boost_mirror/mysql
1
0
Fork 0
mirror of https://github.com/boostorg/mysql.git synced 2025-05-12 14:11:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

update challenge => scramble terminology

Browse Source
This commit is contained in:
Ruben Perez 2025-05-09 18:10:47 +02:00
parent 8804521386
commit 063d46a98e
8 changed files with 195 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
include/boost/mysql/impl/internal/sansio/caching_sha2_password.hpp
View File

@ -58,17 +58,17 @@ inline void csha2p_hash_password_impl(
span<std::uint8_t, csha2p_hash_size> output
)
{
// SHA(SHA(password_sha) concat challenge) XOR password_sha
// SHA(SHA(password_sha) concat scramble) XOR password_sha
// hash1 = SHA(pass)
std::array<std::uint8_t, csha2p_hash_size> password_sha;
SHA256(reinterpret_cast<const unsigned char*>(password.data()), password.size(), password_sha.data());
// SHA(password_sha) concat challenge = buffer
// SHA(password_sha) concat scramble = buffer
std::array<std::uint8_t, csha2p_hash_size + csha2p_hash_size> buffer;
SHA256(password_sha.data(), password_sha.size(), buffer.data());
std::memcpy(buffer.data() + csha2p_hash_size, scramble.data(), csha2p_hash_size);
// SHA(SHA(password_sha) concat challenge) = SHA(buffer) = salted_password
// SHA(SHA(password_sha) concat scramble) = SHA(buffer) = salted_password
std::array<std::uint8_t, csha2p_hash_size> salted_password;
SHA256(buffer.data(), buffer.size(), salted_password.data());
@ -126,14 +126,13 @@ using csha2p_password_buffer = container::small_vector<std::uint8_t, 256>;
inline error_code csha2p_encrypt_password(
string_view password,
span<const std::uint8_t> challenge,
span<const std::uint8_t, scramble_size> scramble,
span<const std::uint8_t> server_key,
csha2p_password_buffer& output
)
{
// TODO: test that these can really never happen
// TODO: this is not guaranteed
BOOST_ASSERT(!password.empty());
BOOST_ASSERT(!challenge.empty());
// Try to parse the private key. TODO: size check here
unique_bio bio{BIO_new_mem_buf(server_key.data(), server_key.size())};
@ -146,11 +145,11 @@ inline error_code csha2p_encrypt_password(
// Salt the password, as a NULL-terminated string
csha2p_password_buffer salted_password(password.size() + 1u, 0);
for (std::size_t i = 0; i < password.size(); ++i)
salted_password[i] = password[i] ^ challenge[i % challenge.size()];
salted_password[i] = password[i] ^ scramble[i % scramble.size()];
// Add the NULL terminator. It should be salted, too. Since 0 ^ U = U,
// the byte should be the challenge at the position we're in
salted_password[password.size()] = challenge[password.size() % challenge.size()];
// the byte should be the scramble at the position we're in
salted_password[password.size()] = scramble[password.size() % scramble.size()];
// Set up the encryption context
unique_evp_pkey_ctx ctx(EVP_PKEY_CTX_new(key.get(), nullptr));
@ -200,12 +199,12 @@ class csha2p_algo
connection_state_data& st,
std::uint8_t& seqnum,
string_view password,
span<const std::uint8_t> challenge,
span<const std::uint8_t, scramble_size> scramble,
span<const std::uint8_t> server_key
)
{
csha2p_password_buffer buff;
auto ec = csha2p_encrypt_password(password, challenge, server_key, buff);
auto ec = csha2p_encrypt_password(password, scramble, server_key, buff);
if (ec)
return ec;
return st.write(

2
include/boost/mysql/impl/internal/sansio/mysql_native_password.hpp
View File

@ -47,7 +47,7 @@ inline void mnp_hash_password_impl(
std::array<std::uint8_t, mnp_hash_size> password_sha1;
SHA1(reinterpret_cast<const unsigned char*>(password.data()), password.size(), password_sha1.data());
// Add server challenge (salt)
// Add server scramble (salt)
std::array<std::uint8_t, scramble_size + mnp_hash_size> salted_buffer;
std::memcpy(salted_buffer.data(), scramble.data(), scramble.size());
SHA1(password_sha1.data(), password_sha1.size(), salted_buffer.data() + mnp_hash_size);

