Use RSA public key encryption for non-SSL connections.

Author: bgrainger

.travis.yml

@@ -8,10 +8,10 @@ env:
     FEATURES=Json,StoredProcedures,Sha256Password
   - IMAGE=percona:5.7
     NAME=percona
-    FEATURES=Json,StoredProcedures,Sha256Password
+    FEATURES=Json,StoredProcedures,Sha256Password,OpenSsl
   - IMAGE=mariadb:10.3
     NAME=mariadb
-    FEATURES=StoredProcedures
+    FEATURES=StoredProcedures,OpenSsl
 
 before_install:
 - .ci/docker-run.sh $IMAGE $NAME 3307 $FEATURES

src/MySqlConnector/MySqlConnector.csproj

@@ -7,7 +7,7 @@
     <AssemblyTitle>Async MySQL Connector</AssemblyTitle>
     <VersionPrefix>0.21.0</VersionPrefix>
     <Authors>Bradley Grainger;Caleb Lloyd</Authors>
-    <TargetFrameworks>net451;netstandard1.3</TargetFrameworks>
+    <TargetFrameworks>net451;net46;netstandard1.3</TargetFrameworks>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
     <AssemblyName>MySqlConnector</AssemblyName>
     <PackageId>MySqlConnector</PackageId>
@@ -28,11 +28,20 @@
     <Reference Include="System.Transactions" />
   </ItemGroup>
 
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net46' ">
+    <PackageReference Include="System.Buffers" Version="4.0.0" />
+    <PackageReference Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.0.0" />
+    <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.0.0" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Transactions" />
+  </ItemGroup>
+
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
     <PackageReference Include="System.Buffers" Version="4.3.0" />
     <PackageReference Include="System.Data.Common" Version="4.3.0" />
     <PackageReference Include="System.Net.NameResolution" Version="4.3.0" />
     <PackageReference Include="System.Net.Security" Version="4.3.0" />
+    <PackageReference Include="System.Security.Cryptography.Algorithms" Version="4.3.0" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.3.0" />
   </ItemGroup>
 

src/MySqlConnector/Serialization/AuthenticationMoreDataPayload.cs

@@ -0,0 +1,18 @@
+namespace MySql.Data.Serialization
+{
+	internal class AuthenticationMoreDataPayload
+	{
+		public byte[] Data { get; }
+
+		public const byte Signature = 0x01;
+
+		public static AuthenticationMoreDataPayload Create(PayloadData payload)
+		{
+			var reader = new ByteArrayReader(payload.ArraySegment);
+			reader.ReadByte(Signature);
+			return new AuthenticationMoreDataPayload(reader.ReadByteString(reader.BytesRemaining));
+		}
+
+		private AuthenticationMoreDataPayload(byte[] data) => Data = data;
+	}
+}

src/MySqlConnector/Serialization/MySqlSession.cs

@@ -302,14 +302,52 @@ private async Task SwitchAuthenticationAsync(PayloadData payload, string passwor
 				break;
 
 			case "sha256_password":
-				if (!m_isSecureConnection)
-					throw new NotImplementedException("Authentication method '{0}' requires a secure connection.".FormatInvariant(switchRequest.Name));
-
-				// send plaintext password with a NUL terminator
+				// add NUL terminator to password
 				var passwordBytes = Encoding.UTF8.GetBytes(password);
 				Array.Resize(ref passwordBytes, passwordBytes.Length + 1);
-				payload = new PayloadData(new ArraySegment<byte>(passwordBytes));
-				await SendReplyAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
+
+				if (!m_isSecureConnection && passwordBytes.Length > 1)
+				{
+#if NET451
+					throw new MySqlException("Authentication method '{0}' requires a secure connection (prior to .NET 4.6).".FormatInvariant(switchRequest.Name));
+#else
+					// request the RSA public key
+					await SendReplyAsync(new PayloadData(new ArraySegment<byte>(new byte[] { 0x01 }, 0, 1)), ioBehavior, cancellationToken).ConfigureAwait(false);
+					payload = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
+					var publicKeyPayload = AuthenticationMoreDataPayload.Create(payload);
+					var publicKey = Encoding.ASCII.GetString(publicKeyPayload.Data);
+
+					// load the RSA public key
+					RSA rsa;
+					try
+					{
+						rsa = Utility.DecodeX509PublicKey(publicKey);
+					}
+					catch (Exception ex)
+					{
+						throw new MySqlException("Couldn't load server's RSA public key; try using a secure connection instead.", ex);
+					}
+
+					using (rsa)
+					{
+						// XOR the password bytes with the challenge
+						AuthPluginData = Utility.TrimZeroByte(switchRequest.Data);
+						for (int i = 0; i < passwordBytes.Length; i++)
+							passwordBytes[i] ^= AuthPluginData[i % AuthPluginData.Length];
+
+						// encrypt with RSA public key
+						var encryptedPassword = rsa.Encrypt(passwordBytes, RSAEncryptionPadding.OaepSHA1);
+						payload = new PayloadData(new ArraySegment<byte>(encryptedPassword));
+						await SendReplyAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
+					}
+#endif
+				}
+				else
+				{
+					// send plaintext password
+					payload = new PayloadData(new ArraySegment<byte>(passwordBytes));
+					await SendReplyAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
+				}
 				break;
 
