Support MariaDB's ed25519 authentication plugin

[GeoffMonteeMariaDB]

MariaDB 10.1 and later supports the ed25519 authentication plugin.

https://mariadb.com/kb/en/library/authentication-plugin-ed25519/

It looks like MySqlConnector doesn't support this yet.

https://mariadb.com/kb/en/library/authentication-plugin-ed25519/#using-the-plugin-with-mysqlconnector-for-net

https://github.com/mysql-net/MySqlConnector/blob/0.54.0/src/MySqlConnector/Core/ServerSession.cs#L463

[bgrainger]

One potential problem is that I don't know of any built-in Ed25519 functionality in .NET Core/Standard. So this would likely have to either add a dependency on a third-party library or integrate appropriately-licensed code.

Neither of those is really appealing for an optional (and uncommon?) authentication method, so it might be time to develop a simple extensibility model, and put the code for this feature in a separate NuGet package.

Finally, I'm not familiar with Ed25519 so it's still not clear to me how the authentication algorithm works. The best description I've found so far is at https://mariadb.org/history-of-mysql-mariadb-authentication-protocols/ but it still contains this sentence without further details:

The user’s password is the secret key. We calculate SHA512(password) and applying some math magic convert it into a public key.

Presumably some KDF is used on the password (which one?) and what is the "math magic"?

[bgrainger]

Still haven't found any official documentation on the auth plugin, but this appears to be the code that signs a nonce using the user's password as a key: https://github.com/MariaDB/server/blob/592fe954ef82be1bc08b29a8e54f7729eb1e1343/plugin/auth_ed25519/ref10/sign.c#L7

[bgrainger]

Even worse, according to the discussion on https://jira.mariadb.org/browse/MDEV-19217, MariaDB's auth plugin may be using Ed25519 in a non-standard way that can make it difficult to use third-party library code to implement the authentication (depending on the API the library exposes):

My current thinking (over the last couple of weeks) is that it was a mistake to "optimize" the plugin in a way that made it incompatible with the standard ed25519 implementations.

[bgrainger]

I ported the Java and C implementations to C#, using a public domain .NET Ed25519 library.

WIP here: https://github.com/bgrainger/MySqlConnector/tree/ed25519

[bgrainger]

Implemented in fe578cf; included in 0.56.0.

[GeoffMonteeMariaDB]

Wow, you added support for that quickly. Thanks, @bgrainger!

[bgrainger]

No problem! It was a "fun" reverse engineering challenge. 😀

Thanks for updating the KB! https://mariadb.com/kb/en/library/authentication-plugin-ed25519/