Home Explore Help
Register Sign In
904118851
/
game_zhineng_baoliang
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 12e91d2939
Branches Tags
game_zhineng_ba...
/
node_modules
/
mysql2
/
lib
/
auth_41.js

auth_41.js 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. 'use strict';
    2. 

  2. 

  3. /*
    4. 

  4. 4.1 authentication: (http://bazaar.launchpad.net/~mysql/mysql-server/5.5/view/head:/sql/password.c)
    5. 

  5. 

  6.   SERVER:  public_seed=create_random_string()
    7. 

  7.            send(public_seed)
    8. 

  8. 

  9.   CLIENT:  recv(public_seed)
    10. 

  10.            hash_stage1=sha1("password")
    11. 

  11.            hash_stage2=sha1(hash_stage1)
    12. 

  12.            reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
    13. 

  13. 

  14.            // this three steps are done in scramble()
    15. 

  15. 

  16.            send(reply)
    17. 

  17. 

  18. 

  19.   SERVER:  recv(reply)
    20. 

  20.            hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
    21. 

  21.            candidate_hash2=sha1(hash_stage1)
    22. 

  22.            check(candidate_hash2==hash_stage2)
    23. 

  23. 

  24. server stores sha1(sha1(password)) ( hash_stag2)
    25. 

  25. */
    26. 

  26. 

  27. const crypto = require('crypto');
    28. 

  28. 

  29. function sha1(msg, msg1, msg2) {
    30. 

  30.   const hash = crypto.createHash('sha1');
    31. 

  31.   hash.update(msg);
    32. 

  32.   if (msg1) {
    33. 

  33.     hash.update(msg1);
    34. 

  34.   }
    35. 

  35. 

  36.   if (msg2) {
    37. 

  37.     hash.update(msg2);
    38. 

  38.   }
    39. 

  39. 

  40.   return hash.digest();
    41. 

  41. }
    42. 

  42. 

  43. function xor(a, b) {
    44. 

  44.   const result = Buffer.allocUnsafe(a.length);
    45. 

  45.   for (let i = 0; i < a.length; i++) {
    46. 

  46.     result[i] = a[i] ^ b[i];
    47. 

  47.   }
    48. 

  48.   return result;
    49. 

  49. }
    50. 

  50. 

  51. exports.xor = xor;
    52. 

  52. 

  53. function token(password, scramble1, scramble2) {
    54. 

  54.   if (!password) {
    55. 

  55.     return Buffer.alloc(0);
    56. 

  56.   }
    57. 

  57.   const stage1 = sha1(password);
    58. 

  58.   return exports.calculateTokenFromPasswordSha(stage1, scramble1, scramble2);
    59. 

  59. }
    60. 

  60. 

  61. exports.calculateTokenFromPasswordSha = function(
    62. 

  62.   passwordSha,
    63. 

  63.   scramble1,
    64. 

  64.   scramble2
    65. 

  65. ) {
    66. 

  66.   // we use AUTH 41 here, and we need only the bytes we just need.
    67. 

  67.   const authPluginData1 = scramble1.slice(0, 8);
    68. 

  68.   const authPluginData2 = scramble2.slice(0, 12);
    69. 

  69.   const stage2 = sha1(passwordSha);
    70. 

  70.   const stage3 = sha1(authPluginData1, authPluginData2, stage2);
    71. 

  71.   return xor(stage3, passwordSha);
    72. 

  72. };
    73. 

  73. 

  74. exports.calculateToken = token;
    75. 

  75. 

  76. exports.verifyToken = function(publicSeed1, publicSeed2, token, doubleSha) {
    77. 

  77.   const hashStage1 = xor(token, sha1(publicSeed1, publicSeed2, doubleSha));
    78. 

  78.   const candidateHash2 = sha1(hashStage1);
    79. 

  79.   return candidateHash2.compare(doubleSha) === 0;
    80. 

  80. };
    81. 

  81. 

  82. exports.doubleSha1 = function(password) {
    83. 

  83.   return sha1(sha1(password));
    84. 

  84. };
    85. 

  85. 

  86. function xorRotating(a, seed) {
    87. 

  87.   const result = Buffer.allocUnsafe(a.length);
    88. 

  88.   const seedLen = seed.length;
    89. 

  89. 

  90.   for (let i = 0; i < a.length; i++) {
    91. 

  91.     result[i] = a[i] ^ seed[i % seedLen];
    92. 

  92.   }
    93. 

  93.   return result;
    94. 

  94. }
    95. 

  95. exports.xorRotating = xorRotating;
    96.