U Ýë dçã@sâdZddlmZz0ddlmZddlmZmZddlm Z dZ Wne k rXdZ YnXdd l m Z dd lZdZd Ze ejd ƒZd d„Zdd„Zdadd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd S)#z Implements auth methods é)ÚOperationalErroré)Údefault_backend)Ú serializationÚhashes)ÚpaddingTF)ÚpartialNéÚsha1cCsT|sdSt|ƒ ¡}t|ƒ ¡}tƒ}| |dt…¡| |¡| ¡}t||ƒS)z'Scramble used for mysql_native_passwordóN)Úsha1_newÚdigestÚupdateÚSCRAMBLE_LENGTHÚ _my_crypt)ÚpasswordÚmessageZstage1Zstage2ÚsÚresult©rú1/tmp/pip-unpacked-wheel-zrp_b4p0/pymysql/_auth.pyÚscramble_native_passwords   rcCs6t|ƒ}tt|ƒƒD]}||||N<qt|ƒS©N)Ú bytearrayÚrangeÚlenÚbytes)Zmessage1Zmessage2rÚirrrr+srcCs6zddlm}|aWntk r0tdƒ‚YnXdS)Nr©Úbindingsz='pynacl' package is required for ed25519_password auth method)ZnaclrÚ_nacl_bindingsÚ ImportErrorÚ RuntimeErrorrrrrÚ _init_nacl:s ÿr#cCsPt|ƒ}tt|dd@gƒƒ}tt|dd@dBgƒƒ}|t|dd…ƒ|S)Nréøééé@r)rr)Zs32ÚbaZba0Zba31rrrÚ _scalar_clampFsr)c Cs ts tƒt |¡ ¡}t|dd…ƒ}t |dd…|¡ ¡}t |¡}t |¡}t |¡}t |||¡ ¡}t |¡}t ||¡}t  ||¡} || S)znSign a random scramble with elliptic curve Ed25519. Secret and public key are derived from password. Né ) r r#ÚhashlibÚsha512r r)Z!crypto_core_ed25519_scalar_reduceZ&crypto_scalarmult_ed25519_base_noclampZcrypto_core_ed25519_scalar_mulZcrypto_core_ed25519_scalar_add) rZscrambleÚhrÚrÚRÚAÚkÚksÚSrrrÚed25519_passwordMs      r4cCs| |¡| ¡}| ¡|Sr)Z write_packetÚ _read_packetÚ check_error)ÚconnZ send_dataÚpktrrrÚ _roundtripvs r9cCsN|dt…}t|ƒ}t|ƒ}tt|ƒƒD]}|||||N<q(t|ƒSr)rrrrr)rÚsaltZpassword_bytesZsalt_lenrrrrÚ _xor_password}s  r;cCsPts tdƒ‚t|d|ƒ}t |tƒ¡}| |tjtj t   ¡dt   ¡dd¡S)zhEncrypt password with salt and public_key. Used for sha256_password and caching_sha2_password. z\'cryptography' package is required for sha256_password or caching_sha2_password auth methodsó)Ú algorithmN)Zmgfr=Úlabel) Ú_have_cryptographyr"r;rZload_pem_public_keyrZencryptrZOAEPZMGF1rÚSHA1)rr:Z public_keyrZrsa_keyrrrÚsha2_rsa_encrypt‰sÿýþrAcCs¾|jr&trtdƒ|jd}t||ƒS| ¡rZ| ¡|_|jsZ|jrZtrPtdƒt|dƒ}|  ¡rˆ|j dd…|_trˆtd|j  d¡ƒ|jr°|jsœt dƒ‚t |j|j|jƒ}nd }t||ƒS) Nzsha256: Sending plain passwordr<z$sha256: Requesting server public keyórzReceived public key: Úasciiz$Couldn't receive server's public keyr )Ú_secureÚDEBUGÚprintrr9Úis_auth_switch_requestÚread_allr:Úserver_public_keyÚis_extra_auth_dataÚ_dataÚdecoderrA)r7r8ÚdatarrrÚsha256_password_authžs*     rNcCsl|sdSt |¡ ¡}t |¡ ¡}t ||¡ ¡}t|ƒ}tt|ƒƒD]}||||N<qJt|ƒS)zƒScramble algorithm used in cached_sha2_password fast path. XOR(SHA256(password), SHA256(SHA256(SHA256(password)), nonce)) r )r+Úsha256r rrrr)rÚnonceÚp1Úp2Zp3ÚresrrrrÚscramble_caching_sha2½srTcCsX|jst|dƒS| ¡rFtr$tdƒ| ¡|_t|j|jƒ}t||ƒ}| ¡sdt d|j dd…ƒ‚|  d¡|  ¡}|dkržtrŠtdƒ|  ¡}| ¡|S|dkr²t d|ƒ‚tr¾td ƒ|jràtrÐtd ƒt||jd ƒS|js8t|d ƒ}| ¡st d |j dd…ƒ‚|j dd…|_tr8t|j d¡ƒt|j|j|jƒ}t||ƒ}dS)Nr zcaching sha2: Trying fast pathz.caching sha2: Unknown packet for fast auth: %sréz%caching sha2: succeeded by fast path.éz.caching sha2: Unknwon result for fast auth: %sz!caching sha2: Trying full auth...z:caching sha2: Sending plain password via secure connectionr<óz/caching sha2: Unknown packet for public key: %srC)rr9rGrErFrHr:rTrJrrKZadvanceZ read_uint8r5r6rDrIrLrA)r7r8Z scrambledÚnrMrrrÚcaching_sha2_password_authÑsN   ÿ    ÿrY)Ú__doc__ÚerrrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrr?r!Ú functoolsrr+rErÚnewr rrr r#r)r4r9r;rArNrTrYrrrrÚs2        )