Home Explore Help
Sign In
Emmanuil
/
module_chat.js
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5985163b40
Branches Tags
module_chat.js
/
node_modules
/
mysql2
/
lib
/
auth_41.js

auth_41.js 2.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. 'use strict';
    2. 

  2. 

  3. /*
    4. 

  4. 4.1 authentication: (http://bazaar.launchpad.net/~mysql/mysql-server/5.5/view/head:/sql/password.c)
    5. 

  5. 

  6.   SERVER:  public_seed=create_random_string()
    7. 

  7.            send(public_seed)
    8. 

  8. 

  9.   CLIENT:  recv(public_seed)
    10. 

  10.            hash_stage1=sha1("password")
    11. 

  11.            hash_stage2=sha1(hash_stage1)
    12. 

  12.            reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
    13. 

  13. 

  14.            // this three steps are done in scramble()
    15. 

  15. 

  16.            send(reply)
    17. 

  17. 

  18. 

  19.   SERVER:  recv(reply)
    20. 

  20.            hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
    21. 

  21.            candidate_hash2=sha1(hash_stage1)
    22. 

  22.            check(candidate_hash2==hash_stage2)
    23. 

  23. 

  24. server stores sha1(sha1(password)) ( hash_stag2)
    25. 

  25. */
    26. 

  26. 

  27. const crypto = require('crypto');
    28. 

  28. 

  29. function sha1(msg, msg1, msg2) {
    30. 

  30.   const hash = crypto.createHash('sha1');
    31. 

  31.   hash.update(msg);
    32. 

  32.   if (msg1) {
    33. 

  33.     hash.update(msg1);
    34. 

  34.   }
    35. 

  35. 

  36.   if (msg2) {
    37. 

  37.     hash.update(msg2);
    38. 

  38.   }
    39. 

  39. 

  40.   return hash.digest();
    41. 

  41. }
    42. 

  42. 

  43. function xor(a, b) {
    44. 

  44.   if (!Buffer.isBuffer(a)) {
    45. 

  45.     a = Buffer.from(a, 'binary');
    46. 

  46.   }
    47. 

  47. 

  48.   if (!Buffer.isBuffer(b)) {
    49. 

  49.     b = Buffer.from(b, 'binary');
    50. 

  50.   }
    51. 

  51. 

  52.   const result = Buffer.allocUnsafe(a.length);
    53. 

  53. 

  54.   for (let i = 0; i < a.length; i++) {
    55. 

  55.     result[i] = a[i] ^ b[i];
    56. 

  56.   }
    57. 

  57.   return result;
    58. 

  58. }
    59. 

  59. 

  60. exports.xor = xor;
    61. 

  61. 

  62. function token(password, scramble1, scramble2) {
    63. 

  63.   // TODO: use buffers (not sure why strings here)
    64. 

  64.   if (!password) {
    65. 

  65.     return Buffer.alloc(0);
    66. 

  66.   }
    67. 

  67.   const stage1 = sha1(password);
    68. 

  68.   return exports.calculateTokenFromPasswordSha(stage1, scramble1, scramble2);
    69. 

  69. }
    70. 

  70. 

  71. exports.calculateTokenFromPasswordSha = function(
    72. 

  72.   passwordSha,
    73. 

  73.   scramble1,
    74. 

  74.   scramble2
    75. 

  75. ) {
    76. 

  76.   // we use AUTH 41 here, and we need only the bytes we just need.
    77. 

  77.   const authPluginData1 = scramble1.slice(0, 8);
    78. 

  78.   const authPluginData2 = scramble2.slice(0, 12);
    79. 

  79.   const stage2 = sha1(passwordSha);
    80. 

  80.   const stage3 = sha1(authPluginData1, authPluginData2, stage2);
    81. 

  81.   return xor(stage3, passwordSha);
    82. 

  82. };
    83. 

  83. 

  84. exports.calculateToken = token;
    85. 

  85. 

  86. exports.verifyToken = function(publicSeed1, publicSeed2, token, doubleSha) {
    87. 

  87.   const hashStage1 = xor(token, sha1(publicSeed1, publicSeed2, doubleSha));
    88. 

  88.   const candidateHash2 = sha1(hashStage1);
    89. 

  89.   return candidateHash2.compare(doubleSha) === 0;
    90. 

  90. };
    91. 

  91. 

  92. exports.doubleSha1 = function(password) {
    93. 

  93.   return sha1(sha1(password));
    94. 

  94. };
    95. 

  95. 

  96. function xorRotating(a, seed) {
    97. 

  97.   if (!Buffer.isBuffer(a)) {
    98. 

  98.     a = Buffer.from(a, 'binary');
    99. 

  99.   }
    100. 

  100. 

  101.   if (!Buffer.isBuffer(seed)) {
    102. 

  102.     seed = Buffer.from(seed, 'binary');
    103. 

  103.   }
    104. 

  104. 

  105.   const result = Buffer.allocUnsafe(a.length);
    106. 

  106.   const seedLen = seed.length;
    107. 

  107. 

  108.   for (let i = 0; i < a.length; i++) {
    109. 

  109.     result[i] = a[i] ^ seed[i % seedLen];
    110. 

  110.   }
    111. 

  111.   return result;
    112. 

  112. }
    113. 

  113. exports.xorRotating = xorRotating;
    114.