Enable TLS validation with parsec.

Introduce new IAuthenticationPlugin3 interface and deprecate IAuthenticationPlugin2. Authentication plugins will now compute the password hash and the authentication response in one call, and the session will cache the password hash for later use.

Signed-off-by: Bradley Grainger <[email protected]>

Author: bgrainger

src/MySqlConnector.Authentication.Ed25519/Chaos.NaCl/Ed25519.cs

@@ -34,19 +34,6 @@ public static byte[] Sign(byte[] message, byte[] expandedPrivateKey)
             return signature;
         }
 
-        public static byte[] ExpandedPrivateKeyFromSeed(byte[] privateKeySeed)
-        {
-            byte[] privateKey;
-            byte[] publicKey;
-            KeyPairFromSeed(out publicKey, out privateKey, privateKeySeed);
-#if NETSTANDARD2_1_OR_GREATER || NETCOREAPP2_1_OR_GREATER
-            CryptographicOperations.ZeroMemory(publicKey);
-#else
-            CryptoBytes.Wipe(publicKey);
-#endif
-            return privateKey;
-        }
-
         public static void KeyPairFromSeed(out byte[] publicKey, out byte[] expandedPrivateKey, byte[] privateKeySeed)
         {
             if (privateKeySeed == null)

src/MySqlConnector.Authentication.Ed25519/Ed25519AuthenticationPlugin.cs

@@ -10,7 +10,9 @@ namespace MySqlConnector.Authentication.Ed25519;
 /// Provides an implementation of the <c>client_ed25519</c> authentication plugin for MariaDB.
 /// </summary>
 /// <remarks>See <a href="https://mariadb.com/kb/en/library/authentication-plugin-ed25519/">Authentication Plugin - ed25519</a>.</remarks>
-public sealed class Ed25519AuthenticationPlugin : IAuthenticationPlugin2
+#pragma warning disable CS0618 // Type or member is obsolete
+public sealed class Ed25519AuthenticationPlugin : IAuthenticationPlugin3, IAuthenticationPlugin2
+#pragma warning restore CS0618 // Type or member is obsolete
 {
 	/// <summary>
 	/// Registers the Ed25519 authentication plugin with MySqlConnector. You must call this method once before
@@ -32,7 +34,7 @@ public static void Install()
 	/// </summary>
 	public byte[] CreateResponse(string password, ReadOnlySpan<byte> authenticationData)
 	{
-		CreateResponseAndHash(password, authenticationData, out _, out var authenticationResponse);
+		CreateResponseAndPasswordHash(password, authenticationData, out var authenticationResponse, out _);
 		return authenticationResponse;
 	}
 
@@ -41,11 +43,20 @@ public byte[] CreateResponse(string password, ReadOnlySpan<byte> authenticationD
 	/// </summary>
 	public byte[] CreatePasswordHash(string password, ReadOnlySpan<byte> authenticationData)
 	{
-		CreateResponseAndHash(password, authenticationData, out var passwordHash, out _);
+		CreateResponseAndPasswordHash(password, authenticationData, out _, out var passwordHash);
 		return passwordHash;
 	}
 
-	private static void CreateResponseAndHash(string password, ReadOnlySpan<byte> authenticationData, out byte[] passwordHash, out byte[] authenticationResponse)
+	/// <summary>
+	/// Creates the authentication response and hashes the client's password (e.g., for TLS certificate fingerprint verification).
+	/// </summary>
+	/// <param name="password">The client's password.</param>
+	/// <param name="authenticationData">The authentication data supplied by the server; this is the <code>auth method data</code>
+	/// from the <a href="https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchRequest">Authentication
+	/// Method Switch Request Packet</a>.</param>
+	/// <param name="authenticationResponse">The authentication response.</param>
+	/// <param name="passwordHash">The authentication-method-specific hash of the client's password.</param>
+	public void CreateResponseAndPasswordHash(string password, ReadOnlySpan<byte> authenticationData, out byte[] authenticationResponse, out byte[] passwordHash)
 	{
 		// Java reference: https://github.com/MariaDB/mariadb-connector-j/blob/master/src/main/java/org/mariadb/jdbc/internal/com/send/authentication/Ed25519PasswordPlugin.java
 		// C reference:  https://github.com/MariaDB/server/blob/592fe954ef82be1bc08b29a8e54f7729eb1e1343/plugin/auth_ed25519/ref10/sign.c#L7

src/MySqlConnector.Authentication.Ed25519/ParsecAuthenticationPlugin.cs

@@ -8,7 +8,7 @@ namespace MySqlConnector.Authentication.Ed25519;
 /// <summary>
 /// Provides an implementation of the Parsec authentication plugin for MariaDB.
 /// </summary>
-public sealed class ParsecAuthenticationPlugin : IAuthenticationPlugin
+public sealed class ParsecAuthenticationPlugin : IAuthenticationPlugin3
 {
 	/// <summary>
 	/// Registers the Parsec authentication plugin with MySqlConnector. You must call this method once before
@@ -29,6 +29,15 @@ public static void Install()
 	/// Creates the authentication response.
 	/// </summary>
 	public byte[] CreateResponse(string password, ReadOnlySpan<byte> authenticationData)
+	{
+		CreateResponseAndPasswordHash(password, authenticationData, out var response, out _);
+		return response;
+	}
+
+	/// <summary>
+	/// Creates the authentication response.
+	/// </summary>
+	public void CreateResponseAndPasswordHash(string password, ReadOnlySpan<byte> authenticationData, out byte[] authenticationResponse, out byte[] passwordHash)
 	{
 		// first 32 bytes are server scramble
 		var serverScramble = authenticationData.Slice(0, 32);
@@ -54,32 +63,37 @@ public byte[] CreateResponse(string password, ReadOnlySpan<byte> authenticationD
 		var salt = extendedSalt.Slice(2);
 