128
test/unit/test/sansio/handshake/handshake.cpp
View File

@ -64,7 +64,7 @@ BOOST_AUTO_TEST_CASE(hello_unknown_plugin)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_plugin("unknown").auth_data(csha2p_challenge).build())
.expect_read(server_hello_builder().auth_plugin("unknown").auth_data(csha2p_scramble).build())
.check(fix, client_errc::unknown_auth_plugin);
}
@ -80,9 +80,8 @@ BOOST_AUTO_TEST_CASE(initial_response_error_flavor)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).version("11.4.2-MariaDB-ubu2404").build()
)
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().auth_data(mnp_scramble).version("11.4.2-MariaDB-ubu2404").build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(
err_builder().seqnum(2).code(mariadb_server_errc::er_bad_data).message("bad data").build_frame()
)
@ -107,12 +106,11 @@ BOOST_AUTO_TEST_CASE(authswitch_hash_password_error)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_auth_switch_frame(2, "mysql_native_password", std::vector<std::uint8_t>(21, 0x0a))
)
.check(fix, client_errc::protocol_value_error);
@ -127,14 +125,13 @@ BOOST_AUTO_TEST_CASE(authswitch_error)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_challenge))
.expect_write(create_frame(3, mnp_response))
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_scramble))
.expect_write(create_frame(3, mnp_hash))
.expect_read(err_builder()
.seqnum(4)
.code(common_server_errc::er_access_denied_error)
@ -154,14 +151,13 @@ BOOST_AUTO_TEST_CASE(authswitch_error_flavor)
.expect_read(server_hello_builder()
.version("11.4.2-MariaDB-ubu2404")
.auth_plugin("caching_sha2_password")
.auth_data(csha2p_challenge)
.auth_data(csha2p_scramble)
.build())
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_challenge))
.expect_write(create_frame(3, mnp_response))
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_scramble))
.expect_write(create_frame(3, mnp_hash))
.expect_read(
err_builder().seqnum(4).code(mariadb_server_errc::er_bad_data).message("Denied").build_frame()
)
@ -181,15 +177,14 @@ BOOST_AUTO_TEST_CASE(authswitch_authswitch)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_challenge))
.expect_write(create_frame(3, mnp_response))
.expect_read(create_auth_switch_frame(4, "mysql_native_password", mnp_challenge))
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_scramble))
.expect_write(create_frame(3, mnp_hash))
.expect_read(create_auth_switch_frame(4, "mysql_native_password", mnp_scramble))
.check(fix, client_errc::bad_handshake_packet_type);
}
@ -202,13 +197,12 @@ BOOST_AUTO_TEST_CASE(authswitch_unknown_plugin)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_auth_switch_frame(2, "unknown", mnp_challenge))
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_auth_switch_frame(2, "unknown", mnp_scramble))
.check(fix, client_errc::unknown_auth_plugin);
}
@ -221,14 +215,13 @@ BOOST_AUTO_TEST_CASE(authswitch_to_itself)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_auth_switch_frame(2, "caching_sha2_password", csha2p_challenge))
.expect_write(create_frame(3, csha2p_response))
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_auth_switch_frame(2, "caching_sha2_password", csha2p_scramble))
.expect_write(create_frame(3, csha2p_hash))
.expect_read(create_more_data_frame(4, csha2p_fast_auth_ok))
.expect_read(create_ok_frame(5, ok_builder().build()))
.will_set_status(connection_status::ready)
@ -251,14 +244,13 @@ BOOST_AUTO_TEST_CASE(moredata_authswitch)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_fast_auth_ok))
.expect_read(create_auth_switch_frame(3, "mysql_native_password", mnp_challenge))
.expect_read(create_auth_switch_frame(3, "mysql_native_password", mnp_scramble))
.check(fix, client_errc::bad_handshake_packet_type);
}
@ -270,14 +262,14 @@ BOOST_AUTO_TEST_CASE(authswitch_moredata_authswitch)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("mysql_native_password").auth_data(mnp_challenge).build()
server_hello_builder().auth_plugin("mysql_native_password").auth_data(mnp_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("mysql_native_password").auth_response(mnp_response).build()
login_request_builder().auth_plugin("mysql_native_password").auth_response(mnp_hash).build()
)
.expect_read(create_auth_switch_frame(2, "caching_sha2_password", csha2p_challenge))
.expect_write(create_frame(3, csha2p_response))
.expect_read(create_auth_switch_frame(4, "caching_sha2_password", csha2p_challenge))
.expect_read(create_auth_switch_frame(2, "caching_sha2_password", csha2p_scramble))
.expect_write(create_frame(3, csha2p_hash))
.expect_read(create_auth_switch_frame(4, "caching_sha2_password", csha2p_scramble))
.check(fix, client_errc::bad_handshake_packet_type);
}
@ -292,12 +284,11 @@ BOOST_AUTO_TEST_CASE(moredata_error_flavor)
.expect_read(server_hello_builder()
.version("11.4.2-MariaDB-ubu2404")
.auth_plugin("caching_sha2_password")
.auth_data(csha2p_challenge)
.auth_data(csha2p_scramble)
.build())
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_more_data_frame(2, csha2p_fast_auth_ok))
.expect_read(
err_builder().seqnum(3).code(mariadb_server_errc::er_bad_data).message("Denied").build_frame()
@ -324,12 +315,12 @@ BOOST_AUTO_TEST_CASE(network_errors)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(tls_caps).auth_data(mnp_challenge).build())
.expect_read(server_hello_builder().caps(tls_caps).auth_data(mnp_scramble).build())
.expect_write(create_ssl_request())
.expect_ssl_handshake()
.expect_write(login_request_builder().seqnum(2).caps(tls_caps).auth_response(mnp_response).build())
.expect_read(create_auth_switch_frame(3, "caching_sha2_password", csha2p_challenge))
.expect_write(create_frame(4, csha2p_response))
.expect_write(login_request_builder().seqnum(2).caps(tls_caps).auth_response(mnp_hash).build())
.expect_read(create_auth_switch_frame(3, "caching_sha2_password", csha2p_scramble))
.expect_write(create_frame(4, csha2p_hash))
.expect_read(create_more_data_frame(5, csha2p_perform_full_auth))
.expect_write(create_frame(6, null_terminated_password()))
.expect_read(create_ok_frame(7, ok_builder().build()))
@ -344,12 +335,11 @@ BOOST_AUTO_TEST_CASE(network_errors_read_moredata)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(client_errc::wrong_num_params)
.check(fix, client_errc::wrong_num_params);
}

