mirror
/
oragono
ミラー元 https://github.com/oragono/oragono
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 リリース 69 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
5221 コミット
21 ブランチ
ツリー: 5c2ceccee6
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'5c2ceccee6' から
${ noResults }
oragono/vendor/github.com/go-sql-driver/mysql/auth.go

auth.go 10KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437 
  1. // Go MySQL Driver - A MySQL-Driver for Go's database/sql package

  2. //

  3. // Copyright 2018 The Go-MySQL-Driver Authors. All rights reserved.

  4. //

  5. // This Source Code Form is subject to the terms of the Mozilla Public

  6. // License, v. 2.0. If a copy of the MPL was not distributed with this file,

  7. // You can obtain one at http://mozilla.org/MPL/2.0/.

  8. 

  9. package mysql

  10. 

  11. import (

  12. 	"crypto/rand"

  13. 	"crypto/rsa"

  14. 	"crypto/sha1"

  15. 	"crypto/sha256"

  16. 	"crypto/x509"

  17. 	"encoding/pem"

  18. 	"fmt"

  19. 	"sync"

  20. )

  21. 

  22. // server pub keys registry

  23. var (

  24. 	serverPubKeyLock     sync.RWMutex

  25. 	serverPubKeyRegistry map[string]*rsa.PublicKey

  26. )

  27. 

  28. // RegisterServerPubKey registers a server RSA public key which can be used to

  29. // send data in a secure manner to the server without receiving the public key

  30. // in a potentially insecure way from the server first.

  31. // Registered keys can afterwards be used adding serverPubKey=<name> to the DSN.

  32. //

  33. // Note: The provided rsa.PublicKey instance is exclusively owned by the driver

  34. // after registering it and may not be modified.

  35. //

  36. //	data, err := ioutil.ReadFile("mykey.pem")

  37. //	if err != nil {

  38. //		log.Fatal(err)

  39. //	}

  40. //

  41. //	block, _ := pem.Decode(data)

  42. //	if block == nil || block.Type != "PUBLIC KEY" {

  43. //		log.Fatal("failed to decode PEM block containing public key")

  44. //	}

  45. //

  46. //	pub, err := x509.ParsePKIXPublicKey(block.Bytes)

  47. //	if err != nil {

  48. //		log.Fatal(err)

  49. //	}

  50. //

  51. //	if rsaPubKey, ok := pub.(*rsa.PublicKey); ok {

  52. //		mysql.RegisterServerPubKey("mykey", rsaPubKey)

  53. //	} else {

  54. //		log.Fatal("not a RSA public key")

  55. //	}

  56. func RegisterServerPubKey(name string, pubKey *rsa.PublicKey) {

  57. 	serverPubKeyLock.Lock()

  58. 	if serverPubKeyRegistry == nil {

  59. 		serverPubKeyRegistry = make(map[string]*rsa.PublicKey)

  60. 	}

  61. 

  62. 	serverPubKeyRegistry[name] = pubKey

  63. 	serverPubKeyLock.Unlock()

  64. }

  65. 

  66. // DeregisterServerPubKey removes the public key registered with the given name.

  67. func DeregisterServerPubKey(name string) {

  68. 	serverPubKeyLock.Lock()

  69. 	if serverPubKeyRegistry != nil {

  70. 		delete(serverPubKeyRegistry, name)

  71. 	}

  72. 	serverPubKeyLock.Unlock()

  73. }

  74. 

  75. func getServerPubKey(name string) (pubKey *rsa.PublicKey) {

  76. 	serverPubKeyLock.RLock()

  77. 	if v, ok := serverPubKeyRegistry[name]; ok {

  78. 		pubKey = v

  79. 	}

  80. 	serverPubKeyLock.RUnlock()

  81. 	return

  82. }

  83. 

  84. // Hash password using pre 4.1 (old password) method

  85. // https://github.com/atcurtis/mariadb/blob/master/mysys/my_rnd.c

  86. type myRnd struct {

  87. 	seed1, seed2 uint32

  88. }

  89. 

  90. const myRndMaxVal = 0x3FFFFFFF

  91. 

  92. // Pseudo random number generator

  93. func newMyRnd(seed1, seed2 uint32) *myRnd {

  94. 	return &myRnd{

  95. 		seed1: seed1 % myRndMaxVal,

  96. 		seed2: seed2 % myRndMaxVal,

  97. 	}

  98. }

  99. 

