MySQL  8.0.21
Source Code Documentation
i_sha2_password.h
Go to the documentation of this file.
1 /*
2 Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
3 
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License, version 2.0,
6 as published by the Free Software Foundation.
7 
8 This program is also distributed with certain software (including
9 but not limited to OpenSSL) that is licensed under separate terms,
10 as designated in a particular file or component or in included license
11 documentation. The authors of MySQL hereby grant you an additional
12 permission to link the program and your derivative works with the
13 separately licensed software that they have included with MySQL.
14 
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License, version 2.0, for more details.
19 
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23 
24 #ifndef I_SHA2_PASSWORD_INCLUDED
25 #define I_SHA2_PASSWORD_INCLUDED
26 
27 #include <string>
28 #include <unordered_map>
29 
30 #include "crypt_genhash_impl.h" /* For salt, sha2 digest */
31 #include "mysql/plugin.h" /* MYSQL_PLUGIN */
32 #include "mysql/psi/mysql_rwlock.h" /* mysql_rwlock_t */
34 
35 /**
36  @file sql/auth/i_sha2_password.h
37  Classes for caching_sha2_authentication plugin
38 */
39 
40 /**
41  @defgroup auth_caching_sha2_auth caching_sha2_authentication information
42  @{
43 */
44 namespace sha2_password {
45 /* fast digest rounds */
46 const unsigned int MIN_FAST_DIGEST_ROUNDS = 2;
47 const unsigned int DEFAULT_FAST_DIGEST_ROUNDS = 2;
48 const unsigned int MAX_FAST_DIGEST_ROUNDS = 1000;
49 
50 /* Length of Digest Info field */
51 const unsigned int DIGEST_INFO_LENGTH = 1;
52 /* Length of iteration info field */
53 const unsigned int ITERATION_LENGTH = 3;
54 /* Iteration multipler to be used on extracted iteration count */
55 const unsigned int ITERATION_MULTIPLIER = 1000;
56 /* Upper cap on iterations */
57 const long unsigned int MAX_ITERATIONS = 100000;
58 /* length of salt */
59 const unsigned int SALT_LENGTH = CRYPT_SALT_LENGTH;
60 /* $ + A + $ + ITERATION_LENGTH + $ + SALT_LENGTH + CACHING_SHA2_DIGEST_LENGTH =
61  * 59 */
62 const unsigned int SHA256_AUTH_STRING_LEN =
63  1 + 1 + 1 + ITERATION_LENGTH + 1 + SALT_LENGTH + CACHING_SHA2_DIGEST_LENGTH;
64 /* Delimiter character */
65 const char DELIMITER = '$';
66 /* Store digest length */
67 const unsigned int STORED_SHA256_DIGEST_LENGTH = 43;
68 /* stored digest rounds*/
72 /* Maximum password length */
74 /* Maximum supported passwords */
75 const unsigned int MAX_PASSWORDS = 2;
76 
77 typedef struct sha2_cache_entry {
80 
81 /**
82  Password cache used for caching_sha2_authentication
83 */
84 
86  public:
87  typedef std::unordered_map<std::string, sha2_cache_entry> password_cache;
88 
91  bool add(const std::string authorization_id,
92  const sha2_cache_entry &entry_to_be_cached);
93  bool remove(const std::string authorization_id);
94  bool search(const std::string authorization_id,
95  sha2_cache_entry &cache_entry);
96  /** Returns number of cache entries present */
97  size_t size() { return m_password_cache.size(); }
98  void clear_cache();
99 
100  private:
101  password_cache m_password_cache;
102 };
103 
104 /**
105  Class to handle caching_sha2_authentication
106  Provides methods for:
107  - Fast authentication
108  - Strong authentication
109  - Removal of cached entry
110 */
112  public:
114  MYSQL_PLUGIN plugin_handle,
115  size_t stored_digest_rounds = DEFAULT_STORED_DIGEST_ROUNDS,
116  unsigned int fast_digest_rounds = DEFAULT_FAST_DIGEST_ROUNDS,
119  std::pair<bool, bool> authenticate(const std::string &authorization_id,
120  const std::string *serialized_string,
121  const std::string &plaintext_password);
122  std::pair<bool, bool> fast_authenticate(const std::string &authorization_id,
123  const unsigned char *random,
124  unsigned int random_length,
125  const unsigned char *scramble,
126  bool check_second);
127  void remove_cached_entry(const std::string authorization_id);
128  bool deserialize(const std::string &serialized_string,
129  Digest_info &digest_type, std::string &salt,
130  std::string &digest, size_t &iterations);
131  bool serialize(std::string &serialized_string, const Digest_info &digest_type,
132  const std::string &salt, const std::string &digest,
133  size_t iterations);
134  bool generate_fast_digest(const std::string &plaintext_password,
135  sha2_cache_entry &digest, unsigned int loc);
136  bool generate_sha2_multi_hash(const std::string &src,
137  const std::string &random, std::string *digest,
138  unsigned int iterations);
139  size_t get_cache_count();
140  void clear_cache();
141  bool validate_hash(const std::string serialized_string);
142  Digest_info get_digest_type() const { return m_digest_type; }
143  size_t get_digest_rounds() { return m_stored_digest_rounds; }
144 
145  private:
146  /** Plugin handle */
148  /** Number of rounds for stored digest */
150  /** Number of rounds for fast digest */
151  unsigned int m_fast_digest_rounds;
152  /** Digest type */
154  /** Lock to protect @c m_cache */
156  /** user=>password cache */
158 };
159 } // namespace sha2_password
160 
161 /** @} (end of auth_caching_sha2_auth) */
162 
163 #endif // !I_SHA2_PASSWORD_INCLUDED
mysql_rwlock_t m_cache_lock
Lock to protect m_cache.
