3 $c @sdZddlmZy0ddlmZddlmZmZddlm Z dZ Wne k rXdZ YnXdd l m Z dd lZdZd Ze ejd Zd dZddZdaddZddZddZddZddZddZddZdd Zd!d"Zd S)#z Implements auth methods )OperationalError)default_backend) serializationhashes)paddingTF)partialNsha1cCsT|sdSt|j}t|j}t}|j|dt|j||j}t||S)z'Scramble used for mysql_native_passwordN)sha1_newdigestupdateSCRAMBLE_LENGTH _my_crypt)passwordmessageZstage1Zstage2sresultr4/tmp/pip-target-ebskqzh7/lib/python/pymysql/_auth.pyscramble_native_passwords   rcCs:t|}x(tt|D]}||||N<qWt|S)N) bytearrayrangelenbytes)Zmessage1Zmessage2rirrrr+src Cs6yddlm}|aWntk r0tdYnXdS)Nr)bindingsz='pynacl' package is required for ed25519_password auth method)Znaclr_nacl_bindings ImportError RuntimeError)rrrr _init_nacl:s  r!cCsPt|}tt|dd@g}tt|dd@dBg}|t|dd|S)Nr@r)rr)Zs32baZba0Zba31rrr _scalar_clampFsr'c Csts ttj|j}t|dd}tj|dd|j}tj|}tj|}tj|}tj|||j}tj|}tj||}tj ||} || S)znSign a random scramble with elliptic curve Ed25519. Secret and public key are derived from password. N ) rr!hashlibsha512r r'Z!crypto_core_ed25519_scalar_reduceZ&crypto_scalarmult_ed25519_base_noclampZcrypto_core_ed25519_scalar_mulZcrypto_core_ed25519_scalar_add) rZscramblehrrRAkksSrrred25519_passwordMs      r2cCs|j||j}|j|S)N)Z write_packet _read_packet check_error)connZ send_datapktrrr _roundtripvs r7cCsR|dt}t|}t|}x,tt|D]}|||||N<q*Wt|S)N)rrrrr)rsaltZpassword_bytesZsalt_lenrrrr _xor_password}s  r9cCsPts tdt|d|}tj|t}|j|tjtj t j dt j ddS)zhEncrypt password with salt and public_key. Used for sha256_password and caching_sha2_password. z\'cryptography' package is required for sha256_password or caching_sha2_password auth methods) algorithmN)Zmgfr;label) _have_cryptographyr r9rZload_pem_public_keyrZencryptrZOAEPZMGF1rSHA1)rr8Z public_keyrZrsa_keyrrrsha2_rsa_encryptsr?cCs|jr&trtd|jd}t||S|jr\|j|_|j r\|jr\trRtdt|d}|j r|j dd|_trtd|jj d|jr|jst dt |j|j|j}nd }t||S) Nzsha256: Sending plain passwordr:z$sha256: Requesting server public keyrzReceived public key: asciiz$Couldn't receive server's public keyr )_secureDEBUGprintrr7is_auth_switch_requestread_allr8server_public_keyis_extra_auth_data_datadecoderr?)r5r6datarrrsha256_password_auths*    rLcCsp|sdStj|j}tj|j}tj||j}t|}x(tt|D]}||||N<qLWt|S)zScramble algorithm used in cached_sha2_password fast path. XOR(SHA256(password), SHA256(SHA256(SHA256(password)), nonce)) r )r)sha256r rrrr)rnoncep1p2Zp3resrrrrscramble_caching_sha2srRcCsX|jst|dS|jrFtr$td|j|_t|j|j}t||}|jsdt d|j dd|j d|j }|dkrtrtd|j }|j|S|dkrt d|trtd |jrtrtd t||jd S|js8t|d }|jst d |j dd|j dd|_tr8t|jjdt|j|j|j}t||}dS)Nr zcaching sha2: Trying fast pathz.caching sha2: Unknown packet for fast auth: %srz%caching sha2: succeeded by fast path.z.caching sha2: Unknwon result for fast auth: %sz!caching sha2: Trying full auth...z:caching sha2: Sending plain password via secure connectionr:z/caching sha2: Unknown packet for public key: %srA)rr7rErCrDrFr8rRrHrrIZadvanceZ read_uint8r3r4rBrGrJr?)r5r6Z scramblednrKrrrcaching_sha2_password_authsJ       rW)__doc__errrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrr=r functoolsrr)rCrnewr rrrr!r'r2r7r9r?rLrRrWrrrrs2        )