50
test/unit/test/sansio/handshake/handshake_capabilities.cpp
View File

@ -32,8 +32,8 @@ BOOST_AUTO_TEST_CASE(db_nonempty_supported)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(db_caps).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().caps(db_caps).auth_response(mnp_response).db("mydb").build())
.expect_read(server_hello_builder().caps(db_caps).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().caps(db_caps).auth_response(mnp_hash).db("mydb").build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(db_caps)
@ -49,7 +49,7 @@ BOOST_AUTO_TEST_CASE(db_nonempty_unsupported)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(min_caps).auth_data(mnp_challenge).build())
.expect_read(server_hello_builder().caps(min_caps).auth_data(mnp_scramble).build())
.check(fix, client_errc::server_unsupported);
}
@ -61,8 +61,8 @@ BOOST_AUTO_TEST_CASE(db_empty_supported)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(db_caps).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_response).build())
.expect_read(server_hello_builder().caps(db_caps).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -79,8 +79,8 @@ BOOST_AUTO_TEST_CASE(db_empty_unsupported)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -105,8 +105,8 @@ BOOST_AUTO_TEST_CASE(multiq_true_supported)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(multiq_caps).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().caps(multiq_caps).auth_response(mnp_response).build())
.expect_read(server_hello_builder().caps(multiq_caps).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().caps(multiq_caps).auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(multiq_caps)
@ -125,7 +125,7 @@ BOOST_AUTO_TEST_CASE(multiq_true_unsupported)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(min_caps).auth_data(mnp_challenge).build())
.expect_read(server_hello_builder().caps(min_caps).auth_data(mnp_scramble).build())
.check(fix, client_errc::server_unsupported);
}
@ -137,8 +137,8 @@ BOOST_AUTO_TEST_CASE(multiq_false_supported)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(multiq_caps).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_response).build())
.expect_read(server_hello_builder().caps(multiq_caps).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -155,8 +155,8 @@ BOOST_AUTO_TEST_CASE(multiq_false_unsupported)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(min_caps).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_response).build())
.expect_read(server_hello_builder().caps(min_caps).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -184,11 +184,10 @@ BOOST_AUTO_TEST_CASE(tls_on)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(tls_caps).auth_data(mnp_challenge).build())
.expect_read(server_hello_builder().caps(tls_caps).auth_data(mnp_scramble).build())
.expect_write(create_ssl_request())
.expect_ssl_handshake()
.expect_write(
login_request_builder().seqnum(2).caps(tls_caps).auth_response(mnp_response).build()
.expect_write(login_request_builder().seqnum(2).caps(tls_caps).auth_response(mnp_hash).build()
)
.expect_read(create_ok_frame(3, ok_builder().build()))
.will_set_status(connection_status::ready)
@ -271,8 +270,8 @@ BOOST_AUTO_TEST_CASE(tls_off)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(tc.server_caps).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_response).build())
.expect_read(server_hello_builder().caps(tc.server_caps).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -294,7 +293,7 @@ BOOST_AUTO_TEST_CASE(tls_error_unsupported)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(min_caps).auth_data(mnp_challenge).build())
.expect_read(server_hello_builder().caps(min_caps).auth_data(mnp_scramble).build())
.check(fix, client_errc::server_doesnt_support_ssl);
}
@ -338,7 +337,7 @@ BOOST_AUTO_TEST_CASE(caps_mandatory)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(tc.caps).auth_data(mnp_challenge).build())
.expect_read(server_hello_builder().caps(tc.caps).auth_data(mnp_scramble).build())
.check(fix, client_errc::server_unsupported);
}
}
@ -365,9 +364,8 @@ BOOST_AUTO_TEST_CASE(caps_optional)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(min_caps | tc.caps).auth_data(mnp_challenge).build())
.expect_write(
login_request_builder().caps(min_caps | tc.caps).auth_response(mnp_response).build()
.expect_read(server_hello_builder().caps(min_caps | tc.caps).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().caps(min_caps | tc.caps).auth_response(mnp_hash).build()
)
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
@ -416,8 +414,8 @@ BOOST_AUTO_TEST_CASE(caps_ignored)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(min_caps | tc.caps).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_response).build())
.expect_read(server_hello_builder().caps(min_caps | tc.caps).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().caps(min_caps).auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)