  100. // Tested to be equivalent to MariaDB's floating point variant

  101. // http://play.golang.org/p/QHvhd4qved

  102. // http://play.golang.org/p/RG0q4ElWDx

  103. func (r *myRnd) NextByte() byte {

  104. 	r.seed1 = (r.seed1*3 + r.seed2) % myRndMaxVal

  105. 	r.seed2 = (r.seed1 + r.seed2 + 33) % myRndMaxVal

  106. 

  107. 	return byte(uint64(r.seed1) * 31 / myRndMaxVal)

  108. }

  109. 

  110. // Generate binary hash from byte string using insecure pre 4.1 method

  111. func pwHash(password []byte) (result [2]uint32) {

  112. 	var add uint32 = 7

  113. 	var tmp uint32

  114. 

  115. 	result[0] = 1345345333

  116. 	result[1] = 0x12345671

  117. 

  118. 	for _, c := range password {

  119. 		// skip spaces and tabs in password

  120. 		if c == ' ' || c == '\t' {

  121. 			continue

  122. 		}

  123. 

  124. 		tmp = uint32(c)

  125. 		result[0] ^= (((result[0] & 63) + add) * tmp) + (result[0] << 8)

  126. 		result[1] += (result[1] << 8) ^ result[0]

  127. 		add += tmp

  128. 	}

  129. 

  130. 	// Remove sign bit (1<<31)-1)

  131. 	result[0] &= 0x7FFFFFFF

  132. 	result[1] &= 0x7FFFFFFF

  133. 

  134. 	return

  135. }

  136. 

  137. // Hash password using insecure pre 4.1 method

  138. func scrambleOldPassword(scramble []byte, password string) []byte {

  139. 	scramble = scramble[:8]

  140. 

  141. 	hashPw := pwHash([]byte(password))

  142. 	hashSc := pwHash(scramble)

  143. 

  144. 	r := newMyRnd(hashPw[0]^hashSc[0], hashPw[1]^hashSc[1])

  145. 

  146. 	var out [8]byte

  147. 	for i := range out {

  148. 		out[i] = r.NextByte() + 64

  149. 	}

  150. 

  151. 	mask := r.NextByte()

  152. 	for i := range out {

  153. 		out[i] ^= mask

  154. 	}

  155. 

  156. 	return out[:]

  157. }

  158. 

  159. // Hash password using 4.1+ method (SHA1)

  160. func scramblePassword(scramble []byte, password string) []byte {

  161. 	if len(password) == 0 {

  162. 		return nil

  163. 	}

  164. 

  165. 	// stage1Hash = SHA1(password)

  166. 	crypt := sha1.New()

  167. 	crypt.Write([]byte(password))

  168. 	stage1 := crypt.Sum(nil)

  169. 

  170. 	// scrambleHash = SHA1(scramble + SHA1(stage1Hash))

  171. 	// inner Hash

  172. 	crypt.Reset()

  173. 	crypt.Write(stage1)

  174. 	hash := crypt.Sum(nil)

  175. 

  176. 	// outer Hash

  177. 	crypt.Reset()

  178. 	crypt.Write(scramble)

  179. 	crypt.Write(hash)

  180. 	scramble = crypt.Sum(nil)

  181. 

  182. 	// token = scrambleHash XOR stage1Hash

  183. 	for i := range scramble {

  184. 		scramble[i] ^= stage1[i]

  185. 	}

  186. 	return scramble

  187. }

  188. 

  189. // Hash password using MySQL 8+ method (SHA256)

  190. func scrambleSHA256Password(scramble []byte, password string) []byte {

  191. 	if len(password) == 0 {

  192. 		return nil

  193. 	}

  194. 

  195. 	// XOR(SHA256(password), SHA256(SHA256(SHA256(password)), scramble))

  196. 

  197. 	crypt := sha256.New()

  198. 	crypt.Write([]byte(password))

  199. 	message1 := crypt.Sum(nil)

  200. 

  201. 	crypt.Reset()

  202. 	crypt.Write(message1)

  203. 	message1Hash := crypt.Sum(nil)

  204. 

  205. 	crypt.Reset()

  206. 	crypt.Write(message1Hash)

  207. 	crypt.Write(scramble)

  208. 	message2 := crypt.Sum(nil)

  209. 

  210. 	for i := range message1 {

  211. 		message1[i] ^= message2[i]

  212. 	}

  213. 

