MongoDB C++ Driver  legacy-1.1.2
mechanism_scram.h
1 /* Copyright (C) 2014 10gen Inc.
2  *
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #pragma once
17 
18 #include <string>
19 
20 #include "mongo/base/status.h"
21 #include "mongo/db/jsobj.h"
22 
23 namespace mongo {
24 namespace scram {
25 const unsigned int hashSize = 20;
26 
27 const std::string serverKeyConst = "Server Key";
28 const std::string clientKeyConst = "Client Key";
29 
30 const std::string iterationCountFieldName = "iterationCount";
31 const std::string saltFieldName = "salt";
32 const std::string storedKeyFieldName = "storedKey";
33 const std::string serverKeyFieldName = "serverKey";
34 
35 /*
36  * Computes the SaltedPassword from password, salt and iterationCount.
37  */
38 void generateSaltedPassword(const StringData& hashedPassword,
39  const unsigned char* salt,
40  const int saltLen,
41  const int iterationCount,
42  unsigned char saltedPassword[hashSize]);
43 
44 /*
45  * Computes the SCRAM secrets storedKey and serverKey using the salt 'salt'
46  * and iteration count 'iterationCount' as defined in RFC5802 (server side).
47  */
48 void generateSecrets(const std::string& hashedPassword,
49  const unsigned char salt[],
50  size_t saltLen,
51  size_t iterationCount,
52  unsigned char storedKey[hashSize],
53  unsigned char serverKey[hashSize]);
54 
55 /*
56  * Generates the user salt and the SCRAM secrets storedKey and serverKey as
57  * defined in RFC5802 (server side).
58  */
59 BSONObj generateCredentials(const std::string& hashedPassword, int iterationCount);
60 
61 /*
62  * Computes the ClientProof from SaltedPassword and authMessage (client side).
63  */
64 std::string generateClientProof(const unsigned char saltedPassword[hashSize],
65  const std::string& authMessage);
66 
67 /*
68  * Validates that the provided password 'hashedPassword' generates the serverKey
69  * 'serverKey' given iteration count 'iterationCount' and salt 'salt'.
70  */
71 bool validatePassword(const std::string& hashedPassword,
72  int iterationCount,
73  const std::string& salt,
74  const std::string& storedKey);
75 
76 /*
77  * Verifies ServerSignature (client side).
78  */
79 bool verifyServerSignature(const unsigned char saltedPassword[hashSize],
80  const std::string& authMessage,
81  const std::string& serverSignature);
82 } // namespace scram
83 } // namespace mongo
Utility functions for parsing numbers from strings.
Definition: compare_numbers.h:20
BSON classes.