o c_@sdZddlmZzddlmZddlmZmZddlm Z dZ Wn e y+dZ Ynwdd l m Z dd lZdZd Ze ejd Zd dZddZdaddZddZddZddZddZddZddZdd Zd!d"Zd S)#z Implements auth methods )OperationalError)default_backend) serializationhashes)paddingTF)partialNsha1cCsT|sdSt|}t|}t}||dt|||}t||S)z'Scramble used for mysql_native_passwordN)sha1_newdigestupdateSCRAMBLE_LENGTH _my_crypt)passwordmessagestage1stage2sresultr//usr/lib/python3/dist-packages/pymysql/_auth.pyscramble_native_passwords    rcCs6t|}tt|D] }||||N<q t|SN) bytearrayrangelenbytes)message1message2rirrrr+srcCs.z ddlm}|aWdStytdw)Nrbindingsz='pynacl' package is required for ed25519_password auth method)naclr#_nacl_bindings ImportError RuntimeErrorr"rrr _init_nacl:s   r(cCsPt|}tt|dd@g}tt|dd@dBg}|t|dd|S)Nr@r)rr)s32baba0ba31rrr _scalar_clampFsr1c Cststt|}t|dd}t|dd|}t|}t|}t|}t|||}t|}t||}t ||} || S)znSign a random scramble with elliptic curve Ed25519. Secret and public key are derived from password. N ) r%r(hashlibsha512r r1!crypto_core_ed25519_scalar_reduce&crypto_scalarmult_ed25519_base_noclampcrypto_core_ed25519_scalar_mulcrypto_core_ed25519_scalar_add) rscramblehrrRAkksSrrred25519_passwordMs      rAcCs|||}||Sr) write_packet _read_packet check_error)conn send_datapktrrr _roundtripvs rHcCsN|dt}t|}t|}tt|D]}|||||N<qt|Sr)rrrrr)rsaltpassword_bytessalt_lenr!rrr _xor_password}s rLcCsPtstdt|d|}t|t}||tjtj t dt ddS)zhEncrypt password with salt and public_key. Used for sha256_password and caching_sha2_password. z\'cryptography' package is required for sha256_password or caching_sha2_password auth methods) algorithmN)mgfrNlabel) _have_cryptographyr'rLrload_pem_public_keyrencryptrOAEPMGF1rSHA1)rrI public_keyrrsa_keyrrrsha2_rsa_encryptsrYcCs|jrtr td|jd}t||S|r-||_|js-|jr-tr(tdt|d}| rD|j dd|_trDtd|j d|jrX|jsNt dt |j|j|j}nd }t||S) Nzsha256: Sending plain passwordrMz$sha256: Requesting server public keyrzReceived public key: asciiz$Couldn't receive server's public keyr )_secureDEBUGprintrrHis_auth_switch_requestread_allrIserver_public_keyis_extra_auth_data_datadecoderrY)rErGdatarrrsha256_password_auths*      rfcCsl|sdSt|}t|}t||}t|}tt|D] }||||N<q%t|S)zScramble algorithm used in cached_sha2_password fast path. XOR(SHA256(password), SHA256(SHA256(SHA256(password)), nonce)) r )r3sha256r rrrr)rnoncep1p2p3resr!rrrscramble_caching_sha2srmcCsR|jst|dS|r#trtd||_t|j|j}t||}|s2t d|j dd| d| }|dkrOtrEtd| }||S|dkrYt d|tr_td |jrptrhtd t||jd S|jst|d }|st d |j dd|j dd|_trt|jdt|j|j|j}t||}dS)Nr zcaching sha2: Trying fast pathz.caching sha2: Unknown packet for fast auth: %srz%caching sha2: succeeded by fast path.z.caching sha2: Unknwon result for fast auth: %sz!caching sha2: Trying full auth...z:caching sha2: Sending plain password via secure connectionrMz/caching sha2: Unknown packet for public key: %sr[)rrHr_r]r^r`rIrmrbrrcadvance read_uint8rCrDr\rardrY)rErG scramblednrerrrcaching_sha2_password_authsN      ru)__doc__errrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrrQr& functoolsrr3r]rnewr rrr%r(r1rArHrLrYrfrmrurrrrs6        )