10
test/unit/test/sansio/handshake/handshake_common.hpp
View File

@ -223,25 +223,25 @@ inline std::vector<std::uint8_t> create_more_data_frame(
}));
}
// These challenge/responses have been captured with Wireshark.
// These scrambles/hashes have been captured with Wireshark.
constexpr const char* password = "example_password";
constexpr std::uint8_t mnp_challenge[] = {
constexpr std::uint8_t mnp_scramble[] = {
0x1b, 0x0f, 0x6e, 0x59, 0x1b, 0x70, 0x33, 0x01, 0x0c, 0x01,
0x7e, 0x2e, 0x30, 0x7a, 0x79, 0x5c, 0x02, 0x50, 0x51, 0x35,
};
constexpr std::uint8_t mnp_response[] = {
constexpr std::uint8_t mnp_hash[] = {
0xbe, 0xa5, 0xb5, 0xe7, 0x9c, 0x05, 0x23, 0x34, 0xda, 0x06,
0x1d, 0xaf, 0xd9, 0x8b, 0x4b, 0x09, 0x86, 0xe5, 0xd1, 0x4a,
};
constexpr std::uint8_t csha2p_challenge[] = {
constexpr std::uint8_t csha2p_scramble[] = {
0x6f, 0x1b, 0x3b, 0x64, 0x39, 0x01, 0x46, 0x44, 0x53, 0x3b,
0x74, 0x3c, 0x3e, 0x3c, 0x3c, 0x0b, 0x30, 0x77, 0x1a, 0x49,
};
constexpr std::uint8_t csha2p_response[] = {
constexpr std::uint8_t csha2p_hash[] = {
0xa7, 0xc3, 0x7f, 0x88, 0x25, 0xec, 0x92, 0x2c, 0x88, 0xba, 0x47, 0x04, 0x14, 0xd2, 0xa3, 0xa3,
0x5e, 0xa9, 0x41, 0x8e, 0xdc, 0x89, 0xeb, 0xe2, 0xa1, 0xec, 0xd8, 0x4f, 0x73, 0xa1, 0x49, 0x60,
};

