Quantcast

On-disk format of SCRAM verifiers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

On-disk format of SCRAM verifiers

Heikki Linnakangas
The current format for SCRAM verifiers in pg_authid is:

scram-sha-256:<salt>:<iteration count>:<StoredKey>:<ServerKey>

While reviewing Michael's patch to change that so that StoredKey and
ServerKey are stored base64-encoded, rather than hex-encoded as they are
currently [1], I looked again at RFC 5803. RFC 5803 specifies the format
to use when storing SCRAM verifiers in LDAP. I looked at it earlier, and
it was a source of inspiration for the current format, but I didn't
think that it was directly applicable. I thought that in RFC 5803 the
different fields were stored as separate fields or attributes, not as a
single string.

But looking more closely, I think I misunderstood RFC 5803. It *does* in
fact specify a single string format to store the verifier in. And the
format looks like:

SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>

Alternating '$' and ':' as the separators seems a bit wonky, but it
actually makes sense. "<iteration count>:<salt>" is treated as one
field, and "<StoredKey>:<ServerKey>" is treated as another, which is
logical, since the iteration count and salt are sent together to the
client in the SCRAM challenge, while StoredKey and ServerKey must be
kept secret.

I think we should adopt that exact format, so that our verifiers are
compatible with RFC 5803. It doesn't make any immediate difference, but
since there is a standard out there, might as well follow it. And just
in case we get support for looking up SCRAM verifiers from an LDAP
server in the future, it will come handy as we won't need to parse two
different formats.

Barring objections, I'll go change our on-disk format for SCRAM
verifiers to follow RFC 5803.

[1]
https://www.postgresql.org/message-id/CAB7nPqSbsCBCxy8-DtwzRxYgTnbGUtY4uFEkLQhG%3DR%3Duo%3Dg8Fw%40mail.gmail.com

- Heikki


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Stephen Frost
Heikki,

* Heikki Linnakangas ([hidden email]) wrote:
> I think we should adopt that exact format, so that our verifiers are
> compatible with RFC 5803. It doesn't make any immediate difference,
> but since there is a standard out there, might as well follow it.

+1

> And just in case we get support for looking up SCRAM verifiers from
> an LDAP server in the future, it will come handy as we won't need to
> parse two different formats.

Agreed.

Thanks!

Stephen

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Simon Riggs
In reply to this post by Heikki Linnakangas
On 21 April 2017 at 10:20, Heikki Linnakangas <[hidden email]> wrote:

> But looking more closely, I think I misunderstood RFC 5803. It *does* in
> fact specify a single string format to store the verifier in. And the format
> looks like:
>
> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>

Could you explain where you are looking? I don't see that in RFC5803

--
Simon Riggs                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Michael Paquier
On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <[hidden email]> wrote:
> On 21 April 2017 at 10:20, Heikki Linnakangas <[hidden email]> wrote:
>> But looking more closely, I think I misunderstood RFC 5803. It *does* in
>> fact specify a single string format to store the verifier in. And the format
>> looks like:
>>
>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>
> Could you explain where you are looking? I don't see that in RFC5803

From 1.  Overview:

   Syntax of the attribute can be expressed using ABNF [RFC5234].  Non-
   terminal references in the following ABNF are defined in either
   [AUTHPASS], [RFC4422], or [RFC5234].

       scram-mech     = "SCRAM-SHA-1" / scram-mech-ext
                      ; Complies with ABNF for <scheme>
                      ; defined in [AUTHPASS].

       scram-authInfo = iter-count ":" salt
                      ; Complies with ABNF for <authInfo>
                      ; defined in [AUTHPASS].

       scram-authValue = stored-key ":" server-key
                      ; Complies with ABNF for <authValue>
                      ; defined in [AUTHPASS].

Thanks,
--
Michael


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Michael Paquier
In reply to this post by Stephen Frost
On Fri, Apr 21, 2017 at 9:25 PM, Stephen Frost <[hidden email]> wrote:

> * Heikki Linnakangas ([hidden email]) wrote:
>> I think we should adopt that exact format, so that our verifiers are
>> compatible with RFC 5803. It doesn't make any immediate difference,
>> but since there is a standard out there, might as well follow it.
>
> +1
>
>> And just in case we get support for looking up SCRAM verifiers from
>> an LDAP server in the future, it will come handy as we won't need to
>> parse two different formats.
>
> Agreed.