  214. 	return message1

  215. }

  216. 

  217. func encryptPassword(password string, seed []byte, pub *rsa.PublicKey) ([]byte, error) {

  218. 	plain := make([]byte, len(password)+1)

  219. 	copy(plain, password)

  220. 	for i := range plain {

  221. 		j := i % len(seed)

  222. 		plain[i] ^= seed[j]

  223. 	}

  224. 	sha1 := sha1.New()

  225. 	return rsa.EncryptOAEP(sha1, rand.Reader, pub, plain, nil)

  226. }

  227. 

  228. func (mc *mysqlConn) sendEncryptedPassword(seed []byte, pub *rsa.PublicKey) error {

  229. 	enc, err := encryptPassword(mc.cfg.Passwd, seed, pub)

  230. 	if err != nil {

  231. 		return err

  232. 	}

  233. 	return mc.writeAuthSwitchPacket(enc)

  234. }

  235. 

  236. func (mc *mysqlConn) auth(authData []byte, plugin string) ([]byte, error) {

  237. 	switch plugin {

  238. 	case "caching_sha2_password":

  239. 		authResp := scrambleSHA256Password(authData, mc.cfg.Passwd)

  240. 		return authResp, nil

  241. 

  242. 	case "mysql_old_password":

  243. 		if !mc.cfg.AllowOldPasswords {

  244. 			return nil, ErrOldPassword

  245. 		}

  246. 		if len(mc.cfg.Passwd) == 0 {

  247. 			return nil, nil

  248. 		}

  249. 		// Note: there are edge cases where this should work but doesn't;

  250. 		// this is currently "wontfix":

  251. 		// https://github.com/go-sql-driver/mysql/issues/184

  252. 		authResp := append(scrambleOldPassword(authData[:8], mc.cfg.Passwd), 0)

  253. 		return authResp, nil

  254. 

  255. 	case "mysql_clear_password":

  256. 		if !mc.cfg.AllowCleartextPasswords {

  257. 			return nil, ErrCleartextPassword

  258. 		}

  259. 		// http://dev.mysql.com/doc/refman/5.7/en/cleartext-authentication-plugin.html

  260. 		// http://dev.mysql.com/doc/refman/5.7/en/pam-authentication-plugin.html

  261. 		return append([]byte(mc.cfg.Passwd), 0), nil

  262. 

  263. 	case "mysql_native_password":

  264. 		if !mc.cfg.AllowNativePasswords {

  265. 			return nil, ErrNativePassword

  266. 		}

  267. 		// https://dev.mysql.com/doc/internals/en/secure-password-authentication.html

  268. 		// Native password authentication only need and will need 20-byte challenge.

  269. 		authResp := scramblePassword(authData[:20], mc.cfg.Passwd)

  270. 		return authResp, nil

  271. 

  272. 	case "sha256_password":

  273. 		if len(mc.cfg.Passwd) == 0 {

  274. 			return []byte{0}, nil

  275. 		}

  276. 		// unlike caching_sha2_password, sha256_password does not accept

  277. 		// cleartext password on unix transport.

  278. 		if mc.cfg.TLS != nil {

  279. 			// write cleartext auth packet

  280. 			return append([]byte(mc.cfg.Passwd), 0), nil

  281. 		}

  282. 

  283. 		pubKey := mc.cfg.pubKey

  284. 		if pubKey == nil {

  285. 			// request public key from server

  286. 			return []byte{1}, nil

  287. 		}

  288. 

  289. 		// encrypted password

  290. 		enc, err := encryptPassword(mc.cfg.Passwd, authData, pubKey)

  291. 		return enc, err

  292. 

  293. 	default:

  294. 		errLog.Print("unknown auth plugin:", plugin)

  295. 		return nil, ErrUnknownPlugin

  296. 	}

  297. }

  298. 

  299. func (mc *mysqlConn) handleAuthResult(oldAuthData []byte, plugin string) error {

  300. 	// Read Result Packet

  301. 	authData, newPlugin, err := mc.readAuthResult()

  302. 	if err != nil {

  303. 		return err

  304. 	}

  305. 

  306. 	// handle auth plugin switch, if requested

  307. 	if newPlugin != "" {

  308. 		// If CLIENT_PLUGIN_AUTH capability is not supported, no new cipher is

  309. 		// sent and we have to keep using the cipher sent in the init packet.