24
test/unit/test/sansio/handshake/handshake_connection_state_data.cpp
View File

@ -31,8 +31,8 @@ BOOST_AUTO_TEST_CASE(hello_connection_id)
// Run the test
algo_test()
.expect_read(server_hello_builder().connection_id(value).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().connection_id(value).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -65,8 +65,8 @@ BOOST_AUTO_TEST_CASE(flavor)
// Run the test
algo_test()
.expect_read(server_hello_builder().version(tc.version).auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().version(tc.version).auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -91,10 +91,10 @@ BOOST_AUTO_TEST_CASE(unknown_collation)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).build())
.expect_read(server_hello_builder().auth_data(mnp_scramble).build())
.expect_write(login_request_builder()
.collation(mysql_collations::utf8mb4_0900_as_ci)
.auth_response(mnp_response)
.auth_response(mnp_hash)
.build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
@ -113,8 +113,8 @@ BOOST_AUTO_TEST_CASE(backslash_escapes)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().no_backslash_escapes(true).build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -133,8 +133,8 @@ BOOST_AUTO_TEST_CASE(meta_mode)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -166,8 +166,8 @@ BOOST_AUTO_TEST_CASE(connection_status_success)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)

138
test/unit/test/sansio/handshake/handshake_csha2p.cpp
View File

@ -36,12 +36,11 @@ BOOST_AUTO_TEST_CASE(ok)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -60,12 +59,11 @@ BOOST_AUTO_TEST_CASE(err)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(err_builder()
.seqnum(2)
.code(common_server_errc::er_access_denied_error)
@ -85,12 +83,11 @@ BOOST_AUTO_TEST_CASE(fullauth)
.expect_read(server_hello_builder()
.caps(tls_caps)
.auth_plugin("caching_sha2_password")
.auth_data(csha2p_challenge)
.auth_data(csha2p_scramble)
.build())
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_more_data_frame(2, csha2p_perform_full_auth))
.check(fix, client_errc::auth_plugin_requires_ssl);
}
@ -104,12 +101,11 @@ BOOST_AUTO_TEST_CASE(moredata)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, std::vector<std::uint8_t>{3, 4}))
.check(fix, client_errc::bad_handshake_packet_type);
}
@ -123,12 +119,11 @@ BOOST_AUTO_TEST_CASE(fastok_ok)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_fast_auth_ok))
.expect_read(create_ok_frame(3, ok_builder().build()))
.will_set_status(connection_status::ready)
@ -148,12 +143,11 @@ BOOST_AUTO_TEST_CASE(fastok_err)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_fast_auth_ok))
.expect_read(err_builder()
.seqnum(3)
@ -172,12 +166,11 @@ BOOST_AUTO_TEST_CASE(fastok_fastok)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_fast_auth_ok))
.expect_read(create_more_data_frame(3, csha2p_fast_auth_ok))
.check(fix, client_errc::bad_handshake_packet_type);
@ -192,12 +185,11 @@ BOOST_AUTO_TEST_CASE(fastok_fullauth)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_fast_auth_ok))
.expect_read(create_more_data_frame(3, csha2p_perform_full_auth))
.check(fix, client_errc::bad_handshake_packet_type);
@ -212,12 +204,11 @@ BOOST_AUTO_TEST_CASE(fastok_moredata)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_fast_auth_ok))
.expect_read(create_more_data_frame(3, std::vector<std::uint8_t>{10, 20, 30}))
.check(fix, client_errc::bad_handshake_packet_type);
@ -232,13 +223,13 @@ BOOST_AUTO_TEST_CASE(authswitch_fastok_ok)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("mysql_native_password").auth_data(mnp_challenge).build()
server_hello_builder().auth_plugin("mysql_native_password").auth_data(mnp_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("mysql_native_password").auth_response(mnp_response).build()
login_request_builder().auth_plugin("mysql_native_password").auth_response(mnp_hash).build()
)
.expect_read(create_auth_switch_frame(2, "caching_sha2_password", csha2p_challenge))
.expect_write(create_frame(3, csha2p_response))
.expect_read(create_auth_switch_frame(2, "caching_sha2_password", csha2p_scramble))
.expect_write(create_frame(3, csha2p_hash))
.expect_read(create_more_data_frame(4, csha2p_fast_auth_ok))
.expect_read(create_ok_frame(5, ok_builder().build()))
.will_set_status(connection_status::ready)
@ -258,12 +249,11 @@ BOOST_AUTO_TEST_CASE(securetransport_fullauth_ok)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_perform_full_auth))
.expect_write(create_frame(3, null_terminated_password()))
.expect_read(create_ok_frame(4, ok_builder().build()))
@ -285,12 +275,11 @@ BOOST_AUTO_TEST_CASE(securetransport_fullauth_err)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_perform_full_auth))
.expect_write(create_frame(3, null_terminated_password()))
.expect_read(err_builder()
@ -310,12 +299,11 @@ BOOST_AUTO_TEST_CASE(securetransport_fullauth_fastok)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_perform_full_auth))
.expect_write(create_frame(3, null_terminated_password()))
.expect_read(create_more_data_frame(4, csha2p_fast_auth_ok))
@ -331,12 +319,11 @@ BOOST_AUTO_TEST_CASE(securetransport_fullauth_fullauth)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_perform_full_auth))
.expect_write(create_frame(3, null_terminated_password()))
.expect_read(create_more_data_frame(4, csha2p_perform_full_auth))
@ -352,12 +339,11 @@ BOOST_AUTO_TEST_CASE(securetransport_fullauth_moredata)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_more_data_frame(2, csha2p_perform_full_auth))
.expect_write(create_frame(3, null_terminated_password()))
.expect_read(create_more_data_frame(4, std::vector<std::uint8_t>{4, 3, 2}))
@ -376,7 +362,7 @@ BOOST_AUTO_TEST_CASE(tls)
.expect_read(server_hello_builder()
.caps(tls_caps)
.auth_plugin("caching_sha2_password")
.auth_data(csha2p_challenge)
.auth_data(csha2p_scramble)
.build())
.expect_write(create_ssl_request())
.expect_ssl_handshake()
@ -384,7 +370,7 @@ BOOST_AUTO_TEST_CASE(tls)
.seqnum(2)
.caps(tls_caps)
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.auth_response(csha2p_hash)
.build())
.expect_read(create_more_data_frame(3, csha2p_perform_full_auth))
.expect_write(create_frame(4, null_terminated_password()))

