summaryrefslogtreecommitdiffstats
path: root/libmariadb/plugins/auth/ed25519.c
diff options
context:
space:
mode:
Diffstat (limited to 'libmariadb/plugins/auth/ed25519.c')
-rw-r--r--libmariadb/plugins/auth/ed25519.c35
1 files changed, 30 insertions, 5 deletions
diff --git a/libmariadb/plugins/auth/ed25519.c b/libmariadb/plugins/auth/ed25519.c
index 38b896f8..ff2f39a5 100644
--- a/libmariadb/plugins/auth/ed25519.c
+++ b/libmariadb/plugins/auth/ed25519.c
@@ -64,6 +64,7 @@ static int auth_ed25519_init(char *unused1,
size_t unused2,
int unused3,
va_list);
+static int auth_ed25519_hash(MYSQL *, unsigned char *out, size_t *outlen);
#ifndef PLUGIN_DYNAMIC
@@ -77,21 +78,25 @@ struct st_mysql_client_plugin_AUTHENTICATION _mysql_client_plugin_declaration_ =
"client_ed25519",
"Sergei Golubchik, Georg Richter",
"Ed25519 Authentication Plugin",
- {0,1,0},
+ {0,1,1},
"LGPL",
NULL,
auth_ed25519_init,
auth_ed25519_deinit,
NULL,
- auth_ed25519_client
+ auth_ed25519_client,
+ auth_ed25519_hash
};
static int auth_ed25519_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
{
unsigned char *packet,
- signature[CRYPTO_BYTES + NONCE_BYTES];
- int pkt_len;
+ signature[CRYPTO_BYTES + NONCE_BYTES],
+ pk[CRYPTO_PUBLICKEYBYTES];
+ unsigned long long pkt_len;
+ size_t pwlen= strlen(mysql->passwd);
+ char *newpw;
/*
Step 1: Server sends nonce
@@ -106,16 +111,36 @@ static int auth_ed25519_client(MYSQL_PLUGIN_VIO *vio, MYSQL *mysql)
return CR_SERVER_HANDSHAKE_ERR;
/* Sign nonce: the crypto_sign function is part of ref10 */
- ma_crypto_sign(signature, packet, NONCE_BYTES, (unsigned char*)mysql->passwd, strlen(mysql->passwd));
+ ma_crypto_sign(signature, pk, packet, NONCE_BYTES, (unsigned char*)mysql->passwd, pwlen);
/* send signature to server */
if (vio->write_packet(vio, signature, CRYPTO_BYTES))
return CR_ERROR;
+ /* save pk for the future auth_ed25519_hash() call */
+ if ((newpw= realloc(mysql->passwd, pwlen + 1 + sizeof(pk))))
+ {
+ memcpy(newpw + pwlen + 1, pk, sizeof(pk));
+ mysql->passwd= newpw;
+ }
+
return CR_OK;
}
/* }}} */
+/* {{{ static int auth_ed25519_hash */
+static int auth_ed25519_hash(MYSQL *mysql, unsigned char *out, size_t *outlen)
+{
+ if (*outlen < CRYPTO_PUBLICKEYBYTES)
+ return 1;
+ *outlen= CRYPTO_PUBLICKEYBYTES;
+
+ /* use the cached value */
+ memcpy(out, mysql->passwd + strlen(mysql->passwd) + 1, CRYPTO_PUBLICKEYBYTES);
+ return 0;
+}
+/* }}} */
+
/* {{{ static int auth_ed25519_init */
static int auth_ed25519_init(char *unused1 __attribute__((unused)),
size_t unused2 __attribute__((unused)),
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-09 21:08:31 +0000