diff options
| author | Daniel Gustafsson | 2023-03-27 07:46:29 +0000 |
|---|---|---|
| committer | Daniel Gustafsson | 2023-03-27 07:46:29 +0000 |
| commit | b577743000cd0974052af3a71770a23760423102 (patch) | |
| tree | 29ae4bb91ea49a0b6671df31caebb8bec47186a7 /src/interfaces | |
| parent | c15631f0f596b2e6c4b03f24c03289d06d008783 (diff) | |
Make SCRAM iteration count configurable
Replace the hardcoded value with a GUC such that the iteration
count can be raised in order to increase protection against
brute-force attacks. The hardcoded value for SCRAM iteration
count was defined to be 4096, which is taken from RFC 7677, so
set the default for the GUC to 4096 to match. In RFC 7677 the
recommendation is at least 15000 iterations but 4096 is listed
as a SHOULD requirement given that it's estimated to yield a
0.5s processing time on a mobile handset of the time of RFC
writing (late 2015).
Raising the iteration count of SCRAM will make stored passwords
more resilient to brute-force attacks at a higher computational
cost during connection establishment. Lowering the count will
reduce computational overhead during connections at the tradeoff
of reducing strength against brute-force attacks.
There are however platforms where even a modest iteration count
yields a too high computational overhead, with weaker password
encryption schemes chosen as a result. In these situations,
SCRAM with a very low iteration count still gives benefits over
weaker schemes like md5, so we allow the iteration count to be
set to one at the low end.
The new GUC is intentionally generically named such that it can
be made to support future SCRAM standards should they emerge.
At that point the value can be made into key:value pairs with
an undefined key as a default which will be backwards compatible
with this.
Reviewed-by: Michael Paquier <[email protected]>
Reviewed-by: Jonathan S. Katz <[email protected]>
Discussion: https://postgr.es/m/[email protected]
Diffstat (limited to 'src/interfaces')
| -rw-r--r-- | src/interfaces/libpq/fe-auth-scram.c | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.h | 1 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 2 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-exec.c | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq-int.h | 1 |
6 files changed, 13 insertions, 3 deletions
diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c index 277f72b280c..6b779ec7ffd 100644 --- a/src/interfaces/libpq/fe-auth-scram.c +++ b/src/interfaces/libpq/fe-auth-scram.c @@ -895,7 +895,7 @@ verify_server_signature(fe_scram_state *state, bool *match, * error details. */ char * -pg_fe_scram_build_secret(const char *password, const char **errstr) +pg_fe_scram_build_secret(const char *password, int iterations, const char **errstr) { char *prep_password; pg_saslprep_rc rc; @@ -927,7 +927,7 @@ pg_fe_scram_build_secret(const char *password, const char **errstr) result = scram_build_secret(PG_SHA256, SCRAM_SHA_256_KEY_LEN, saltbuf, SCRAM_DEFAULT_SALT_LEN, - SCRAM_DEFAULT_ITERATIONS, password, + iterations, password, errstr); free(prep_password); diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 934e3f4f7ca..b0550e63324 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -1341,7 +1341,9 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, { const char *errstr = NULL; - crypt_pwd = pg_fe_scram_build_secret(passwd, &errstr); + crypt_pwd = pg_fe_scram_build_secret(passwd, + conn->scram_sha_256_iterations, + &errstr); if (!crypt_pwd) libpq_append_conn_error(conn, "could not encrypt password: %s", errstr); } diff --git a/src/interfaces/libpq/fe-auth.h b/src/interfaces/libpq/fe-auth.h index 1aa556ea2fa..124dd5d0313 100644 --- a/src/interfaces/libpq/fe-auth.h +++ b/src/interfaces/libpq/fe-auth.h @@ -26,6 +26,7 @@ extern char *pg_fe_getauthname(PQExpBuffer errorMessage); /* Mechanisms in fe-auth-scram.c */ extern const pg_fe_sasl_mech pg_scram_mech; extern char *pg_fe_scram_build_secret(const char *password, + int iterations, const char **errstr); #endif /* FE_AUTH_H */ diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 660775e0198..b71378d94c5 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -596,6 +596,7 @@ pqDropServerData(PGconn *conn) conn->std_strings = false; conn->default_transaction_read_only = PG_BOOL_UNKNOWN; conn->in_hot_standby = PG_BOOL_UNKNOWN; + conn->scram_sha_256_iterations = SCRAM_SHA_256_DEFAULT_ITERATIONS; conn->sversion = 0; /* Drop large-object lookup data */ @@ -4182,6 +4183,7 @@ makeEmptyPGconn(void) conn->std_strings = false; /* unless server says differently */ conn->default_transaction_read_only = PG_BOOL_UNKNOWN; conn->in_hot_standby = PG_BOOL_UNKNOWN; + conn->scram_sha_256_iterations = SCRAM_SHA_256_DEFAULT_ITERATIONS; conn->verbosity = PQERRORS_DEFAULT; conn->show_context = PQSHOW_CONTEXT_ERRORS; conn->sock = PGINVALID_SOCKET; diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c index ec62550e385..a16bbf32ef5 100644 --- a/src/interfaces/libpq/fe-exec.c +++ b/src/interfaces/libpq/fe-exec.c @@ -1181,6 +1181,10 @@ pqSaveParameterStatus(PGconn *conn, const char *name, const char *value) conn->in_hot_standby = (strcmp(value, "on") == 0) ? PG_BOOL_YES : PG_BOOL_NO; } + else if (strcmp(name, "scram_iterations") == 0) + { + conn->scram_sha_256_iterations = atoi(value); + } } diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index 10187c31b9a..88b9838d766 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -525,6 +525,7 @@ struct pg_conn /* Assorted state for SASL, SSL, GSS, etc */ const pg_fe_sasl_mech *sasl; void *sasl_state; + int scram_sha_256_iterations; /* SSL structures */ bool ssl_in_use; |