Added implementation of client_ed25519 authentification method

Cargo.toml

@@ -71,6 +71,7 @@ serde_json = "1"
 mysql-common-derive = { path = "derive", version = "0.31.0", optional = true }
 btoi = "0.4.3"
 zstd = "0.13"
+curve25519-dalek = { version = "4.1.3" }
 
 [dev-dependencies]
 proptest = "1.0"

src/packets/mod.rs

@@ -18,6 +18,7 @@ use std::{
 };
 
 use crate::collations::CollationId;
+use crate::scramble::create_response_for_ed25519;
 use crate::{
     constants::{
         CapabilityFlags, ColumnFlags, ColumnType, Command, CursorType, SessionStateType,
@@ -1086,6 +1087,7 @@ const MYSQL_OLD_PASSWORD_PLUGIN_NAME: &[u8] = b"mysql_old_password";
 const MYSQL_NATIVE_PASSWORD_PLUGIN_NAME: &[u8] = b"mysql_native_password";
 const CACHING_SHA2_PASSWORD_PLUGIN_NAME: &[u8] = b"caching_sha2_password";
 const MYSQL_CLEAR_PASSWORD_PLUGIN_NAME: &[u8] = b"mysql_clear_password";
+const ED25519_PLUGIN_NAME: &[u8] = b"client_ed25519";
 
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum AuthPluginData<'a> {
@@ -1097,6 +1099,8 @@ pub enum AuthPluginData<'a> {
     Sha2([u8; 32]),
     /// Clear password for `mysql_clear_password` plugin.
     Clear(Cow<'a, [u8]>),
+    /// Auth data for MariaDB's `client_ed25519` plugin.
+    Ed25519([u8; 64]),
 }
 
 impl<'a> AuthPluginData<'a> {
@@ -1106,6 +1110,7 @@ impl<'a> AuthPluginData<'a> {
             AuthPluginData::Native(x) => AuthPluginData::Native(x),
             AuthPluginData::Sha2(x) => AuthPluginData::Sha2(x),
             AuthPluginData::Clear(x) => AuthPluginData::Clear(Cow::Owned(x.into_owned())),
+            AuthPluginData::Ed25519(x) => AuthPluginData::Ed25519(x),
         }
     }
 }
@@ -1119,6 +1124,7 @@ impl std::ops::Deref for AuthPluginData<'_> {
             Self::Native(x) => &x[..],
             Self::Old(x) => &x[..],
             Self::Clear(x) => &x[..],
+            Self::Ed25519(x) => &x[..],
         }
     }
 }
@@ -1136,6 +1142,7 @@ impl MySerialize for AuthPluginData<'_> {
                 buf.put_slice(x);
                 buf.push(0);
             }
+            Self::Ed25519(x) => buf.put_slice(&x[..]),
         }
     }
 }
@@ -1151,6 +1158,8 @@ pub enum AuthPlugin<'a> {
     MysqlNativePassword,
     /// Default since MySql v8.0.4
     CachingSha2Password,
+    /// MariaDB's Ed25519 based authentication
+    Ed25519,
     Other(Cow<'a, [u8]>),
 }
 
@@ -1182,6 +1191,7 @@ impl<'a> AuthPlugin<'a> {
             MYSQL_NATIVE_PASSWORD_PLUGIN_NAME => AuthPlugin::MysqlNativePassword,
             MYSQL_OLD_PASSWORD_PLUGIN_NAME => AuthPlugin::MysqlOldPassword,
             MYSQL_CLEAR_PASSWORD_PLUGIN_NAME => AuthPlugin::MysqlClearPassword,
+            ED25519_PLUGIN_NAME => AuthPlugin::Ed25519,
             name => AuthPlugin::Other(Cow::Borrowed(name)),
         }
     }
@@ -1192,6 +1202,7 @@ impl<'a> AuthPlugin<'a> {
             AuthPlugin::MysqlNativePassword => MYSQL_NATIVE_PASSWORD_PLUGIN_NAME,
             AuthPlugin::MysqlOldPassword => MYSQL_OLD_PASSWORD_PLUGIN_NAME,
             AuthPlugin::MysqlClearPassword => MYSQL_CLEAR_PASSWORD_PLUGIN_NAME,
+            AuthPlugin::Ed25519 => ED25519_PLUGIN_NAME,
             AuthPlugin::Other(name) => name,
         }
     }
@@ -1202,6 +1213,7 @@ impl<'a> AuthPlugin<'a> {
             AuthPlugin::MysqlNativePassword => AuthPlugin::MysqlNativePassword,
             AuthPlugin::MysqlOldPassword => AuthPlugin::MysqlOldPassword,
             AuthPlugin::MysqlClearPassword => AuthPlugin::MysqlClearPassword,
+            AuthPlugin::Ed25519 => AuthPlugin::Ed25519,
             AuthPlugin::Other(name) => AuthPlugin::Other(Cow::Owned(name.into_owned())),
         }
     }
@@ -1212,6 +1224,7 @@ impl<'a> AuthPlugin<'a> {
             AuthPlugin::MysqlNativePassword => AuthPlugin::MysqlNativePassword,
             AuthPlugin::MysqlOldPassword => AuthPlugin::MysqlOldPassword,
             AuthPlugin::MysqlClearPassword => AuthPlugin::MysqlClearPassword,
+            AuthPlugin::Ed25519 => AuthPlugin::Ed25519,
             AuthPlugin::Other(name) => AuthPlugin::Other(Cow::Borrowed(name.as_ref())),
         }
     }
@@ -1239,6 +1252,10 @@ impl<'a> AuthPlugin<'a> {
                 AuthPlugin::MysqlClearPassword => {
                     Some(AuthPluginData::Clear(Cow::Borrowed(pass.as_bytes())))
                 }
+                AuthPlugin::Ed25519 => Some(AuthPluginData::Ed25519(create_response_for_ed25519(
+                    pass.as_bytes(),
+                    nonce,
+                ))),
                 AuthPlugin::Other(_) => None,
             },
             _ => None,