  310. 		if authData == nil {

  311. 			authData = oldAuthData

  312. 		} else {

  313. 			// copy data from read buffer to owned slice

  314. 			copy(oldAuthData, authData)

  315. 		}

  316. 

  317. 		plugin = newPlugin

  318. 

  319. 		authResp, err := mc.auth(authData, plugin)

  320. 		if err != nil {

  321. 			return err

  322. 		}

  323. 		if err = mc.writeAuthSwitchPacket(authResp); err != nil {

  324. 			return err

  325. 		}

  326. 

  327. 		// Read Result Packet

  328. 		authData, newPlugin, err = mc.readAuthResult()

  329. 		if err != nil {

  330. 			return err

  331. 		}

  332. 

  333. 		// Do not allow to change the auth plugin more than once

  334. 		if newPlugin != "" {

  335. 			return ErrMalformPkt

  336. 		}

  337. 	}

  338. 

  339. 	switch plugin {

  340. 

  341. 	// https://insidemysql.com/preparing-your-community-connector-for-mysql-8-part-2-sha256/

  342. 	case "caching_sha2_password":

  343. 		switch len(authData) {

  344. 		case 0:

  345. 			return nil // auth successful

  346. 		case 1:

  347. 			switch authData[0] {

  348. 			case cachingSha2PasswordFastAuthSuccess:

  349. 				if err = mc.readResultOK(); err == nil {

  350. 					return nil // auth successful

  351. 				}

  352. 

  353. 			case cachingSha2PasswordPerformFullAuthentication:

  354. 				if mc.cfg.TLS != nil || mc.cfg.Net == "unix" {

  355. 					// write cleartext auth packet

  356. 					err = mc.writeAuthSwitchPacket(append([]byte(mc.cfg.Passwd), 0))

  357. 					if err != nil {

  358. 						return err

  359. 					}

  360. 				} else {

  361. 					pubKey := mc.cfg.pubKey

  362. 					if pubKey == nil {

  363. 						// request public key from server

  364. 						data, err := mc.buf.takeSmallBuffer(4 + 1)

  365. 						if err != nil {

  366. 							return err

  367. 						}

  368. 						data[4] = cachingSha2PasswordRequestPublicKey

  369. 						err = mc.writePacket(data)

  370. 						if err != nil {

  371. 							return err

  372. 						}

  373. 

  374. 						if data, err = mc.readPacket(); err != nil {

  375. 							return err

  376. 						}

  377. 

  378. 						if data[0] != iAuthMoreData {

  379. 							return fmt.Errorf("unexpect resp from server for caching_sha2_password perform full authentication")

  380. 						}

  381. 

  382. 						// parse public key

  383. 						block, rest := pem.Decode(data[1:])

  384. 						if block == nil {

  385. 							return fmt.Errorf("No Pem data found, data: %s", rest)

  386. 						}

  387. 						pkix, err := x509.ParsePKIXPublicKey(block.Bytes)

  388. 						if err != nil {

  389. 							return err

  390. 						}

  391. 						pubKey = pkix.(*rsa.PublicKey)

  392. 					}

  393. 

  394. 					// send encrypted password

  395. 					err = mc.sendEncryptedPassword(oldAuthData, pubKey)

  396. 					if err != nil {

  397. 						return err

  398. 					}

  399. 				}

  400. 				return mc.readResultOK()

  401. 

  402. 			default:

  403. 				return ErrMalformPkt

  404. 			}

  405. 		default:

  406. 			return ErrMalformPkt

  407. 		}

  408. 

  409. 	case "sha256_password":

  410. 		switch len(authData) {

  411. 		case 0:

  412. 			return nil // auth successful

  413. 		default:

  414. 			block, _ := pem.Decode(authData)

  415. 			if block == nil {

  416. 				return fmt.Errorf("no Pem data found, data: %s", authData)

  417. 			}

  418. 

  419. 			pub, err := x509.ParsePKIXPublicKey(block.Bytes)

  420. 			if err != nil {

  421. 				return err

  422. 			}

  423. 

  424. 			// send encrypted password

  425. 			err = mc.sendEncryptedPassword(oldAuthData, pub.(*rsa.PublicKey))

  426. 			if err != nil {

  427. 				return err

  428. 			}

  429. 			return mc.readResultOK()

  430. 		}

  431. 

  432. 	default:

  433. 		return nil // auth successful

  434. 	}

  435. 

  436. 	return err

  437. }