+1 to all that. Consistency is a good thing.
--
Michael


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Simon Riggs
In reply to this post by Michael Paquier
On 21 April 2017 at 14:20, Michael Paquier <[hidden email]> wrote:

> On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <[hidden email]> wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas <[hidden email]> wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It *does* in
>>> fact specify a single string format to store the verifier in. And the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
> From 1.  Overview:
>
>    Syntax of the attribute can be expressed using ABNF [RFC5234].  Non-
>    terminal references in the following ABNF are defined in either
>    [AUTHPASS], [RFC4422], or [RFC5234].
>
>        scram-mech     = "SCRAM-SHA-1" / scram-mech-ext
>                       ; Complies with ABNF for <scheme>
>                       ; defined in [AUTHPASS].
>
>        scram-authInfo = iter-count ":" salt
>                       ; Complies with ABNF for <authInfo>
>                       ; defined in [AUTHPASS].
>
>        scram-authValue = stored-key ":" server-key
>                       ; Complies with ABNF for <authValue>
>                       ; defined in [AUTHPASS].
>
> Thanks,

The above text, which I've already read, does not explain the
suggested change from : to $.

Could you explain?

--
Simon Riggs                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Heikki Linnakangas
In reply to this post by Michael Paquier


On 21 April 2017 16:20:56 EEST, Michael Paquier <[hidden email]> wrote:

>On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <[hidden email]>
>wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas <[hidden email]>
>wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It
>*does* in
>>> fact specify a single string format to store the verifier in. And
>the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
>From 1.  Overview:

Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 5803 and RFC 3112 together. RFC 3112 says that the overall format is "<scheme>$<authInfo>$<authValue>", and RFC5803 says that for SCRAM, scheme is "SCRAM-SHA-256" (for our variant), authInfo is "<iteration count>:<salt>" and authValue is "<StoredKey>:<ServerKey>"

They really should've included examples in those RFCs.

- Heikki


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Dagfinn Ilmari Mannsåker
In reply to this post by Michael Paquier
Michael Paquier <[hidden email]> writes:

> On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <[hidden email]> wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas <[hidden email]> wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It *does* in
>>> fact specify a single string format to store the verifier in. And the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
> From 1.  Overview:
>
>    Syntax of the attribute can be expressed using ABNF [RFC5234].  Non-
>    terminal references in the following ABNF are defined in either
>    [AUTHPASS], [RFC4422], or [RFC5234].
>
>        scram-mech     = "SCRAM-SHA-1" / scram-mech-ext
>                       ; Complies with ABNF for <scheme>
>                       ; defined in [AUTHPASS].
>
>        scram-authInfo = iter-count ":" salt
>                       ; Complies with ABNF for <authInfo>
>                       ; defined in [AUTHPASS].
>
>        scram-authValue = stored-key ":" server-key
>                       ; Complies with ABNF for <authValue>
>                       ; defined in [AUTHPASS].

And scram-mech, scram-authInfo and scram-authValue are used as the
"scheme", "authInfo" and "authValue" parts as specified in [AUTHPASS]
(RFC3112):

    authPasswordValue   = w scheme s authInfo s authValue w
    scheme              = %x30-39 / %x41-5A / %x2D-2F / %x5F
                        ; 0-9, A-Z, "-", ".", "/", or "_"
    authInfo            = schemeSpecificValue
    authValue           = schemeSpecificValue
    schemeSpecificValue = *( %x21-23 / %x25-7E )
                        ; printable ASCII less "$" and " "
    s   = w SEP w
    w   = *SP
    SEP = %x24 ; "$"
    SP  = %x20 ; " " (space)

> Thanks,
> --
> Michael


- ilmari
--
"A disappointingly low fraction of the human race is,
 at any given time, on fire." - Stig Sandbeck Mathisen


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Simon Riggs
In reply to this post by Heikki Linnakangas
On 21 April 2017 at 14:42, Heikki Linnakangas <[hidden email]> wrote:

>>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>>
>>> Could you explain where you are looking? I don't see that in RFC5803
>>
> >From 1.  Overview:
>
> Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 5803 and RFC 3112 together. RFC 3112 says that the overall format is "<scheme>$<authInfo>$<authValue>", and RFC5803 says that for SCRAM, scheme is "SCRAM-SHA-256" (for our variant), authInfo is "<iteration count>:<salt>" and authValue is "<StoredKey>:<ServerKey>"
>
> They really should've included examples in those RFCs.

Thanks

+1 for change

--
Simon Riggs                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: On-disk format of SCRAM verifiers

Heikki Linnakangas
On 04/21/2017 05:33 PM, Simon Riggs wrote:

> On 21 April 2017 at 14:42, Heikki Linnakangas <[hidden email]> wrote:
>
>>>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>>>
>>>> Could you explain where you are looking? I don't see that in RFC5803
>>>
>> >From 1.  Overview:
>>
>> Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 5803 and RFC 3112 together. RFC 3112 says that the overall format is "<scheme>$<authInfo>$<authValue>", and RFC5803 says that for SCRAM, scheme is "SCRAM-SHA-256" (for our variant), authInfo is "<iteration count>:<salt>" and authValue is "<StoredKey>:<ServerKey>"
>>
>> They really should've included examples in those RFCs.
>
> Thanks
>
> +1 for change

Committed, thanks.

- Heikki



--
Sent via pgsql-hackers mailing list ([hidden email])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Previous Thread Next Thread
Loading...