46
test/unit/test/sansio/handshake/handshake_mnp.cpp
View File

@ -29,8 +29,8 @@ BOOST_AUTO_TEST_CASE(ok)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(create_ok_frame(2, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -46,8 +46,8 @@ BOOST_AUTO_TEST_CASE(err)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(server_hello_builder().auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(err_builder()
.seqnum(2)
.code(common_server_errc::er_access_denied_error)
@ -65,14 +65,13 @@ BOOST_AUTO_TEST_CASE(authswitch_ok)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_challenge))
.expect_write(create_frame(3, mnp_response))
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_scramble))
.expect_write(create_frame(3, mnp_hash))
.expect_read(create_ok_frame(4, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_capabilities(min_caps)
@ -90,10 +89,10 @@ BOOST_AUTO_TEST_CASE(mnp_tls)
// Run the test
algo_test()
.expect_read(server_hello_builder().caps(tls_caps).auth_data(mnp_challenge).build())
.expect_read(server_hello_builder().caps(tls_caps).auth_data(mnp_scramble).build())
.expect_write(create_ssl_request())
.expect_ssl_handshake()
.expect_write(login_request_builder().seqnum(2).caps(tls_caps).auth_response(mnp_response).build())
.expect_write(login_request_builder().seqnum(2).caps(tls_caps).auth_response(mnp_hash).build())
.expect_read(create_ok_frame(3, ok_builder().build()))
.will_set_status(connection_status::ready)
.will_set_tls_active(true)
@ -111,9 +110,9 @@ BOOST_AUTO_TEST_CASE(moredata)
// Run the test
algo_test()
.expect_read(server_hello_builder().auth_data(mnp_challenge).build())
.expect_write(login_request_builder().auth_response(mnp_response).build())
.expect_read(create_more_data_frame(2, mnp_challenge))
.expect_read(server_hello_builder().auth_data(mnp_scramble).build())
.expect_write(login_request_builder().auth_response(mnp_hash).build())
.expect_read(create_more_data_frame(2, mnp_scramble))
.check(fix, client_errc::bad_handshake_packet_type);
}
@ -125,15 +124,14 @@ BOOST_AUTO_TEST_CASE(authswitch_moredata)
// Run the test
algo_test()
.expect_read(
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_challenge).build()
server_hello_builder().auth_plugin("caching_sha2_password").auth_data(csha2p_scramble).build()
)
.expect_write(login_request_builder()
.auth_plugin("caching_sha2_password")
.auth_response(csha2p_response)
.build())
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_challenge))
.expect_write(create_frame(3, mnp_response))
.expect_read(create_more_data_frame(4, mnp_challenge))
.expect_write(
login_request_builder().auth_plugin("caching_sha2_password").auth_response(csha2p_hash).build()
)
.expect_read(create_auth_switch_frame(2, "mysql_native_password", mnp_scramble))
.expect_write(create_frame(3, mnp_hash))
.expect_read(create_more_data_frame(4, mnp_scramble))
.check(fix, client_errc::bad_handshake_packet_type);
}