src/scramble.rs

@@ -6,8 +6,11 @@
 // option. All files in the project carrying such notice may not be copied,
 // modified, or distributed except according to those terms.
 
+use curve25519_dalek::scalar::clamp_integer;
+use curve25519_dalek::{EdwardsPoint, Scalar};
 use sha1::Sha1;
-use sha2::{Digest, Sha256};
+use sha2::{Digest, Sha256, Sha512};
+use std::convert::TryInto;
 
 fn xor<T, U>(mut left: T, right: U) -> T
 where
@@ -161,6 +164,64 @@ pub fn scramble_sha256(nonce: &[u8], password: &[u8]) -> Option<[u8; 32]> {
     ))
 }
 
+/// Crafting a signature according to EdDSA for message using the pass
+pub fn create_response_for_ed25519(pass: &[u8], message: &[u8]) -> [u8; 64] {
+    // Following reference implementation at https://github.com/mysql-net/MySqlConnector/blob/master/src/MySqlConnector.Authentication.Ed25519/Ed25519AuthenticationPlugin.cs#L35
+    // with additional guidance from https://www.rfc-editor.org/rfc/rfc8032#section-5.1.5
+    // Relying on functions provided by curve25519_dalek
+
+    // hash the provided password
+    let hashed_pass = Sha512::default().chain_update(pass).finalize();
+
+    // the hashed password is split into secret and hash_prefix
+    let secret: &[u8; 32] = &hashed_pass[..32].try_into().unwrap();
+    let hash_prefix: &[u8; 32] = &hashed_pass[32..].try_into().unwrap();
+
+    // The public key A is the encoding of the point [s]B, where s is the clamped secret
+    let small_s = clamp_integer(*secret);
+    let reduced_small_s = Scalar::from_bytes_mod_order(small_s);
+    let capital_a = EdwardsPoint::mul_base(&reduced_small_s).compress();
+
+    // Compute SHA-512(dom2(F, C) || prefix || PH(M)),
+    // dom2 is the empty string,
+    // PH(M) = M is the provided message
+    let small_r = Sha512::default()
+        .chain_update(hash_prefix)
+        .chain_update(message)
+        .finalize();
+
+    // Interpret the 64-octet digest as a little-endian integer r.
+    let reduced_small_r = Scalar::from_bytes_mod_order_wide(small_r.as_ref());
+
+    // Let R be the encoding of the point [r]B
+    let capital_r = EdwardsPoint::mul_base(&reduced_small_r).compress();
+
+    // Compute SHA512(dom2(F, C) || R || A || PH(M))
+    // dom2 is the empty string,
+    // PH(M) = M is the provided message
+    let small_k = Sha512::default()
+        .chain_update(&capital_r.to_bytes())
+        .chain_update(&capital_a.to_bytes())
+        .chain_update(message)
+        .finalize();
+
+    // interpret the 64-octet-digest as a little-endian integer k.
+    let reduced_small_k = Scalar::from_bytes_mod_order_wide(small_k.as_ref());
+
+    let capital_s = reduced_small_k * reduced_small_s;
+    let capital_s = capital_s + reduced_small_r;
+
+    // Form the signature of the concatenation of R (32 octets) and the
+    // little-endian encoding of S (32 octets; the three most
+    // significant bits of the final octet are always zero).
+
+    let mut result = [0; 64];
+    result[..32].copy_from_slice(capital_r.as_bytes());
+    result[32..].copy_from_slice(capital_s.as_bytes());
+
+    result
+}
+
 #[cfg(test)]
 mod test {
     use super::*;