SHA-256 format, before diff --git a/src/include/libpq/scram.h b/src/include/libpq/scram.h index 87e2d56301c..71fcb51c5a5 100644 --- a/src/include/libpq/scram.h +++ b/src/include/libpq/scram.h @@ -27,11 +27,11 @@ extern void *pg_be_scram_init(Port *port, const char *selected_mech, const char extern int pg_be_scram_exchange(void *opaq, const char *input, int inputlen, char **output, int *outputlen, char **logdetail); -/* Routines to handle and check SCRAM-SHA-256 verifier */ -extern char *pg_be_scram_build_verifier(const char *password); -extern bool parse_scram_verifier(const char *verifier, int *iterations, char **salt, +/* Routines to handle and check SCRAM-SHA-256 secret */ +extern char *pg_be_scram_build_secret(const char *password); +extern bool parse_scram_secret(const char *secret, int *iterations, char **salt, uint8 *stored_key, uint8 *server_key); extern bool scram_verify_plain_password(const char *username, - const char *password, const char *verifier); + const char *password, const char *secret); #endif /* PG_SCRAM_H */ -- cgit v1.2.3