Re: [HACKERS] Channel binding support for SCRAM-SHA-256

From: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Álvaro Hernández Tortosa <aht(at)8kdata(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, PostgreSQL JDBC List <pgsql-jdbc(at)postgresql(dot)org>
Subject: Re: [HACKERS] Channel binding support for SCRAM-SHA-256
Date: 2017-06-20 04:11:06
Message-ID: CAB7nPqTRUji5Lz8Rwg0MV9yYV8VQHbkCqG6Gmi36Dw+U72E7Ng@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-jdbc

On Tue, Jun 6, 2017 at 3:40 PM, Michael Paquier
<michael(dot)paquier(at)gmail(dot)com> wrote:
> As far as I can see, there are a couple of things that I still need to
> work on to make people happy:
> - Rework the generic APIs for TLS finish and endpoint so as any
> implementation can use channel binding without inducing any extra code
> footprint to be-secure.c and fe-secure.c.
> - Implement endpoint, as Alvaro is saying for JDBC that would be nicer.
> - Have a couple of tests for channel binding to allow people to test
> the feature easily. Those will be in src/test/ssl/. It would be nice
> as well to be able to enforce the channel binding type on libpq-side,
> which is useful at least for testing. So we are going to need an
> environment variable for this purpose, and a connection parameter.

Okay, here we go. Attached is a set of four patches:
- 0001 is some refactoring for the SSL tests so as other test suite in
src/test/ssl can take advantage of the connection routines. There is
nothing fancy here.
- 0002 is the implementation of tls-unique as channel binding. This
has been largely reworked since last submission, I have found on the
way a couple of bugs and some correctness issues.
- 0003 is a patch to add as connection parameters saslname and
saslchannelbinding. With support of more SASL mechanisms (PG10 has
SCRAM-SHA-256, I am adding SCRAM-SHA-256-PLUS here), saslname can be
used to enforce on the client-side the value of the SASL mechanism
chosen. saslchannelbinding does the same for the channel binding name.
This is very useful for testing, and a set of tests are added in
src/test/ssl/ for tls-unique and the SASL mechanisms. The tests cover
many scenarios, like downgrade attacks for example.
- 0004 is the implementation of tls-server-end-point, as Alvaro has
asked. Per RFC 5929, the binding data needs to be a hash of the server
certificate. If the signature algorithm of the certificate is MD5 or
SHA-1, then SHA-256 is used. Other signature algos like SHA-384 or 512
are used to hash the data. The hashed data is then encoded in base64
and sent to the server for verification. Tests using saslchannelname
have been added as well. It took me a while to find out that
OBJ_find_sigid_algs(X509_get_signature_nid(X509*)) needs to be used to
find out the algorithm of a certificate with OpenSSL.

With the tests directly in the patch, things are easy to run. WIth
PG10 stabilization work, of course I don't expect much feedback :)
But this set of patches looks like the direction we want to go so as
JDBC and libpq users can take advantage of channel binding with SCRAM.
--
Michael

Attachment Content-Type Size
0001-Refactor-routine-to-test-connection-to-SSL-server.patch application/octet-stream 12.6 KB
0002-Support-channel-binding-tls-unique-in-SCRAM.patch application/octet-stream 28.1 KB
0003-Add-connection-parameters-saslname-and-saslchannelbi.patch application/octet-stream 16.0 KB
0004-Implement-channel-binding-tls-server-end-point-for-S.patch application/octet-stream 16.9 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jing Wang 2017-06-20 04:36:29 Re: Support to COMMENT ON DATABASE CURRENT_DATABASE
Previous Message Andres Freund 2017-06-20 04:10:54 Re: REPLICA IDENTITY FULL

Browse pgsql-jdbc by date

  From Date Subject
Next Message Álvaro Hernández Tortosa 2017-06-20 19:04:24 Re: [JDBC] Channel binding support for SCRAM-SHA-256
Previous Message Tom Smith 2017-06-18 18:36:42 Re: JDBC drive 42 release breaks seriously for RETURNING?