| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- package binlog
- import (
- "crypto/sha1"
- "crypto/sha256"
- )
- func (c *Conn) authenticate(hr *HandshakeResponse) {
- switch c.Handshake.AuthPluginName {
- case "mysql_native_password":
- c.doSha1Auth(hr)
- case "caching_sha2_password":
- c.doSha2Auth(hr)
- }
- }
- func (c *Conn) doSha1Auth(hr *HandshakeResponse) {
- }
- func (c *Conn) doSha2Auth(hr *HandshakeResponse) {
- salt := append(c.Handshake.AuthPluginDataPart1.Bytes(), c.Handshake.AuthPluginDataPart2.Bytes()...)
- ar := c.cachingSha2Auth(salt, []byte(hr.AuthResponse))
- hr.AuthResponseLength = uint64(len(ar))
- if hr.ClientFlag.PluginAuthLenEncClientData {
- c.putInt(TypeLenEncInt, hr.AuthResponseLength, 0)
- c.putBytes(ar)
- } else if hr.ClientFlag.SecureConnection {
- c.putInt(TypeFixedInt, hr.AuthResponseLength, 1)
- c.putBytes(ar)
- } else {
- c.putString(TypeNullTerminatedString, string(ar))
- }
- }
- func (c *Conn) nativeSha1Auth() {
- // SHA1(password) XOR SHA1("20-bytes random data from server" <concat> SHA1(SHA1(password)))
- }
- func (c *Conn) cachingSha2Auth(salt []byte, password []byte) []byte {
- if len(password) < 1 {
- return nil
- }
- pHash := c.sha256Hash(password)
- pHashHash := c.sha256Hash(pHash)
- pHashHashHash := c.sha256Hash(pHashHash)
- authData := c.sha256Hash(append(pHashHashHash, salt...))
- for i := range pHash {
- pHash[i] ^= authData[i]
- }
- return pHash
- }
- func (c *Conn) sha1Hash(word []byte) []byte {
- s := sha1.New()
- s.Write(word)
- return s.Sum(nil)
- }
- func (c *Conn) sha256Hash(word []byte) []byte {
- s := sha256.New()
- s.Write(word)
- return s.Sum(nil)
- }
|