Definition: i_sha2_password.h:155
const unsigned int DEFAULT_FAST_DIGEST_ROUNDS
Definition: i_sha2_password.h:47
const unsigned int SALT_LENGTH
Definition: i_sha2_password.h:59
void add(ENGINE_HANDLE *h, ENGINE_HANDLE_V1 *h1)
Definition: suite_stubs.c:69
const unsigned int ITERATION_MULTIPLIER
Definition: i_sha2_password.h:55
const unsigned int CACHING_SHA2_DIGEST_LENGTH
Definition: i_sha2_password_common.h:44
#define ROUNDS_DEFAULT
Definition: crypt_genhash_impl.h:29
const unsigned int MAX_FAST_DIGEST_ROUNDS
Definition: i_sha2_password.h:48
const unsigned int STORED_SHA256_DIGEST_LENGTH
Definition: i_sha2_password.h:67
size_t size()
Returns number of cache entries present.
Definition: i_sha2_password.h:97
bool deserialize(THD *thd, const Sdi_type &sdi, Table *dst_table, SdiCompatibilityChecker comp_checker, String_type *deser_schema_name)
Deserialize a dd::Table object.
Definition: sdi.cc:474
size_t get_digest_rounds()
Definition: i_sha2_password.h:143
const size_t CACHING_SHA2_PASSWORD_MAX_PASSWORD_LENGTH
Definition: i_sha2_password.h:73
const size_t MAX_STORED_DIGEST_ROUNDS
Definition: i_sha2_password.h:71
struct sha2_password::sha2_cache_entry sha2_cache_entry
unsigned int m_fast_digest_rounds
Number of rounds for fast digest.
Definition: i_sha2_password.h:151
Classes for caching_sha2_authentication plugin.
Digest_info get_digest_type() const
Definition: i_sha2_password.h:142
#define MAX_PLAINTEXT_LENGTH
Definition: crypt_genhash_impl.h:40
const unsigned int MAX_PASSWORDS
Definition: i_sha2_password.h:75
Definition: i_sha2_password.h:44
SHA2_password_cache m_cache
user=>password cache
Definition: i_sha2_password.h:157
const long unsigned int MAX_ITERATIONS
Definition: i_sha2_password.h:57
Definition: i_sha2_password.h:77
Instrumentation helpers for rwlock.
#define CRYPT_SALT_LENGTH
Definition: crypt_genhash_impl.h:33
void * MYSQL_PLUGIN
Definition: plugin.h:73
static unsigned int iterations
Definition: mysqlslap.cc:184
MYSQL_PLUGIN m_plugin_info
Plugin handle.
Definition: i_sha2_password.h:147
size_t m_stored_digest_rounds
Number of rounds for stored digest.
Definition: i_sha2_password.h:149
const unsigned int DIGEST_INFO_LENGTH
Definition: i_sha2_password.h:51
Digest_info m_digest_type
Digest type.
Definition: i_sha2_password.h:153
#define ROUNDS_MAX
Definition: crypt_genhash_impl.h:31
Class to handle caching_sha2_authentication Provides methods for:
Definition: i_sha2_password.h:111
const size_t DEFAULT_STORED_DIGEST_ROUNDS
Definition: i_sha2_password.h:70
void scramble(char *to, const char *message, const char *password)
Produce an obscure octet sequence from password and random string, received from the server...
Definition: password.cc:270
An instrumented rwlock structure.
Definition: mysql_rwlock_bits.h:50
const unsigned int ITERATION_LENGTH
Definition: i_sha2_password.h:53
native_mutex_t serialize
Definition: debug_lock_order.cc:2827
const unsigned int SHA256_AUTH_STRING_LEN
Definition: i_sha2_password.h:62
unsigned char digest_buffer[MAX_PASSWORDS][CACHING_SHA2_DIGEST_LENGTH]
Definition: i_sha2_password.h:78
Digest_info
Supported digest information.
Definition: i_sha2_password_common.h:50
password_cache m_password_cache
Definition: i_sha2_password.h:101
SHA2_password_cache()
Definition: i_sha2_password.h:89
std::unordered_map< std::string, sha2_cache_entry > password_cache
Definition: i_sha2_password.h:87
const unsigned int MIN_FAST_DIGEST_ROUNDS
Definition: i_sha2_password.h:46
#define ROUNDS_MIN
Definition: crypt_genhash_impl.h:30
const size_t MIN_STORED_DIGEST_ROUNDS
Definition: i_sha2_password.h:69
const char DELIMITER
Definition: i_sha2_password.h:65
Password cache used for caching_sha2_authentication.
Definition: i_sha2_password.h:85