Package com.impossibl.postgres.protocol.sasl.scram

Class ScramFunctions

  • public class ScramFunctions
extends Object
    Utility functions (e.g. crypto) for SCRAM.

    • Constructor Detail

      • ScramFunctions

        public ScramFunctions()

    • Method Detail

      • saltedPassword

        public static byte[] saltedPassword​(ScramMechanism scramMechanism,
                                    StringPreparation stringPreparation,
                                    String password,
                                    byte[] salt,
                                    int iteration)
        Compute the salted password, based on the given SCRAM mechanism, the String preparation algorithm, the provided salt and the number of iterations. SaltedPassword := Hi(Normalize(password), salt, i)
        Parameters:
        scramMechanism - The SCRAM mechanism
        stringPreparation - The String preparation
        password - The non-salted password
        salt - The bytes representing the salt
        iteration - The number of iterations
        Returns:
        The salted password

      • hmac

        public static byte[] hmac​(ScramMechanism scramMechanism,
                          byte[] message,
                          byte[] key)
        Computes the HMAC of the message and key, using the given SCRAM mechanism.
        Parameters:
        scramMechanism - The SCRAM mechanism
        message - The message to compute the HMAC
        key - The key used to initialize the MAC
        Returns:
        The computed HMAC

      • clientKey

        public static byte[] clientKey​(ScramMechanism scramMechanism,
                               byte[] saltedPassword)
        Generates a client key, from the salted password. ClientKey := HMAC(SaltedPassword, "Client Key")
        Parameters:
        scramMechanism - The SCRAM mechanism
        saltedPassword - The salted password
        Returns:
        The client key

      • clientKey

        public static byte[] clientKey​(ScramMechanism scramMechanism,
                               StringPreparation stringPreparation,
                               String password,
                               byte[] salt,
                               int iteration)
        Generates a client key from the password and salt. SaltedPassword := Hi(Normalize(password), salt, i) ClientKey := HMAC(SaltedPassword, "Client Key")
        Parameters:
        scramMechanism - The SCRAM mechanism
        stringPreparation - The String preparation
        password - The non-salted password
        salt - The bytes representing the salt
        iteration - The number of iterations
        Returns:
        The client key

      • serverKey

        public static byte[] serverKey​(ScramMechanism scramMechanism,
                               byte[] saltedPassword)
        Generates a server key, from the salted password. ServerKey := HMAC(SaltedPassword, "Server Key")
        Parameters:
        scramMechanism - The SCRAM mechanism
        saltedPassword - The salted password
        Returns:
        The server key

      • serverKey

        public static byte[] serverKey​(ScramMechanism scramMechanism,
                               StringPreparation stringPreparation,
                               String password,
                               byte[] salt,
                               int iteration)
        Generates a server key from the password and salt. SaltedPassword := Hi(Normalize(password), salt, i) ServerKey := HMAC(SaltedPassword, "Server Key")
        Parameters:
        scramMechanism - The SCRAM mechanism
        stringPreparation - The String preparation
        password - The non-salted password
        salt - The bytes representing the salt
        iteration - The number of iterations
        Returns:
        The server key

      • hash

        public static byte[] hash​(ScramMechanism scramMechanism,
                          byte[] value)
        Computes the hash function of a given value, based on the SCRAM mechanism hash function.
        Parameters:
        scramMechanism - The SCRAM mechanism
        value - The value to hash
        Returns:
        The hashed value

      • storedKey

        public static byte[] storedKey​(ScramMechanism scramMechanism,
                               byte[] clientKey)
        Generates a stored key, from the salted password. StoredKey := H(ClientKey)
        Parameters:
        scramMechanism - The SCRAM mechanism
        clientKey - The client key
        Returns:
        The stored key

      • clientSignature

        public static byte[] clientSignature​(ScramMechanism scramMechanism,
                                     byte[] storedKey,
                                     String authMessage)
        Computes the SCRAM client signature. ClientSignature := HMAC(StoredKey, AuthMessage)
        Parameters:
        scramMechanism - The SCRAM mechanism
        storedKey - The stored key
        authMessage - The auth message
        Returns:
        The client signature

      • clientProof

        public static byte[] clientProof​(byte[] clientKey,
                                 byte[] clientSignature)
        Computes the SCRAM client proof to be sent to the server on the client-final-message. ClientProof := ClientKey XOR ClientSignature
        Parameters:
        clientKey - The client key
        clientSignature - The client signature
        Returns:
        The client proof

      • serverSignature

        public static byte[] serverSignature​(ScramMechanism scramMechanism,
                                     byte[] serverKey,
                                     String authMessage)
        Compute the SCRAM server signature. ServerSignature := HMAC(ServerKey, AuthMessage)
        Parameters:
        scramMechanism - The SCRAM mechanism
        serverKey - The server key
        authMessage - The auth message
        Returns:
        The server signature

      • verifyClientProof

        public static boolean verifyClientProof​(ScramMechanism scramMechanism,
                                        byte[] clientProof,
                                        byte[] storedKey,
                                        String authMessage)
        Verifies that a provided client proof is correct.
        Parameters:
        scramMechanism - The SCRAM mechanism
        clientProof - The provided client proof
        storedKey - The stored key
        authMessage - The auth message
        Returns:
        True if the client proof is correct

      • verifyServerSignature

        public static boolean verifyServerSignature​(ScramMechanism scramMechanism,
                                            byte[] serverKey,
                                            String authMessage,
                                            byte[] serverSignature)
        Verifies that a provided server proof is correct.
        Parameters:
        scramMechanism - The SCRAM mechanism
        serverKey - The server key
        authMessage - The auth message
        serverSignature - The provided server signature
        Returns:
        True if the server signature is correct