 			default:

src/MySqlConnector/Utility.cs

@@ -1,7 +1,9 @@
 using System;
 using System.Globalization;
 using System.IO;
+using System.Linq;
 using System.Runtime.InteropServices;
+using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 
@@ -25,6 +27,109 @@ public static string FormatInvariant(this string format, params object[] args) =
 		public static string GetString(this Encoding encoding, ArraySegment<byte> arraySegment) =>
 			encoding.GetString(arraySegment.Array, arraySegment.Offset, arraySegment.Count);
 
+		/// <summary>
+		/// Loads a RSA public key from a PEM string. Taken from <a href="https://stackoverflow.com/a/32243171/23633">Stack Overflow</a>.
+		/// </summary>
+		/// <param name="publicKey">The public key, in PEM format.</param>
+		/// <returns>An RSA public key, or <c>null</c> on failure.</returns>
+		public static RSA DecodeX509PublicKey(string publicKey)
+		{
+			var x509Key = Convert.FromBase64String(publicKey.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", ""));
+
+			// encoded OID sequence for  PKCS #1 rsaEncryption szOID_RSA_RSA = "1.2.840.113549.1.1.1"
+			byte[] seqOid = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 };
+
+			// ---------  Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob  ------
+			using (var stream = new MemoryStream(x509Key))
+			using (var reader = new BinaryReader(stream)) //wrap Memory Stream with BinaryReader for easy reading
+			{
+				var temp = reader.ReadUInt16();
+				switch (temp)
+				{
+				case 0x8130:
+					reader.ReadByte(); //advance 1 byte
+					break;
+				case 0x8230:
+					reader.ReadInt16(); //advance 2 bytes
+					break;
+				default:
+					throw new FormatException("Expected 0x8130 or 0x8230 but read {0:X4}".FormatInvariant(temp));
+				}
+
+				var seq = reader.ReadBytes(15);
+				if (!seq.SequenceEqual(seqOid)) //make sure Sequence for OID is correct
+					throw new FormatException("Expected RSA OID but read {0}".FormatInvariant(BitConverter.ToString(seq)));
+
+				temp = reader.ReadUInt16();
+				if (temp == 0x8103) //data read as little endian order (actual data order for Bit String is 03 81)
+					reader.ReadByte(); //advance 1 byte
+				else if (temp == 0x8203)
+					reader.ReadInt16(); //advance 2 bytes
+				else
+					throw new FormatException("Expected 0x8130 or 0x8230 but read {0:X4}".FormatInvariant(temp));
+
+				var bt = reader.ReadByte();
+				if (bt != 0x00) //expect null byte next
+					throw new FormatException("Expected 0x00 but read {0:X2}".FormatInvariant(bt));
+
+				temp = reader.ReadUInt16();
+				if (temp == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
+					reader.ReadByte(); //advance 1 byte
+				else if (temp == 0x8230)
+					reader.ReadInt16(); //advance 2 bytes
+				else
+					throw new FormatException("Expected 0x8130 or 0x8230 but read {0:X4}".FormatInvariant(temp));
+
+				temp = reader.ReadUInt16();
+				byte lowbyte;
+				byte highbyte = 0x00;
+
+				if (temp == 0x8102)
+				{
+					//data read as little endian order (actual data order for Integer is 02 81)
+					lowbyte = reader.ReadByte(); // read next bytes which is bytes in modulus
+				}
+				else if (temp == 0x8202)
+				{
+					highbyte = reader.ReadByte(); //advance 2 bytes
+					lowbyte = reader.ReadByte();
+				}
+				else
+				{
+					throw new FormatException("Expected 0x8102 or 0x8202 but read {0:X4}".FormatInvariant(temp));
+				}
+
+				var modulusSize = highbyte * 256 + lowbyte;
+
+				var firstbyte = reader.ReadByte();
+				reader.BaseStream.Seek(-1, SeekOrigin.Current);
+
+				if (firstbyte == 0x00)
+				{
+					//if first byte (highest order) of modulus is zero, don't include it
+					reader.ReadByte(); //skip this null byte
+					modulusSize -= 1; //reduce modulus buffer size by 1
+				}
+
+				var modulus = reader.ReadBytes(modulusSize); //read the modulus bytes
+
+				if (reader.ReadByte() != 0x02) //expect an Integer for the exponent data
+					throw new FormatException("Expected 0x02");
+				int exponentSize = reader.ReadByte(); // should only need one byte for actual exponent data (for all useful values)
+				var exponent = reader.ReadBytes(exponentSize);
+
+				// ------- create RSACryptoServiceProvider instance and initialize with public key -----
+				var rsa = RSA.Create();
+				var rsaKeyInfo = new RSAParameters
+				{
+					Modulus = modulus,
+					Exponent = exponent
+				};
+				rsa.ImportParameters(rsaKeyInfo);
+				return rsa;
+			}
+		}
+
 		/// <summary>
 		/// Returns a new <see cref="ArraySegment{T}"/> that starts at index <paramref name="index"/> into <paramref name="arraySegment"/>.
 		/// </summary>
@@ -55,6 +160,13 @@ public static Task<T> TaskFromException<T>(Exception exception)
 		public static Task<T> TaskFromException<T>(Exception exception) => Task.FromException<T>(exception);
 #endif
 
