I wrote a MySQL authentication plugin which currently requires the mysql_clear_password client-side plugin. I want to utilize encryption for better security, while still enabling the server to decrypt the password and process it as plaintext.
It looks like the only built-in plugin which supports two-way encryption (vs one-way hashing) is the sha256_password plugin. This plugin does exactly what I am looking for, so instead of reinventing the wheel, I would like to require it as the client-side plugin (using the client_auth_plugin property).
That will save me the trouble of 1) writing my own client-side plugin and 2) requiring each user to install said plugin. However, I still need to setup the key exchange and decryption on the server side. This requires access to the server's public and private keys, so I looked at the sha256_password source code for hints on obtaining the keypair. It seems to be using the Rsa_authentication_keys struct, which is not defined in a publicly accessible header file (i.e. I cannot include the header file in my plugin), as well as system variables.
Ideally, I would like to access the g_caching_sha2_rsa_keys pointer so the keys are not loaded twice into memory. However, I do not think this is possible since the header files are not visible to my plugin. I am hoping that there is a way to retrieve the key files from the system variables and load them myself, but I do not know if system variables can be accessed outside of the source file which defines them.
Is this possible?
I found that I can access those header files using the path relative to the project root directory, i.e:
#include "sql/auth/sql_authentication.h"
Rsa_authentication_keys *g_caching_sha2_rsa_keys = nullptr;
// ...