 		// derive private key using PBKDF2-SHA512
-		byte[] privateKey;
+		byte[] privateKeySeed;
 #if NET6_0_OR_GREATER
-		privateKey = Rfc2898DeriveBytes.Pbkdf2(Encoding.UTF8.GetBytes(password), salt, iterationCount, HashAlgorithmName.SHA512, 32);
+		privateKeySeed = Rfc2898DeriveBytes.Pbkdf2(Encoding.UTF8.GetBytes(password), salt, iterationCount, HashAlgorithmName.SHA512, 32);
 #elif NET472_OR_GREATER || NETSTANDARD2_1_OR_GREATER
 		using (var pbkdf2 = new Rfc2898DeriveBytes(Encoding.UTF8.GetBytes(password), salt.ToArray(), iterationCount, HashAlgorithmName.SHA512))
-			privateKey = pbkdf2.GetBytes(32);
+			privateKeySeed = pbkdf2.GetBytes(32);
 #else
-		privateKey = Microsoft.AspNetCore.Cryptography.KeyDerivation.KeyDerivation.Pbkdf2(
+		privateKeySeed = Microsoft.AspNetCore.Cryptography.KeyDerivation.KeyDerivation.Pbkdf2(
 			password, salt.ToArray(), Microsoft.AspNetCore.Cryptography.KeyDerivation.KeyDerivationPrf.HMACSHA512,
 			iterationCount, numBytesRequested: 32);
 #endif
-		var expandedPrivateKey = Chaos.NaCl.Ed25519.ExpandedPrivateKeyFromSeed(privateKey);
+		Chaos.NaCl.Ed25519.KeyPairFromSeed(out var publicKey, out var privateKey, privateKeySeed);
 
 		// generate Ed25519 keypair and sign concatenated scrambles
 		var message = new byte[serverScramble.Length + clientScramble.Length];
 		serverScramble.CopyTo(message);
 		clientScramble.CopyTo(message.AsSpan(serverScramble.Length));
 
-		var signature = Chaos.NaCl.Ed25519.Sign(message, expandedPrivateKey);
+		var signature = Chaos.NaCl.Ed25519.Sign(message, privateKey);
+
+#if NETSTANDARD2_1_OR_GREATER || NETCOREAPP2_1_OR_GREATER
+		CryptographicOperations.ZeroMemory(privateKey);
+#endif
 
 		// return client scramble followed by signature
-		var response = new byte[clientScramble.Length + signature.Length];
-		clientScramble.CopyTo(response.AsSpan());
-		signature.CopyTo(response.AsSpan(clientScramble.Length));
-		
-		return response;
+		authenticationResponse = new byte[clientScramble.Length + signature.Length];
+		clientScramble.CopyTo(authenticationResponse.AsSpan());
+		signature.CopyTo(authenticationResponse.AsSpan(clientScramble.Length));
+
+		// "password hash" for parsec is the extended salt followed by the public key
+		passwordHash = [(byte) 'P', (byte) iterationCount, .. salt, .. publicKey];
 	}
 
 	private ParsecAuthenticationPlugin()

src/MySqlConnector.Authentication.Ed25519/docs/README.md

@@ -7,7 +7,7 @@ This package implements the following authentication plugins for MariaDB:
 
 ## How to Use
 
-Call either the following methods from your application startup code to enable the corresponding authentication plugin:
+Call either of the following methods from your application startup code to enable the corresponding authentication plugin:
 
 * `Ed25519AuthenticationPlugin.Install()`
 * `ParsecAuthenticationPlugin.Install()`

src/MySqlConnector/Authentication/IAuthenticationPlugin.cs

@@ -24,6 +24,7 @@ public interface IAuthenticationPlugin
 /// <summary>
 /// <see cref="IAuthenticationPlugin2"/> is an extension to <see cref="IAuthenticationPlugin"/> that returns a hash of the client's password.
 /// </summary>
+[Obsolete("Use IAuthenticationPlugin3 instead.")]
 public interface IAuthenticationPlugin2 : IAuthenticationPlugin
 {
 	/// <summary>
@@ -36,3 +37,21 @@ public interface IAuthenticationPlugin2 : IAuthenticationPlugin
 	/// <returns>The authentication-method-specific hash of the client's password.</returns>
 	byte[] CreatePasswordHash(string password, ReadOnlySpan<byte> authenticationData);
 }
+
+/// <summary>
+/// <see cref="IAuthenticationPlugin3"/> is an extension to <see cref="IAuthenticationPlugin"/> that also returns a hash of the client's password.
+/// </summary>
+/// <remarks>If an authentication plugin supports this interface, the base <see cref="IAuthenticationPlugin.CreateResponse(string, ReadOnlySpan{byte})"/> method will not be called.</remarks>
+public interface IAuthenticationPlugin3 : IAuthenticationPlugin
+{
+	/// <summary>
+	/// Creates the authentication response and hashes the client's password (e.g., for TLS certificate fingerprint verification).
+	/// </summary>
+	/// <param name="password">The client's password.</param>
+	/// <param name="authenticationData">The authentication data supplied by the server; this is the <code>auth method data</code>
+	/// from the <a href="https://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchRequest">Authentication
+	/// Method Switch Request Packet</a>.</param>
+	/// <param name="authenticationResponse">The authentication response.</param>
+	/// <param name="passwordHash">The authentication-method-specific hash of the client's password.</param>
+	void CreateResponseAndPasswordHash(string password, ReadOnlySpan<byte> authenticationData, out byte[] authenticationResponse, out byte[] passwordHash);
+}