diff --git a/lib/mysql/auth.js b/lib/mysql/auth.js index 2c28b0b88..f40d3e82c 100644 --- a/lib/mysql/auth.js +++ b/lib/mysql/auth.js @@ -35,122 +35,122 @@ exports.token = function(password, scramble) { // pre-4.1 passwords. exports.hashPassword = function(password) { - var nr = [0x5030, 0x5735]; - var add = 7; - var nr2 = [0x1234, 0x5671]; - var result = new Buffer(8); - - if (typeof password == 'string'){ - password = new Buffer(password); - } - - for (var i = 0; i < password.length; i++) { - var c = password[i]; - if (c == 32 || c == 9) { - // skip space in password - continue; - } - - // nr^= (((nr & 63)+add)*c)+ (nr << 8); - // nr = xor(nr, add(mul(add(and(nr, 63), add), c), shl(nr, 8))) - nr = this.xor32(nr, this.add32(this.mul32(this.add32(this.and32(nr, [0,63]), [0,add]), [0,c]), this.shl32(nr, 8))); - - // nr2+=(nr2 << 8) ^ nr; - // nr2 = add(nr2, xor(shl(nr2, 8), nr)) - nr2 = this.add32(nr2, this.xor32(this.shl32(nr2, 8), nr)); - - // add+=tmp; - add += c; - } - - this.int31Write(result, nr, 0); - this.int31Write(result, nr2, 4); - - return result; + var nr = [0x5030, 0x5735]; + var add = 7; + var nr2 = [0x1234, 0x5671]; + var result = new Buffer(8); + + if (typeof password == 'string'){ + password = new Buffer(password); + } + + for (var i = 0; i < password.length; i++) { + var c = password[i]; + if (c == 32 || c == 9) { + // skip space in password + continue; + } + + // nr^= (((nr & 63)+add)*c)+ (nr << 8); + // nr = xor(nr, add(mul(add(and(nr, 63), add), c), shl(nr, 8))) + nr = this.xor32(nr, this.add32(this.mul32(this.add32(this.and32(nr, [0,63]), [0,add]), [0,c]), this.shl32(nr, 8))); + + // nr2+=(nr2 << 8) ^ nr; + // nr2 = add(nr2, xor(shl(nr2, 8), nr)) + nr2 = this.add32(nr2, this.xor32(this.shl32(nr2, 8), nr)); + + // add+=tmp; + add += c; + } + + this.int31Write(result, nr, 0); + this.int31Write(result, nr2, 4); + + return result; }; exports.randomInit = function(seed1, seed2) { - return { - max_value : 0x3FFFFFFF, - max_value_dbl : 0x3FFFFFFF, - seed1 : seed1 % 0x3FFFFFFF, - seed2 : seed2 % 0x3FFFFFFF, - }; + return { + max_value : 0x3FFFFFFF, + max_value_dbl : 0x3FFFFFFF, + seed1 : seed1 % 0x3FFFFFFF, + seed2 : seed2 % 0x3FFFFFFF, + }; }; exports.myRnd = function(r){ - r.seed1 = (r.seed1 * 3 + r.seed2) % r.max_value; - r.seed2 = (r.seed1 + r.seed2 + 33) % r.max_value; + r.seed1 = (r.seed1 * 3 + r.seed2) % r.max_value; + r.seed2 = (r.seed1 + r.seed2 + 33) % r.max_value; - return r.seed1 / r.max_value_dbl; + return r.seed1 / r.max_value_dbl; }; exports.scramble323 = function(message, password) { - if (!password) return new Buffer(); // @todo, this fails, needs fixing - var to = new Buffer(8); + if (!password) return new Buffer(); // @todo, this fails, needs fixing + var to = new Buffer(8); - var hash_pass = this.hashPassword(password); - var hash_message = this.hashPassword(message.slice(0, 8)); + var hash_pass = this.hashPassword(password); + var hash_message = this.hashPassword(message.slice(0, 8)); - var seed1 = this.int32Read(hash_pass, 0) ^ this.int32Read(hash_message, 0); - var seed2 = this.int32Read(hash_pass, 4) ^ this.int32Read(hash_message, 4); - var r = this.randomInit(seed1, seed2); + var seed1 = this.int32Read(hash_pass, 0) ^ this.int32Read(hash_message, 0); + var seed2 = this.int32Read(hash_pass, 4) ^ this.int32Read(hash_message, 