1 // Go MySQL Driver - A MySQL-Driver for Go's database/sql package
3 // Copyright 2018 The Go-MySQL-Driver Authors. All rights reserved.
5 // This Source Code Form is subject to the terms of the Mozilla Public
6 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
7 // You can obtain one at http://mozilla.org/MPL/2.0/.
21 // server pub keys registry
23 serverPubKeyLock sync.RWMutex
24 serverPubKeyRegistry map[string]*rsa.PublicKey
27 // RegisterServerPubKey registers a server RSA public key which can be used to
28 // send data in a secure manner to the server without receiving the public key
29 // in a potentially insecure way from the server first.
30 // Registered keys can afterwards be used adding serverPubKey=<name> to the DSN.
32 // Note: The provided rsa.PublicKey instance is exclusively owned by the driver
33 // after registering it and may not be modified.
35 // data, err := ioutil.ReadFile("mykey.pem")
40 // block, _ := pem.Decode(data)
41 // if block == nil || block.Type != "PUBLIC KEY" {
42 // log.Fatal("failed to decode PEM block containing public key")
45 // pub, err := x509.ParsePKIXPublicKey(block.Bytes)
50 // if rsaPubKey, ok := pub.(*rsa.PublicKey); ok {
51 // mysql.RegisterServerPubKey("mykey", rsaPubKey)
53 // log.Fatal("not a RSA public key")
56 func RegisterServerPubKey(name string, pubKey *rsa.PublicKey) {
57 serverPubKeyLock.Lock()
58 if serverPubKeyRegistry == nil {
59 serverPubKeyRegistry = make(map[string]*rsa.PublicKey)
62 serverPubKeyRegistry[name] = pubKey
63 serverPubKeyLock.Unlock()
66 // DeregisterServerPubKey removes the public key registered with the given name.
67 func DeregisterServerPubKey(name string) {
68 serverPubKeyLock.Lock()
69 if serverPubKeyRegistry != nil {
70 delete(serverPubKeyRegistry, name)
72 serverPubKeyLock.Unlock()
75 func getServerPubKey(name string) (pubKey *rsa.PublicKey) {
76 serverPubKeyLock.RLock()
77 if v, ok := serverPubKeyRegistry[name]; ok {
80 serverPubKeyLock.RUnlock()
84 // Hash password using pre 4.1 (old password) method
85 // https://github.com/atcurtis/mariadb/blob/master/mysys/my_rnd.c
90 const myRndMaxVal = 0x3FFFFFFF
92 // Pseudo random number generator
93 func newMyRnd(seed1, seed2 uint32) *myRnd {
95 seed1: seed1 % myRndMaxVal,
96 seed2: seed2 % myRndMaxVal,
100 // Tested to be equivalent to MariaDB's floating point variant
101 // http://play.golang.org/p/QHvhd4qved
102 // http://play.golang.org/p/RG0q4ElWDx
103 func (r *myRnd) NextByte() byte {
104 r.seed1 = (r.seed1*3 + r.seed2) % myRndMaxVal
105 r.seed2 = (r.seed1 + r.seed2 + 33) % myRndMaxVal
107 return byte(uint64(r.seed1) * 31 / myRndMaxVal)
110 // Generate binary hash from byte string using insecure pre 4.1 method
111 func pwHash(password []byte) (result [2]uint32) {
115 result[0] = 1345345333
116 result[1] = 0x12345671
118 for _, c := range password {
119 // skip spaces and tabs in password
120 if c == ' ' || c == '\t' {
125 result[0] ^= (((result[0] & 63) + add) * tmp) + (result[0] << 8)
126 result[1] += (result[1] << 8) ^ result[0]
130 // Remove sign bit (1<<31)-1)
131 result[0] &= 0x7FFFFFFF
132 result[1] &= 0x7FFFFFFF
137 // Hash password using insecure pre 4.1 method
138 func scrambleOldPassword(scramble []byte, password string) []byte {
139 if len(password) == 0 {
143 scramble = scramble[:8]
145 hashPw := pwHash([]byte(password))
146 hashSc := pwHash(scramble)
148 r := newMyRnd(hashPw[0]^hashSc[0], hashPw[1]^hashSc[1])
152 out[i] = r.NextByte() + 64
163 // Hash password using 4.1+ method (SHA1)
164 func scramblePassword(scramble []byte, password string) []byte {
165 if len(password) == 0 {
169 // stage1Hash = SHA1(password)
171 crypt.Write([]byte(password))
172 stage1 := crypt.Sum(nil)
174 // scrambleHash = SHA1(scramble + SHA1(stage1Hash))
178 hash := crypt.Sum(nil)
182 crypt.Write(scramble)
184 scramble = crypt.Sum(nil)
186 // token = scrambleHash XOR stage1Hash
187 for i := range scramble {
188 scramble[i] ^= stage1[i]
193 // Hash password using MySQL 8+ method (SHA256)
194 func scrambleSHA256Password(scramble []byte, password string) []byte {
195 if len(password) == 0 {
199 // XOR(SHA256(password), SHA256(SHA256(SHA256(password)), scramble))
201 crypt := sha256.New()
202 crypt.Write([]byte(password))
203 message1 := crypt.Sum(nil)
206 crypt.Write(message1)
207 message1Hash := crypt.Sum(nil)
210 crypt.Write(message1Hash)
211 crypt.Write(scramble)
