Home Explore Help
Sign In
Lawsun
/
ysjj-system
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: fd8b323dce
Branches Tags
ysjj-system
/
node_modules
/
mysql2
/
lib
/
auth_plugins
/
caching_sha2_password.js

caching_sha2_password.js 3.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 
  1. 'use strict';
    2. 

  2. 

  3. // https://mysqlserverteam.com/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password/
    4. 

  4. 

  5. const PLUGIN_NAME = 'caching_sha2_password';
    6. 

  6. const crypto = require('crypto');
    7. 

  7. const { xor, xorRotating } = require('../auth_41');
    8. 

  8. 

  9. const REQUEST_SERVER_KEY_PACKET = Buffer.from([2]);
    10. 

  10. const FAST_AUTH_SUCCESS_PACKET = Buffer.from([3]);
    11. 

  11. const PERFORM_FULL_AUTHENTICATION_PACKET = Buffer.from([4]);
    12. 

  12. 

  13. const STATE_INITIAL = 0;
    14. 

  14. const STATE_TOKEN_SENT = 1;
    15. 

  15. const STATE_WAIT_SERVER_KEY = 2;
    16. 

  16. const STATE_FINAL = -1;
    17. 

  17. 

  18. function sha256(msg) {
    19. 

  19.   const hash = crypto.createHash('sha256');
    20. 

  20.   hash.update(msg, 'binary');
    21. 

  21.   return hash.digest('binary');
    22. 

  22. }
    23. 

  23. 

  24. function calculateToken(password, scramble) {
    25. 

  25.   if (!password) {
    26. 

  26.     return Buffer.alloc(0);
    27. 

  27.   }
    28. 

  28.   const stage1 = sha256(Buffer.from(password, 'utf8').toString('binary'));
    29. 

  29.   const stage2 = sha256(stage1);
    30. 

  30.   const stage3 = sha256(stage2 + scramble.toString('binary'));
    31. 

  31.   return xor(stage1, stage3);
    32. 

  32. }
    33. 

  33. 

  34. function encrypt(password, scramble, key) {
    35. 

  35.   const stage1 = xorRotating(
    36. 

  36.     Buffer.from(`${password}\0`, 'utf8').toString('binary'),
    37. 

  37.     scramble.toString('binary')
    38. 

  38.   );
    39. 

  39.   return crypto.publicEncrypt(key, stage1);
    40. 

  40. }
    41. 

  41. 

  42. module.exports = (pluginOptions = {}) => ({ connection }) => {
    43. 

  43.   let state = 0;
    44. 

  44.   let scramble = null;
    45. 

  45. 

  46.   const password = connection.config.password;
    47. 

  47. 

  48.   const authWithKey = serverKey => {
    49. 

  49.     const _password = encrypt(password, scramble, serverKey);
    50. 

  50.     state = STATE_FINAL;
    51. 

  51.     return _password;
    52. 

  52.   };
    53. 

  53. 

  54.   return data => {
    55. 

  55.     switch (state) {
    56. 

  56.       case STATE_INITIAL:
    57. 

  57.         scramble = data.slice(0, 20);
    58. 

  58.         state = STATE_TOKEN_SENT;
    59. 

  59.         return calculateToken(password, scramble);
    60. 

  60. 

  61.       case STATE_TOKEN_SENT:
    62. 

  62.         if (FAST_AUTH_SUCCESS_PACKET.equals(data)) {
    63. 

  63.           state = STATE_FINAL;
    64. 

  64.           return null;
    65. 

  65.         }
    66. 

  66. 

  67.         if (PERFORM_FULL_AUTHENTICATION_PACKET.equals(data)) {
    68. 

  68.           const isSecureConnection =
    69. 

  69.             typeof pluginOptions.overrideIsSecure === 'undefined'
    70. 

  70.               ? connection.config.ssl || connection.config.socketPath
    71. 

  71.               : pluginOptions.overrideIsSecure;
    72. 

  72.           if (isSecureConnection) {
    73. 

  73.             state = STATE_FINAL;
    74. 

  74.             return Buffer.from(`${password}\0`, 'utf8');
    75. 

  75.           }
    76. 

  76. 

  77.           // if client provides key we can save one extra roundrip on first connection
    78. 

  78.           if (pluginOptions.serverPublicKey) {
    79. 

  79.             return authWithKey(pluginOptions.serverPublicKey);
    80. 

  80.           }
    81. 

  81. 

  82.           state = STATE_WAIT_SERVER_KEY;
    83. 

  83.           return REQUEST_SERVER_KEY_PACKET;
    84. 

  84.         }
    85. 

  85.         throw new Error(
    86. 

  86.           `Invalid AuthMoreData packet received by ${PLUGIN_NAME} plugin in STATE_TOKEN_SENT state.`
    87. 

  87.         );
    88. 

  88.       case STATE_WAIT_SERVER_KEY:
    89. 

  89.         if (pluginOptions.onServerPublicKey) {
    90. 

  90.           pluginOptions.onServerPublicKey(data);
    91. 

  91.         }
    92. 

  92.         return authWithKey(data);
    93. 

  93.       case STATE_FINAL:
    94. 

  94.         throw new Error(
    95. 

  95.           `Unexpected data in AuthMoreData packet received by ${PLUGIN_NAME} plugin in STATE_FINAL state.`
    96. 

  96.         );
    97. 

  97.     }
    98. 

  98. 

  99.     throw new Error(
    100. 

  100.       `Unexpected data in AuthMoreData packet received by ${PLUGIN_NAME} plugin in state ${state}`
    101. 

  101.     );
    102. 

  102.   };
    103. 

  103. };
    104.