+		public static byte[] TrimZeroByte(byte[] value)
+		{
+			if (value[value.Length - 1] == 0)
+				Array.Resize(ref value, value.Length - 1);
+			return value;
+		}
+
 #if !NETSTANDARD1_3
 		public static bool TryGetBuffer(this MemoryStream memoryStream, out ArraySegment<byte> buffer)
 		{

tests/SideBySide/ConnectAsync.cs

@@ -233,7 +233,16 @@ public async Task Sha256WithoutSecureConnection()
 			var csb = AppConfig.CreateSha256ConnectionStringBuilder();
 			csb.SslMode = MySqlSslMode.None;
 			using (var connection = new MySqlConnection(csb.ConnectionString))
+			{
+#if BASELINE || NET451
 				await Assert.ThrowsAsync<NotImplementedException>(() => connection.OpenAsync());
+#else
+				if (AppConfig.SupportedFeatures.HasFlag(ServerFeatures.OpenSsl))
+					await connection.OpenAsync();
+				else
+					await Assert.ThrowsAsync<MySqlException>(() => connection.OpenAsync());
+#endif
+			}
 		}
 
 		readonly DatabaseFixture m_database;

tests/SideBySide/ConnectSync.cs

@@ -340,7 +340,16 @@ public void Sha256WithoutSecureConnection()
 			var csb = AppConfig.CreateSha256ConnectionStringBuilder();
 			csb.SslMode = MySqlSslMode.None;
 			using (var connection = new MySqlConnection(csb.ConnectionString))
+			{
+#if BASELINE || NET451
 				Assert.Throws<NotImplementedException>(() => connection.Open());
+#else
+				if (AppConfig.SupportedFeatures.HasFlag(ServerFeatures.OpenSsl))
+					connection.Open();
+				else
+					Assert.Throws<MySqlException>(() => connection.Open());
+#endif
+			}
 		}
 
 		readonly DatabaseFixture m_database;

tests/SideBySide/ServerFeatures.cs

@@ -9,5 +9,6 @@ public enum ServerFeatures
 		Json = 1,
 		StoredProcedures = 2,
 		Sha256Password = 4,
+		OpenSsl = 8,
 	}
 }