Home Explore Help
Sign In
shanpin
/
chat-server
Watch 3
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 411b9f3fd0
Branches Tags
chat-server
/
qq-imsvr
/
node_modules
/
mysql2
/
lib
/
auth_41.js

auth_41.js 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. /*
    2. 

  2. 4.1 authentication: (http://bazaar.launchpad.net/~mysql/mysql-server/5.5/view/head:/sql/password.c)
    3. 

  3. 

  4.   SERVER:  public_seed=create_random_string()
    5. 

  5.            send(public_seed)
    6. 

  6. 

  7.   CLIENT:  recv(public_seed)
    8. 

  8.            hash_stage1=sha1("password")
    9. 

  9.            hash_stage2=sha1(hash_stage1)
    10. 

  10.            reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
    11. 

  11. 

  12.            // this three steps are done in scramble()
    13. 

  13. 

  14.            send(reply)
    15. 

  15. 

  16. 

  17.   SERVER:  recv(reply)
    18. 

  18.            hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
    19. 

  19.            candidate_hash2=sha1(hash_stage1)
    20. 

  20.            check(candidate_hash2==hash_stage2)
    21. 

  21. 

  22. server stores sha1(sha1(password)) ( hash_stag2)
    23. 

  23. */
    24. 

  24. 

  25. var crypto = require('crypto');
    26. 

  26. 

  27. function sha1(msg, msg1, msg2) {
    28. 

  28.   var hash = crypto.createHash('sha1');
    29. 

  29.   hash.update(msg);
    30. 

  30.   if (msg1)
    31. 

  31.     hash.update(msg1);
    32. 

  32.   if (msg2)
    33. 

  33.     hash.update(msg2);
    34. 

  34.   return hash.digest();
    35. 

  35. }
    36. 

  36. 

  37. function xor(a, b) {
    38. 

  38.   if (!Buffer.isBuffer(a))
    39. 

  39.     a = new Buffer(a, 'binary');
    40. 

  40.   if (!Buffer.isBuffer(b))
    41. 

  41.     b = new Buffer(b, 'binary');
    42. 

  42.   var result = new Buffer(a.length);
    43. 

  43.   for (var i = 0; i < a.length; i++) {
    44. 

  44.     result[i] = (a[i] ^ b[i]);
    45. 

  45.   }
    46. 

  46.   return result;
    47. 

  47. }
    48. 

  48. 

  49. function token(password, scramble1, scramble2) {
    50. 

  50.   // TODO: use buffers (not sure why strings here)
    51. 

  51.   if (!password) {
    52. 

  52.     return new Buffer(0);
    53. 

  53.   }
    54. 

  54.   var stage1 = sha1(password);
    55. 

  55.   return module.exports.calculateTokenFromPasswordSha(stage1, scramble1, scramble2);
    56. 

  56. }
    57. 

  57. 

  58. module.exports.calculateTokenFromPasswordSha = function(passwordSha, scramble1, scramble2) {
    59. 

  59.   var stage2 = sha1(passwordSha);
    60. 

  60.   var stage3 = sha1(scramble1, scramble2, stage2);
    61. 

  61.   return xor(stage3, passwordSha);
    62. 

  62. };
    63. 

  63. 

  64. module.exports.calculateToken = token;
    65. 

  65. 

  66. module.exports.verifyToken = function(publicSeed1, publicSeed2, token, doubleSha) {
    67. 

  67.   var hashStage1 =xor(token, sha1(publicSeed1, publicSeed2, doubleSha));
    68. 

  68.   var candidateHash2 = sha1(hashStage1);
    69. 

  69.   // TODO better way to compare buffers?
    70. 

  70.   return candidateHash2.toString('hex') == doubleSha.toString('hex');
    71. 

  71. }
    72. 

  72. 

  73. module.exports.doubleSha1 = function(password) {
    74. 

  74.   return sha1(sha1(password));
    75. 

  75. }
    76. 

  76.