212 message2 := crypt.Sum(nil)
214 for i := range message1 {
215 message1[i] ^= message2[i]
221 func encryptPassword(password string, seed []byte, pub *rsa.PublicKey) ([]byte, error) {
222 plain := make([]byte, len(password)+1)
223 copy(plain, password)
224 for i := range plain {
229 return rsa.EncryptOAEP(sha1, rand.Reader, pub, plain, nil)
232 func (mc *mysqlConn) sendEncryptedPassword(seed []byte, pub *rsa.PublicKey) error {
233 enc, err := encryptPassword(mc.cfg.Passwd, seed, pub)
237 return mc.writeAuthSwitchPacket(enc, false)
240 func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, bool, error) {
242 case "caching_sha2_password":
243 authResp := scrambleSHA256Password(authData, mc.cfg.Passwd)
244 return authResp, false, nil
246 case "mysql_old_password":
247 if !mc.cfg.AllowOldPasswords {
248 return nil, false, ErrOldPassword
250 // Note: there are edge cases where this should work but doesn't;
251 // this is currently "wontfix":
252 // https://github.com/go-sql-driver/mysql/issues/184
253 authResp := scrambleOldPassword(authData[:8], mc.cfg.Passwd)
254 return authResp, true, nil
256 case "mysql_clear_password":
257 if !mc.cfg.AllowCleartextPasswords {
258 return nil, false, ErrCleartextPassword
260 // http://dev.mysql.com/doc/refman/5.7/en/cleartext-authentication-plugin.html
261 // http://dev.mysql.com/doc/refman/5.7/en/pam-authentication-plugin.html
262 return []byte(mc.cfg.Passwd), true, nil
264 case "mysql_native_password":
265 if !mc.cfg.AllowNativePasswords {
266 return nil, false, ErrNativePassword
268 // https://dev.mysql.com/doc/internals/en/secure-password-authentication.html
269 // Native password authentication only need and will need 20-byte challenge.
270 authResp := scramblePassword(authData[:20], mc.cfg.Passwd)
271 return authResp, false, nil
273 case "sha256_password":
274 if len(mc.cfg.Passwd) == 0 {
275 return nil, true, nil
277 if mc.cfg.tls != nil || mc.cfg.Net == "unix" {
278 // write cleartext auth packet
279 return []byte(mc.cfg.Passwd), true, nil
282 pubKey := mc.cfg.pubKey
284 // request public key from server
285 return []byte{1}, false, nil
288 // encrypted password
289 enc, err := encryptPassword(mc.cfg.Passwd, authData, pubKey)
290 return enc, false, err
293 errLog.Print("unknown auth plugin:", plugin)
294 return nil, false, ErrUnknownPlugin
298 func (mc *mysqlConn) handleAuthResult(oldAuthData []byte, plugin string) error {
299 // Read Result Packet
300 authData, newPlugin, err := mc.readAuthResult()
305 // handle auth plugin switch, if requested
307 // If CLIENT_PLUGIN_AUTH capability is not supported, no new cipher is
308 // sent and we have to keep using the cipher sent in the init packet.
310 authData = oldAuthData
312 // copy data from read buffer to owned slice
313 copy(oldAuthData, authData)
318 authResp, addNUL, err := mc.auth(authData, plugin)
322 if err = mc.writeAuthSwitchPacket(authResp, addNUL); err != nil {
326 // Read Result Packet
327 authData, newPlugin, err = mc.readAuthResult()
332 // Do not allow to change the auth plugin more than once
340 // https://insidemysql.com/preparing-your-community-connector-for-mysql-8-part-2-sha256/
341 case "caching_sha2_password":
342 switch len(authData) {
344 return nil // auth successful
347 case cachingSha2PasswordFastAuthSuccess:
348 if err = mc.readResultOK(); err == nil {
349 return nil // auth successful
352 case cachingSha2PasswordPerformFullAuthentication:
353 if mc.cfg.tls != nil || mc.cfg.Net == "unix" {
354 // write cleartext auth packet
355 err = mc.writeAuthSwitchPacket([]byte(mc.cfg.Passwd), true)
360 pubKey := mc.cfg.pubKey
362 // request public key from server
363 data := mc.buf.takeSmallBuffer(4 + 1)
364 data[4] = cachingSha2PasswordRequestPublicKey
368 data, err := mc.readPacket()
373 block, _ := pem.Decode(data[1:])
374 pkix, err := x509.ParsePKIXPublicKey(block.Bytes)
378 pubKey = pkix.(*rsa.PublicKey)
381 // send encrypted password
382 err = mc.sendEncryptedPassword(oldAuthData, pubKey)
387 return mc.readResultOK()
396 case "sha256_password":
397 switch len(authData) {
399 return nil // auth successful
401 block, _ := pem.Decode(authData)
402 pub, err := x509.ParsePKIXPublicKey(block.Bytes)
407 // send encrypted password
408 err = mc.sendEncryptedPassword(oldAuthData, pub.(*rsa.PublicKey))
412 return mc.readResultOK()
416 return nil // auth successful