2
Copyright (c) 2000, 2011, Oracle and/or its affiliates.
3
Copyright (c) 2012, Monty Program Ab
5
This program is free software; you can redistribute it and/or modify
6
it under the terms of the GNU General Public License as published by
7
the Free Software Foundation; version 2 of the License.
9
This program is distributed in the hope that it will be useful,
10
but WITHOUT ANY WARRANTY; without even the implied warranty of
11
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
GNU General Public License for more details.
14
You should have received a copy of the GNU General Public License
15
along with this program; if not, write to the Free Software
16
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
18
/* password checking routines */
19
/*****************************************************************************
20
The main idea is that no password are sent between client & server on
21
connection and that no password are saved in mysql in a decodable form.
23
On connection a random string is generated and sent to the client.
24
The client generates a new string with a random generator inited with
25
the hash values from the password and the sent string.
26
This 'check' string is sent to the server where it is compared with
27
a string generated from the stored hash_value of the password and the
30
The password is saved (in user.password) by using the PASSWORD() function in
33
This is .c file because it's used in libmysqlclient, which is entirely in C.
34
(we need it to be portable to a variety of systems).
36
update user set password=PASSWORD("hello") where user="test"
37
This saves a hashed number as a string in the password field.
39
The new authentication is performed in following manner:
41
SERVER: public_seed=create_random_string()
44
CLIENT: recv(public_seed)
45
hash_stage1=sha1("password")
46
hash_stage2=sha1(hash_stage1)
47
reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
49
// this three steps are done in scramble()
55
hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
56
candidate_hash2=sha1(hash_stage1)
57
check(candidate_hash2==hash_stage2)
59
// this three steps are done in check_scramble()
61
*****************************************************************************/
64
#include <my_global.h>
70
/************ MySQL 3.23-4.0 authentication routines: untouched ***********/
73
New (MySQL 3.21+) random generation structure initialization
76
rand_st OUT Structure to initialize
77
seed1 IN First initialization parameter
78
seed2 IN Second initialization parameter
82
Generate binary hash from raw text string
83
Used for Pre-4.1 password handling
86
result OUT store hash in this location
87
password IN plain text password to build hash
88
password_len IN password length (password may be not null-terminated)
91
void hash_password(ulong *result, const char *password, uint password_len)
93
register ulong nr=1345345333L, add=7, nr2=0x12345671L;
95
const char *password_end= password + password_len;
96
for (; password < password_end; password++)
98
if (*password == ' ' || *password == '\t')
99
continue; /* skip space in password */
100
tmp= (ulong) (uchar) *password;
101
nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
102
nr2+=(nr2 << 8) ^ nr;
105
result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
106
result[1]=nr2 & (((ulong) 1L << 31) -1L);
111
Create password to be stored in user database from raw string
112
Used for pre-4.1 password handling
114
my_make_scrambled_password_323()
115
to OUT store scrambled password here
116
password IN user-supplied password
117
pass_len IN length of password string
120
void my_make_scrambled_password_323(char *to, const char *password,
124
hash_password(hash_res, password, (uint) pass_len);
125
sprintf(to, "%08lx%08lx", hash_res[0], hash_res[1]);
130
Wrapper around my_make_scrambled_password_323() to maintain client lib ABI
132
In server code usage of my_make_scrambled_password_323() is preferred to
135
make_scrambled_password_323()
136
to OUT store scrambled password here
137
password IN NULL-terminated string with user-supplied password
140
void make_scrambled_password_323(char *to, const char *password)
142
my_make_scrambled_password_323(to, password, strlen(password));
147
Scramble string with password.
148
Used in pre 4.1 authentication phase.
151
to OUT Store scrambled message here. Buffer must be at least
152
SCRAMBLE_LENGTH_323+1 bytes long
153
message IN Message to scramble. Message must be at least
154
SRAMBLE_LENGTH_323 bytes long.
155
password IN Password to use while scrambling
158
void scramble_323(char *to, const char *message, const char *password)
160
struct my_rnd_struct rand_st;
161
ulong hash_pass[2], hash_message[2];
163
if (password && password[0])
165
char extra, *to_start=to;
166
const char *message_end= message + SCRAMBLE_LENGTH_323;
167
hash_password(hash_pass,password, (uint) strlen(password));
168
hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
169
my_rnd_init(&rand_st,hash_pass[0] ^ hash_message[0],
170
hash_pass[1] ^ hash_message[1]);
171
for (; message < message_end; message++)
172
*to++= (char) (floor(my_rnd(&rand_st)*31)+64);
173
extra=(char) (floor(my_rnd(&rand_st)*31));
174
while (to_start != to)
175
*(to_start++)^=extra;
182
Check scrambled message. Used in pre 4.1 password handling.
184
@param scrambled Scrambled message to check.
185
@param message Original random message which was used for scrambling.
186
@param hash_pass Password which should be used for scrambling.
188
@remark scrambled and message must be SCRAMBLED_LENGTH_323 bytes long.
190
@return FALSE if password is correct, TRUE otherwise.
