Log in directly with caching_sha2_password. Fixes #1562

If the server allows 'caching_sha2_password' in the initial handshake packet, then use that authentication method directly, saving a roundtrip.

Author: bgrainger

src/MySqlConnector/Core/ServerSession.cs

@@ -528,8 +528,11 @@ public async Task DisposeAsync(IOBehavior ioBehavior, CancellationToken cancella
 			if (m_supportsConnectionAttributes && cs.ConnectionAttributes is null)
 				cs.ConnectionAttributes = CreateConnectionAttributes(cs.ApplicationName);
 
+			// send a caching_sha2_password response if the server advertised support in the initial handshake
+			var useCachingSha2 = initialHandshake.AuthPluginName == "caching_sha2_password";
+
 			var password = GetPassword(cs, connection);
-			using (var handshakeResponsePayload = HandshakeResponse41Payload.Create(initialHandshake, cs, password, m_compressionMethod, connection.ZstandardPlugin?.CompressionLevel, m_characterSet, m_supportsConnectionAttributes ? cs.ConnectionAttributes : null))
+			using (var handshakeResponsePayload = HandshakeResponse41Payload.Create(initialHandshake, cs, password, useCachingSha2, m_compressionMethod, connection.ZstandardPlugin?.CompressionLevel, m_characterSet, m_supportsConnectionAttributes ? cs.ConnectionAttributes : null))
 				await SendReplyAsync(handshakeResponsePayload, ioBehavior, cancellationToken).ConfigureAwait(false);
 			payload = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
 
@@ -539,6 +542,26 @@ public async Task DisposeAsync(IOBehavior ioBehavior, CancellationToken cancella
 				payload = await SwitchAuthenticationAsync(cs, password, payload, ioBehavior, cancellationToken).ConfigureAwait(false);
 			}
 
+			// check if caching_sha2_password response was sent
+			if (useCachingSha2 && payload.HeaderByte == CachingSha2ServerResponsePayload.Signature)
+			{
+				// process a successful response, or fall back to sending the password if the server doesn't have it
+				var cachingSha2ServerResponsePayload = CachingSha2ServerResponsePayload.Create(payload.Span);
+				if (cachingSha2ServerResponsePayload.Succeeded)
+				{
+					payload = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
+				}
+				else if (!m_isSecureConnection && password.Length != 0)
+				{
+					var publicKey = await GetRsaPublicKeyAsync(m_currentAuthenticationMethod, cs, ioBehavior, cancellationToken).ConfigureAwait(false);
+					payload = await SendEncryptedPasswordAsync(AuthPluginData, publicKey, password, ioBehavior, cancellationToken).ConfigureAwait(false);
+				}
+				else
+				{
+					payload = await SendClearPasswordAsync(password, ioBehavior, cancellationToken).ConfigureAwait(false);
+				}
+			}
+
 			var ok = OkPayload.Create(payload.Span, this);
 
 			if (m_sslPolicyErrors != SslPolicyErrors.None)

src/MySqlConnector/Protocol/Payloads/HandshakeResponse41Payload.cs

@@ -1,5 +1,6 @@
 using MySqlConnector.Core;
 using MySqlConnector.Protocol.Serialization;
+using MySqlConnector.Utilities;
 
 namespace MySqlConnector.Protocol.Payloads;
 
@@ -55,20 +56,22 @@ private static ByteBufferWriter CreateCapabilitiesPayload(ProtocolCapabilities s
 	public static PayloadData CreateWithSsl(ProtocolCapabilities serverCapabilities, ConnectionSettings cs, CompressionMethod compressionMethod, CharacterSet characterSet) =>
 		CreateCapabilitiesPayload(serverCapabilities, cs, compressionMethod, characterSet, ProtocolCapabilities.Ssl).ToPayloadData();
 
-	public static PayloadData Create(InitialHandshakePayload handshake, ConnectionSettings cs, string password, CompressionMethod compressionMethod, int? compressionLevel, CharacterSet characterSet, byte[]? connectionAttributes)
+	public static PayloadData Create(InitialHandshakePayload handshake, ConnectionSettings cs, string password, bool useCachingSha2, CompressionMethod compressionMethod, int? compressionLevel, CharacterSet characterSet, byte[]? connectionAttributes)
 	{
 		// TODO: verify server capabilities
 		var writer = CreateCapabilitiesPayload(handshake.ProtocolCapabilities, cs, compressionMethod, characterSet);
 		writer.WriteNullTerminatedString(cs.UserID);
-		var authenticationResponse = AuthenticationUtility.CreateAuthenticationResponse(handshake.AuthPluginData, password);
+
+		var authenticationResponse = useCachingSha2 ? AuthenticationUtility.CreateScrambleResponse(Utility.TrimZeroByte(handshake.AuthPluginData.AsSpan()), password) :
+			AuthenticationUtility.CreateAuthenticationResponse(handshake.AuthPluginData, password);
 		writer.Write((byte) authenticationResponse.Length);
 		writer.Write(authenticationResponse);
 
 		if (!string.IsNullOrWhiteSpace(cs.Database))
 			writer.WriteNullTerminatedString(cs.Database);
 
 		if ((handshake.ProtocolCapabilities & ProtocolCapabilities.PluginAuth) != 0)
-			writer.Write("mysql_native_password\0"u8);
+			writer.Write(useCachingSha2 ? "caching_sha2_password\0"u8 : "mysql_native_password\0"u8);
 
 		if (connectionAttributes is not null)
 			writer.Write(connectionAttributes);