4); + var r = this.randomInit(seed1, seed2); - for (var i=0; i<8; i++){ - to[i] = Math.floor(this.myRnd(r)*31) + 64; - } - var extra = (Math.floor(this.myRnd(r)*31)); + for (var i=0; i<8; i++){ + to[i] = Math.floor(this.myRnd(r)*31) + 64; + } + var extra = (Math.floor(this.myRnd(r)*31)); - for (var i=0; i<8; i++){ - to[i] ^= extra; - } + for (var i=0; i<8; i++){ + to[i] ^= extra; + } - return to; + return to; }; exports.fmt32 = function(x){ - var a = x[0].toString(16); - var b = x[1].toString(16); - - if (a.length == 1) a = "000"+a; - if (a.length == 2) a = "00"+a; - if (a.length == 3) a = "0"+a; - if (b.length == 1) b = "000"+b; - if (b.length == 2) b = "00"+b; - if (b.length == 3) b = "0"+b; - return "" + a + '/' + b; + var a = x[0].toString(16); + var b = x[1].toString(16); + + if (a.length == 1) a = "000"+a; + if (a.length == 2) a = "00"+a; + if (a.length == 3) a = "0"+a; + if (b.length == 1) b = "000"+b; + if (b.length == 2) b = "00"+b; + if (b.length == 3) b = "0"+b; + return "" + a + '/' + b; } exports.xor32 = function(a,b){ - return [a[0] ^ b[0], a[1] ^ b[1]]; + return [a[0] ^ b[0], a[1] ^ b[1]]; } exports.add32 = function(a,b){ - var w1 = a[1] + b[1]; - var w2 = a[0] + b[0] + ((w1 & 0xFFFF0000) >> 16); - return [w2 & 0xFFFF, w1 & 0xFFFF]; + var w1 = a[1] + b[1]; + var w2 = a[0] + b[0] + ((w1 & 0xFFFF0000) >> 16); + return [w2 & 0xFFFF, w1 & 0xFFFF]; } exports.mul32 = function(a,b){ - // based on this example of multiplying 32b ints using 16b - // http://www.dsprelated.com/showmessage/89790/1.php - var w1 = a[1] * b[1]; - var w2 = (((a[1] * b[1]) >> 16) & 0xFFFF) + ((a[0] * b[1]) & 0xFFFF) + (a[1] * b[0] & 0xFFFF); - return [w2 & 0xFFFF, w1 & 0xFFFF]; + // based on this example of multiplying 32b ints using 16b + // http://www.dsprelated.com/showmessage/89790/1.php + var w1 = a[1] * b[1]; + var w2 = (((a[1] * b[1]) >> 16) & 0xFFFF) + ((a[0] * b[1]) & 0xFFFF) + (a[1] * b[0] & 0xFFFF); + return [w2 & 0xFFFF, w1 & 0xFFFF]; } exports.and32 = function(a,b){ - return [a[0] & b[0], a[1] & b[1]] + return [a[0] & b[0], a[1] & b[1]] } exports.shl32 = function(a,b){ - // assume b is 16 or less - var w1 = a[1] << b; - var w2 = (a[0] << b) | ((w1 & 0xFFFF0000) >> 16); - return [w2 & 0xFFFF, w1 & 0xFFFF]; + // assume b is 16 or less + var w1 = a[1] << b; + var w2 = (a[0] << b) | ((w1 & 0xFFFF0000) >> 16); + return [w2 & 0xFFFF, w1 & 0xFFFF]; } exports.int32Write = function(buffer, number, offset) { @@ -165,15 +165,15 @@ exports.int32Write = function(buffer, number, offset) { }; exports.int31Write = function(buffer, number, offset) { - buffer[offset] = (number[0] >> 8) & 0x7F; - buffer[offset+1] = (number[0]) & 0xFF; - buffer[offset+2] = (number[1] >> 8) & 0xFF; - buffer[offset+3] = (number[1]) & 0xFF; + buffer[offset] = (number[0] >> 8) & 0x7F; + buffer[offset+1] = (number[0]) & 0xFF; + buffer[offset+2] = (number[1] >> 8) & 0xFF; + buffer[offset+3] = (number[1]) & 0xFF; }; exports.int32Read = function(buffer, offset){ - return (buffer[offset] << 24) - + (buffer[offset+1] << 16) - + (buffer[offset+2] << 8) - + (buffer[offset+3]); + return (buffer[offset] << 24) + + (buffer[offset+1] << 16) + + (buffer[offset+2] << 8) + + (buffer[offset+3]); }; diff --git a/test/simple/test-auth-old.js b/test/simple/test-auth-old.js index 6c26e1bd4..a1c304801 100644 --- a/test/simple/test-auth-old.js +++ b/test/simple/test-auth-old.js @@ -4,54 +4,54 @@ var sys = require('sys'); var auth = require('mysql/auth'); function test_hash_password(password, bytes){ - var expected = new Buffer(bytes); - var actual = auth.hashPassword(password); + var expected = new Buffer(bytes); + var actual = auth.hashPassword(password); - sys.print('hashPassword('+password+')...'); - assert.deepEqual(actual, expected); // , 'hashPassword('+password+') failed'); - sys.print('ok\n'); + sys.print('hashPassword('+password+')...'); + assert.deepEqual(actual, expected); // , 'hashPassword('+password+') failed'); + sys.print('ok\n'); } function test_randominit(in1, in2, out1, out2){ - var r = auth.randomInit(in1, in2); - sys.print('randomInit('+in1+','+in2+')...'); - assert.equal(out1, r.seed1); - assert.equal(out2, r.seed2); - sys.print('ok\n'); + var r = auth.randomInit(in1, in2); + sys.print('randomInit('+in1+','+in2+')...'); + assert.equal(out1, r.seed1); + assert.equal(out2, r.seed2); + sys.print('ok\n'); } function test_myrnd_sequence(seed1, seed2, expected){ - var r = auth.randomInit(seed1, seed2); + var r = auth.randomInit(seed1, seed2); - for(var i=0; i'+a.substr(1, 16)+'...'); - assert.equal(a.substr(1, 16), b.substr(1, 16)); - sys.print('ok\n'); - } + sys.print('myRnd()->'+a.substr(1, 16)+'...'); + assert.equal(a.substr(1, 16), b.substr(1, 16)); + sys.print('ok\n'); + } } function test_scramble323(message, password, bytes){ - var expected = new Buffer(bytes); - var actual = auth.scramble323(new Buffer(message), password); + var expected = new Buffer(bytes); + var actual = auth.scramble323(new Buffer(message), password); - sys.print('test_scramble323('+message+', '+password+')...'); - assert.deepEqual(actual, expected); - sys.print('ok\n'); + sys.print('test_scramble323('+message+', '+password+')...'); + assert.deepEqual(actual, expected); + sys.print('ok\n'); } -test_hash_password('root', [0x67, 0x45, 0x7E, 0x22, 0x6a, 0x1a, 0x15, 0xbd]); -test_hash_password('long password test', [0x6c, 0x24, 0x68, 0x41, 0x2c, 0xa6, 0x86, 0x56]); -test_hash_password('saf789yasfbsd89f', [0x6c, 0x9b, 0x2f, 0x07, 0x17, 0xeb, 0x95, 0xc6]); +test_hash_password('root', [0x67, 0x45, 0x7E, 0x22, 0x6a, 0x1a, 0x15, 0xbd]); +test_hash_password('long password test', [0x6c, 0x24, 0x68, 0x41, 0x2c, 0xa6, 0x86, 0x56]); +test_hash_password('saf789yasfbsd89f', [0x6c, 0x9b, 0x2f, 0x07, 0x17, 0xeb, 0x95, 0xc6]); test_randominit(0x00000000, 0x00000000, 0x00000000, 0x00000000); test_randominit(0x0000FFFF, 0x0000FFFF, 0x0000ffff, 0x0000ffff); @@ -60,16 +60,16 @@ test_randominit(0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, 0x00000003); test_randominit(3252345, 7149734, 0x0031a079, 0x006d18a6); test_myrnd_sequence(3252345, 7149734, [ - 0.0157456556481734, - 0.0696413620092360, - 0.3009698738353047, - 0.2959253138824602, - 0.5767169786400320, - 0.9958089822864243, - 0.2488940062456708, - 0.2570431151027261, - 0.5385335875102631, - 0.9215386229767824, + 0.0157456556481734, + 0.0696413620092360, + 0.3009698738353047, + 0.2959253138824602, + 0.5767169786400320, + 0.9958089822864243, + 0.2488940062456708, + 0.2570431151027261, + 0.5385335875102631, + 0.9215386229767824, ]); test_scramble323("8bytesofstuff", "root", [0x5a, 0x4d, 0x46, 0x47, 0x43, 0x53, 0x58, 0x5f]);