194
check_scramble_323(const unsigned char *scrambled, const char *message,
197
struct my_rnd_struct rand_st;
198
ulong hash_message[2];
199
/* Big enough for checks. */
200
uchar buff[16], scrambled_buff[SCRAMBLE_LENGTH_323 + 1];
204
/* Ensure that the scrambled message is null-terminated. */
205
memcpy(scrambled_buff, scrambled, SCRAMBLE_LENGTH_323);
206
scrambled_buff[SCRAMBLE_LENGTH_323]= '\0';
207
scrambled= scrambled_buff;
209
hash_password(hash_message, message, SCRAMBLE_LENGTH_323);
210
my_rnd_init(&rand_st,hash_pass[0] ^ hash_message[0],
211
hash_pass[1] ^ hash_message[1]);
213
DBUG_ASSERT(sizeof(buff) > SCRAMBLE_LENGTH_323);
214
for (pos=scrambled ; *pos && to < buff+sizeof(buff) ; pos++)
215
*to++=(char) (floor(my_rnd(&rand_st)*31)+64);
216
if (pos-scrambled != SCRAMBLE_LENGTH_323)
218
extra=(char) (floor(my_rnd(&rand_st)*31));
222
if (*scrambled++ != (uchar) (*to++ ^ extra))
223
return 1; /* Wrong password */
228
static inline uint8 char_val(uint8 X)
230
return (uint) (X >= '0' && X <= '9' ? X-'0' :
231
X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
236
Convert password from hex string (as stored in mysql.user) to binary form.
238
get_salt_from_password_323()
239
res OUT store salt here
240
password IN password string as stored in mysql.user
242
This function does not have length check for passwords. It will just crash
243
Password hashes in old format must have length divisible by 8
246
void get_salt_from_password_323(ulong *res, const char *password)
255
for (i=0 ; i < 8 ; i++)
256
val=(val << 4)+char_val(*password++);
264
Convert scrambled password from binary form to asciiz hex string.
266
make_password_from_salt_323()
267
to OUT store resulting string password here, at least 17 bytes
268
salt IN password in salt format, 2 ulongs
271
void make_password_from_salt_323(char *to, const ulong *salt)
273
sprintf(to,"%08lx%08lx", salt[0], salt[1]);
278
**************** MySQL 4.1.1 authentication routines *************
282
Generate string of printable random characters of requested length
284
create_random_string()
285
to OUT buffer for generation; must be at least length+1 bytes
286
long; result string is always null-terminated
287
length IN how many random characters to put in buffer
288
rand_st INOUT structure used for number generation
291
void create_random_string(char *to, uint length,
292
struct my_rnd_struct *rand_st)
294
char *end= to + length;
295
/* Use pointer arithmetics as it is faster way to do so. */
296
for (; to < end; to++)
297
*to= (char) (my_rnd(rand_st)*94+33);
302
/* Character to use as version identifier for version 4.1 */
304
#define PVERSION41_CHAR '*'
308
Convert given octet sequence to asciiz string of hex characters;
309
str..str+len and 'to' may not overlap.
312
buf OUT output buffer. Must be at least 2*len+1 bytes
313
str, len IN the beginning and the length of the input string
319
char *octet2hex(char *to, const char *str, uint len)
321
const char *str_end= str + len;
322
for (; str != str_end; ++str)
324
*to++= _dig_vec_upper[((uchar) *str) >> 4];
325
*to++= _dig_vec_upper[((uchar) *str) & 0x0F];
333
Convert given asciiz string of hex (0..9 a..f) characters to octet
337
to OUT buffer to place result; must be at least len/2 bytes
338
str, len IN begin, length for character string; str and to may not
339
overlap; len % 2 == 0
343
hex2octet(uint8 *to, const char *str, uint len)
345
const char *str_end= str + len;
346
while (str < str_end)
348
register char tmp= char_val(*str++);
349
*to++= (tmp << 4) | char_val(*str++);
355
Encrypt/Decrypt function used for password encryption in authentication.
356
Simple XOR is used here but it is OK as we crypt random strings. Note,
357
that XOR(s1, XOR(s1, s2)) == s2, XOR(s1, s2) == XOR(s2, s1)
360
to OUT buffer to hold crypted string; must be at least len bytes
361
long; to and s1 (or s2) may be the same.
362
s1, s2 IN input strings (of equal length)
363
len IN length of s1 and s2
367
my_crypt(char *to, const uchar *s1, const uchar *s2, uint len)
369
const uint8 *s1_end= s1 + len;
371
*to++= *s1++ ^ *s2++;
376
MySQL 4.1.1 password hashing: SHA conversion (see RFC 2289, 3174) twice
377
applied to the password string, and then produced octet sequence is
378
converted to hex string.
379
The result of this function is used as return value from PASSWORD() and
380
is stored in the database.
