탐색 도움말
가입하기 로그인
fatwolf
/
ERP
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 543fb683b5
브랜치 태그
ERP
/
test_two_list
/
Auth.js

Auth.js 4.2 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168 
  1. var Buffer = require('safe-buffer').Buffer;
    2. 

  2. var Crypto = require('crypto');
    3. 

  3. var Auth   = exports;
    4. 

  4. 

  5. function auth(name, data, options) {
    6. 

  6.   options = options || {};
    7. 

  7. 

  8.   switch (name) {
    9. 

  9.     case 'mysql_native_password':
    10. 

  10.       return Auth.token(options.password, data.slice(0, 20));
    11. 

  11.     default:
    12. 

  12.       return undefined;
    13. 

  13.   }
    14. 

  14. }
    15. 

  15. Auth.auth = auth;
    16. 

  16. 

  17. function sha1(msg) {
    18. 

  18.   var hash = Crypto.createHash('sha1');
    19. 

  19.   hash.update(msg, 'binary');
    20. 

  20.   return hash.digest('binary');
    21. 

  21. }
    22. 

  22. Auth.sha1 = sha1;
    23. 

  23. 

  24. function xor(a, b) {
    25. 

  25.   a = Buffer.from(a, 'binary');
    26. 

  26.   b = Buffer.from(b, 'binary');
    27. 

  27.   var result = Buffer.allocUnsafe(a.length);
    28. 

  28.   for (var i = 0; i < a.length; i++) {
    29. 

  29.     result[i] = (a[i] ^ b[i]);
    30. 

  30.   }
    31. 

  31.   return result;
    32. 

  32. }
    33. 

  33. Auth.xor = xor;
    34. 

  34. 

  35. Auth.token = function(password, scramble) {
    36. 

  36.   if (!password) {
    37. 

  37.     return Buffer.alloc(0);
    38. 

  38.   }
    39. 

  39. 

  40.   // password must be in binary format, not utf8
    41. 

  41.   var stage1 = sha1((Buffer.from(password, 'utf8')).toString('binary'));
    42. 

  42.   var stage2 = sha1(stage1);
    43. 

  43.   var stage3 = sha1(scramble.toString('binary') + stage2);
    44. 

  44.   return xor(stage3, stage1);
    45. 

  45. };
    46. 

  46. 

  47. // This is a port of sql/password.c:hash_password which needs to be used for
    48. 

  48. // pre-4.1 passwords.
    49. 

  49. Auth.hashPassword = function(password) {
    50. 

  50.   var nr     = [0x5030, 0x5735];
    51. 

  51.   var add    = 7;
    52. 

  52.   var nr2    = [0x1234, 0x5671];
    53. 

  53.   var result = Buffer.alloc(8);
    54. 

  54. 

  55.   if (typeof password === 'string'){
    56. 

  56.     password = Buffer.from(password);
    57. 

  57.   }
    58. 

  58. 

  59.   for (var i = 0; i < password.length; i++) {
    60. 

  60.     var c = password[i];
    61. 

  61.     if (c === 32 || c === 9) {
    62. 

  62.       // skip space in password
    63. 

  63.       continue;
    64. 

  64.     }
    65. 

  65. 

  66.     // nr^= (((nr & 63)+add)*c)+ (nr << 8);
    67. 

  67.     // nr = xor(nr, add(mul(add(and(nr, 63), add), c), shl(nr, 8)))
    68. 

  68.     nr = this.xor32(nr, this.add32(this.mul32(this.add32(this.and32(nr, [0, 63]), [0, add]), [0, c]), this.shl32(nr, 8)));
    69. 

  69. 

  70.     // nr2+=(nr2 << 8) ^ nr;
    71. 

  71.     // nr2 = add(nr2, xor(shl(nr2, 8), nr))
    72. 

  72.     nr2 = this.add32(nr2, this.xor32(this.shl32(nr2, 8), nr));
    73. 

  73. 

  74.     // add+=tmp;
    75. 

  75.     add += c;
    76. 

  76.   }
    77. 

  77. 

  78.   this.int31Write(result, nr, 0);
    79. 

  79.   this.int31Write(result, nr2, 4);
    80. 

  80. 

  81.   return result;
    82. 

  82. };
    83. 

  83. 

  84. Auth.randomInit = function(seed1, seed2) {
    85. 

  85.   return {
    86. 

  86.     max_value     : 0x3FFFFFFF,
    87. 

  87.     max_value_dbl : 0x3FFFFFFF,
    88. 

