MDEV-12160 Modern alternative to the SHA1 authentication plugin

ED25519 authentication plugin

2 files changed, 94 insertions, 0 deletions

diff --git a/mysql-test/suite/plugins/r/auth_ed25519.result b/mysql-test/suite/plugins/r/auth_ed25519.result
new file mode 100644
index 00000000000..51363fea60b
--- /dev/null
+++ b/mysql-test/suite/plugins/r/auth_ed25519.result
@@ -0,0 +1,50 @@
+create function ed25519_password returns string soname "auth_ed25519.so";
+select ed25519_password();
+ERROR HY000: Can't initialize function 'ed25519_password'; Wrong arguments to ed25519_password()
+select ed25519_password(1);
+ERROR HY000: Can't initialize function 'ed25519_password'; Wrong arguments to ed25519_password()
+select ed25519_password("foo", "bar");
+ERROR HY000: Can't initialize function 'ed25519_password'; Wrong arguments to ed25519_password()
+select ed25519_password("foo");
+ERROR HY000: Can't initialize function 'ed25519_password'; Authentication plugin ed25519 is not loaded
+install soname 'auth_ed25519';
+select ed25519_password("foo");
+ed25519_password("foo")
+NNJledu0Vmk+VAZyz5IvUt3g1lMuNb8GvgE6fFMvIOA
+select ed25519_password("foobar");
+ed25519_password("foobar")
+LgZlMsxPDw66qLCfGWRu4IVKqzyAqlA1aXSZbax5maE
+select ed25519_password("foo bar");
+ed25519_password("foo bar")
+6EFKeQLw+p5Ovk8tD+tAi3Agyg7ItukdswOBpTB6f40
+select ed25519_password(NULL);
+ed25519_password(NULL)
+NULL
+select * from information_schema.plugins where plugin_name='ed25519';
+PLUGIN_NAME	ed25519
+PLUGIN_VERSION	1.0
+PLUGIN_STATUS	ACTIVE
+PLUGIN_TYPE	AUTHENTICATION
+PLUGIN_TYPE_VERSION	2.1
+PLUGIN_LIBRARY	auth_ed25519.so
+PLUGIN_LIBRARY_VERSION	1.12
+PLUGIN_AUTHOR	Sergei Golubchik
+PLUGIN_DESCRIPTION	Elliptic curve ED25519 based authentication
+PLUGIN_LICENSE	GPL
+LOAD_OPTION	ON
+PLUGIN_MATURITY	Beta
+PLUGIN_AUTH_VERSION	1.0-alpha
+create user test1@localhost identified via ed25519 using 'XQNqhYzon4REkXYuuJ4r+9UKSgoNpljksmKLJbEXrgk';
+show grants for test1@localhost;
+Grants for test1@localhost
+GRANT USAGE ON *.* TO 'test1'@'localhost' IDENTIFIED VIA ed25519 USING 'XQNqhYzon4REkXYuuJ4r+9UKSgoNpljksmKLJbEXrgk'
+connect(localhost,test1,public,test,PORT,SOCKET);
+ERROR 28000: Access denied for user 'test1'@'localhost' (using password: YES)
+select current_user();
+current_user()
+test1@localhost
+drop user test1@localhost;
+uninstall plugin ed25519;
+select ed25519_password("foo");
+ERROR HY000: Can't initialize function 'ed25519_password'; Authentication plugin ed25519 is not loaded
+drop function ed25519_password;
diff --git a/mysql-test/suite/plugins/t/auth_ed25519.test b/mysql-test/suite/plugins/t/auth_ed25519.test
new file mode 100644
index 00000000000..3e02bdf97d2
--- /dev/null
+++ b/mysql-test/suite/plugins/t/auth_ed25519.test
@@ -0,0 +1,44 @@
+#
+# MDEV-12160 Modern alternative to the SHA1 authentication plugin
+#
+source include/not_embedded.inc;
+if (!$AUTH_ED25519_SO) {
+  skip No auth_ed25519 plugin;
+}
+
+replace_result dll so;
+eval create function ed25519_password returns string soname "$AUTH_ED25519_SO";
+error ER_CANT_INITIALIZE_UDF;
+select ed25519_password();
+error ER_CANT_INITIALIZE_UDF;
+select ed25519_password(1);
+error ER_CANT_INITIALIZE_UDF;
+select ed25519_password("foo", "bar");
+error ER_CANT_INITIALIZE_UDF;
+select ed25519_password("foo");
+
+install soname 'auth_ed25519';
+select ed25519_password("foo");
+select ed25519_password("foobar");
+select ed25519_password("foo bar");
+select ed25519_password(NULL);
+
+replace_result dll so;
+query_vertical select * from information_schema.plugins where plugin_name='ed25519';
+let $pwd=`select ed25519_password("secret")`;
+eval create user test1@localhost identified via ed25519 using '$pwd';
+show grants for test1@localhost;
+
+replace_result $MASTER_MYPORT PORT $MASTER_MYSOCK SOCKET;
+error ER_ACCESS_DENIED_ERROR;
+connect con1, localhost, test1, public;
+connect con1, localhost, test1, secret;
+select current_user();
+disconnect con1;
+connection default;
+
+drop user test1@localhost;
+uninstall plugin ed25519;
+error ER_CANT_INITIALIZE_UDF;
+select ed25519_password("foo");
+drop function ed25519_password;