382
my_make_scrambled_password()
383
buf OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
384
password IN password string
385
pass_len IN length of password string
388
void my_make_scrambled_password(char *to, const char *password,
391
SHA1_CONTEXT sha1_context;
392
uint8 hash_stage2[SHA1_HASH_SIZE];
394
mysql_sha1_reset(&sha1_context);
395
/* stage 1: hash password */
396
mysql_sha1_input(&sha1_context, (uint8 *) password, (uint) pass_len);
397
mysql_sha1_result(&sha1_context, (uint8 *) to);
398
/* stage 2: hash stage1 output */
399
mysql_sha1_reset(&sha1_context);
400
mysql_sha1_input(&sha1_context, (uint8 *) to, SHA1_HASH_SIZE);
401
/* separate buffer is used to pass 'to' in octet2hex */
402
mysql_sha1_result(&sha1_context, hash_stage2);
403
/* convert hash_stage2 to hex string */
404
*to++= PVERSION41_CHAR;
405
octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
410
Wrapper around my_make_scrambled_password() to maintain client lib ABI
412
In server code usage of my_make_scrambled_password() is preferred to
415
make_scrambled_password()
416
buf OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
417
password IN NULL-terminated password string
420
void make_scrambled_password(char *to, const char *password)
422
my_make_scrambled_password(to, password, strlen(password));
427
Produce an obscure octet sequence from password and random
428
string, recieved from the server. This sequence corresponds to the
429
password, but password can not be easily restored from it. The sequence
430
is then sent to the server for validation. Trailing zero is not stored
431
in the buf as it is not needed.
432
This function is used by client to create authenticated reply to the
436
buf OUT store scrambled string here. The buf must be at least
437
SHA1_HASH_SIZE bytes long.
438
message IN random message, must be exactly SCRAMBLE_LENGTH long and
440
password IN users' password
444
scramble(char *to, const char *message, const char *password)
446
SHA1_CONTEXT sha1_context;
447
uint8 hash_stage1[SHA1_HASH_SIZE];
448
uint8 hash_stage2[SHA1_HASH_SIZE];
450
mysql_sha1_reset(&sha1_context);
451
/* stage 1: hash password */
452
mysql_sha1_input(&sha1_context, (uint8 *) password, (uint) strlen(password));
453
mysql_sha1_result(&sha1_context, hash_stage1);
454
/* stage 2: hash stage 1; note that hash_stage2 is stored in the database */
455
mysql_sha1_reset(&sha1_context);
456
mysql_sha1_input(&sha1_context, hash_stage1, SHA1_HASH_SIZE);
457
mysql_sha1_result(&sha1_context, hash_stage2);
458
/* create crypt string as sha1(message, hash_stage2) */;
459
mysql_sha1_reset(&sha1_context);
460
mysql_sha1_input(&sha1_context, (const uint8 *) message, SCRAMBLE_LENGTH);
461
mysql_sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
462
/* xor allows 'from' and 'to' overlap: lets take advantage of it */
463
mysql_sha1_result(&sha1_context, (uint8 *) to);
464
my_crypt(to, (const uchar *) to, hash_stage1, SCRAMBLE_LENGTH);
469
Check that scrambled message corresponds to the password; the function
470
is used by server to check that recieved reply is authentic.
471
This function does not check lengths of given strings: message must be
472
null-terminated, reply and hash_stage2 must be at least SHA1_HASH_SIZE
473
long (if not, something fishy is going on).
476
scramble clients' reply, presumably produced by scramble()
477
message original random string, previously sent to client
478
(presumably second argument of scramble()), must be
479
exactly SCRAMBLE_LENGTH long and NULL-terminated.
480
hash_stage2 hex2octet-decoded database entry
484
0 password is correct
485
!0 password is invalid
489
check_scramble(const uchar *scramble_arg, const char *message,
490
const uint8 *hash_stage2)
492
SHA1_CONTEXT sha1_context;
493
uint8 buf[SHA1_HASH_SIZE];
494
uint8 hash_stage2_reassured[SHA1_HASH_SIZE];
496
mysql_sha1_reset(&sha1_context);
497
/* create key to encrypt scramble */
498
mysql_sha1_input(&sha1_context, (const uint8 *) message, SCRAMBLE_LENGTH);
499
mysql_sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
500
mysql_sha1_result(&sha1_context, buf);
501
/* encrypt scramble */
502
my_crypt((char *) buf, buf, scramble_arg, SCRAMBLE_LENGTH);
503
/* now buf supposedly contains hash_stage1: so we can get hash_stage2 */
504
mysql_sha1_reset(&sha1_context);
505
mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
506
mysql_sha1_result(&sha1_context, hash_stage2_reassured);
507
return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
512
Convert scrambled password from asciiz hex string to binary form.
515
get_salt_from_password()
516
res OUT buf to hold password. Must be at least SHA1_HASH_SIZE
518
password IN 4.1.1 version value of user.password
521
void get_salt_from_password(uint8 *hash_stage2, const char *password)
523
hex2octet(hash_stage2, password+1 /* skip '*' */, SHA1_HASH_SIZE * 2);
527
Convert scrambled password from binary form to asciiz hex string.
529
make_password_from_salt()
530
to OUT store resulting string here, 2*SHA1_HASH_SIZE+2 bytes
531
salt IN password in salt format
534
void make_password_from_salt(char *to, const uint8 *hash_stage2)
536
*to++= PVERSION41_CHAR;
537
octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);