Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Won't Fix
-
10.2.23, 10.3.14
Description
We are attempting to implement ed25519 authentication for the PyMySQL Python client library, which implements the MySQL protocol using pure Python, no mysql/mariadb client linkage.
However, per the README, MariaDB has made their own implementation of ed25519 that uses the "password" as the secret key, accepting a password string of arbitrary length.
However, the most widely available ed25519 libraries pynacl (against libsodium) and python-ed25519 (against SUPERCOP) both accept secret keys that are exactly 32 or 64 bytes long. If the key is not either of those lengths, the algorithm does not work.
For example, I made a quick auth plugin in PyMySQL using python-ed25519 like this:
def ed25519_password(password, scramble): |
|
import ed25519 |
|
signing_key = ed25519.SigningKey(password) |
sig = signing_key.sign(scramble) |
return sig |
|
the above works if the password is exactly 32 characters long. Otherwise, it fails. I also tried removing python-ed25519's check for 32-byte secret key so that it produces an answer, but the signature it provides fails against MariaDB server.
There is no publicly available implementation of MariaDB's fork of this encryption code, it is of course open source within MariaDB but is not exported as an available library function.
I am of course not a cryptology person and I am sure there are lots of interesting mathematical details as to why MariaDB's algo doesn't need a 32 byte key and why these other ones do, etc., however, the point of encryption libraries is that the end users should never be trying to hand roll this stuff themselves in any case, since any kind of "tweaks" to an algorithm by nature render it insecure until it is again validated by an open community of crypto experts. We non-crypto's need to have access to high level functions that will do the signatures / signing / etc correctly.
The community could use a little more guidance in what we are supposed to do here. thanks!
I've done more testing, and starting version 1.0.17,libsodium provides a new low-level crypto API that exposes the functions which are called by crypto_sign_keypair (scalar multiplication on the Ed25519 curve and modular arithmetic).
That means that we can now implement our own Ed25519 signature with arbitrary length passwords like what MariaDB auth_ed25519 does. I published a gist [1] to show what my libsodium-based implementation looks like.
I think we can close this issue now that we have a clean path forward with libsodium 1.0.17.
[1] https://gist.github.com/dciabrin/1295fa9900147ae1de0df9d9e106a278