  88.     seed1         : seed1 % 0x3FFFFFFF,
    89. 

  89.     seed2         : seed2 % 0x3FFFFFFF
    90. 

  90.   };
    91. 

  91. };
    92. 

  92. 

  93. Auth.myRnd = function(r){
    94. 

  94.   r.seed1 = (r.seed1 * 3 + r.seed2) % r.max_value;
    95. 

  95.   r.seed2 = (r.seed1 + r.seed2 + 33) % r.max_value;
    96. 

  96. 

  97.   return r.seed1 / r.max_value_dbl;
    98. 

  98. };
    99. 

  99. 

  100. Auth.scramble323 = function(message, password) {
    101. 

  101.   if (!password) {
    102. 

  102.     return Buffer.alloc(0);
    103. 

  103.   }
    104. 

  104. 

  105.   var to          = Buffer.allocUnsafe(8);
    106. 

  106.   var hashPass    = this.hashPassword(password);
    107. 

  107.   var hashMessage = this.hashPassword(message.slice(0, 8));
    108. 

  108.   var seed1       = this.int32Read(hashPass, 0) ^ this.int32Read(hashMessage, 0);
    109. 

  109.   var seed2       = this.int32Read(hashPass, 4) ^ this.int32Read(hashMessage, 4);
    110. 

  110.   var r           = this.randomInit(seed1, seed2);
    111. 

  111. 

  112.   for (var i = 0; i < 8; i++){
    113. 

  113.     to[i] = Math.floor(this.myRnd(r) * 31) + 64;
    114. 

  114.   }
    115. 

  115.   var extra = (Math.floor(this.myRnd(r) * 31));
    116. 

  116. 

  117.   for (var i = 0; i < 8; i++){
    118. 

  118.     to[i] ^= extra;
    119. 

  119.   }
    120. 

  120. 

  121.   return to;
    122. 

  122. };
    123. 

  123. 

  124. Auth.xor32 = function(a, b){
    125. 

  125.   return [a[0] ^ b[0], a[1] ^ b[1]];
    126. 

  126. };
    127. 

  127. 

  128. Auth.add32 = function(a, b){
    129. 

  129.   var w1 = a[1] + b[1];
    130. 

  130.   var w2 = a[0] + b[0] + ((w1 & 0xFFFF0000) >> 16);
    131. 

  131. 

  132.   return [w2 & 0xFFFF, w1 & 0xFFFF];
    133. 

  133. };
    134. 

  134. 

  135. Auth.mul32 = function(a, b){
    136. 

  136.   // based on this example of multiplying 32b ints using 16b
    137. 

  137.   // http://www.dsprelated.com/showmessage/89790/1.php
    138. 

  138.   var w1 = a[1] * b[1];
    139. 

  139.   var w2 = (((a[1] * b[1]) >> 16) & 0xFFFF) + ((a[0] * b[1]) & 0xFFFF) + (a[1] * b[0] & 0xFFFF);
    140. 

  140. 

  141.   return [w2 & 0xFFFF, w1 & 0xFFFF];
    142. 

  142. };
    143. 

  143. 

  144. Auth.and32 = function(a, b){
    145. 

  145.   return [a[0] & b[0], a[1] & b[1]];
    146. 

  146. };
    147. 

  147. 

  148. Auth.shl32 = function(a, b){
    149. 

  149.   // assume b is 16 or less
    150. 

  150.   var w1 = a[1] << b;
    151. 

  151.   var w2 = (a[0] << b) | ((w1 & 0xFFFF0000) >> 16);
    152. 

  152. 

  153.   return [w2 & 0xFFFF, w1 & 0xFFFF];
    154. 

  154. };
    155. 

  155. 

  156. Auth.int31Write = function(buffer, number, offset) {
    157. 

  157.   buffer[offset] = (number[0] >> 8) & 0x7F;
    158. 

  158.   buffer[offset + 1] = (number[0]) & 0xFF;
    159. 

  159.   buffer[offset + 2] = (number[1] >> 8) & 0xFF;
    160. 

  160.   buffer[offset + 3] = (number[1]) & 0xFF;
    161. 

  161. };
    162. 

  162. 

  163. Auth.int32Read = function(buffer, offset){
    164. 

  164.   return (buffer[offset] << 24)
    165. 

  165.        + (buffer[offset + 1] << 16)
    166. 

  166.        + (buffer[offset + 2] << 8)
    167. 

  167.        + (buffer[offset + 3]);
    168. 

  168. };
    169.