o h@sdZddlmZzddlmZddlmZmZddlm Z dZ Wn e y+dZ Ynwdd l m Z dd lZdZd Ze ejd Zd dZddZdaddZddZddZddZddZddZddZdd Zd!d"Zd S)#z Implements auth methods )OperationalError)default_backend) serializationhashes)paddingTF)partialNsha1cCsT|sdSt|}t|}t}||dt|||}t||S)z'Scramble used for mysql_native_passwordN)sha1_newdigestupdateSCRAMBLE_LENGTH _my_crypt)passwordmessagestage1stage2sresultrE/var/www/bigbudget/venv/lib/python3.10/site-packages/pymysql/_auth.pyscramble_native_passwords    rcCs6t|}tt|D] }||||N<q t|SN) bytearrayrangelenbytes)message1message2rirrrr,srcCs.z ddlm}|aWdStytdw)Nrbindingsz='pynacl' package is required for ed25519_password auth method)naclr#_nacl_bindings ImportError RuntimeErrorr"rrr _init_nacl;s   r(cCsPt|}tt|dd@g}tt|dd@dBg}|t|dd|S)Nr@r)rr)s32baba0ba31rrr _scalar_clampGsr1c Cststt|}t|dd}t|dd|}t|}t|}t|}t|||}t|}t||}t ||} || S)znSign a random scramble with elliptic curve Ed25519. Secret and public key are derived from password. N ) r%r(hashlibsha512r r1!crypto_core_ed25519_scalar_reduce&crypto_scalarmult_ed25519_base_noclampcrypto_core_ed25519_scalar_mulcrypto_core_ed25519_scalar_add) rscramblehrrRAkksSrrred25519_passwordNs      rAcCs|||}||Sr) write_packet _read_packet check_error)conn send_datapktrrr _roundtripws rHcCsN|dt}t|}t|}tt|D]}|||||N<qt|Sr)rrrrr)rsaltpassword_bytessalt_lenr!rrr _xor_password~s rLcCsPtstdt|d|}t|t}||tjtj t dt ddS)zhEncrypt password with salt and public_key. Used for sha256_password and caching_sha2_password. z\'cryptography' package is required for sha256_password or caching_sha2_password auth methods) algorithmN)mgfrNlabel) _have_cryptographyr'rLrload_pem_public_keyrencryptrOAEPMGF1rSHA1)rrI public_keyrrsa_keyrrrsha2_rsa_encryptsrYcCs|jrtr td|jd}t||S|r;||_|jdr*|jdd|_|j s;|jr;tr6tdt|d}| rR|j dd|_ trRtd|j d|jrf|j s\t d t|j|j|j }nd }t||S) Nzsha256: Sending plain passwordrMz$sha256: Requesting server public keyrzReceived public key: asciiz$Couldn't receive server's public keyr )_secureDEBUGprintrrHis_auth_switch_requestread_allrIendswithserver_public_keyis_extra_auth_data_datadecoderrY)rErGdatarrrsha256_password_auths.       rhcCsl|sdSt|}t|}t||}t|}tt|D] }||||N<q%t|S)zScramble algorithm used in cached_sha2_password fast path. XOR(SHA256(password), SHA256(SHA256(SHA256(password)), nonce)) r )r3sha256r rrrr)rnoncep1p2p3resr!rrrscramble_caching_sha2srocCsz|jst|dS|r7||_|jdr|jdd|_tr+td|jt |j|j}t||}| sFt d|j dd| d|}|dkrctrYtd|}||S|d krmt d |trstd |jrtr|td t||jdS|jst|d }| st d|j dd|j dd|_trt|jdt|j|j|j}t||}dS)Nr rMrZz%caching sha2: Trying fast path. salt=z.caching sha2: Unknown packet for fast auth: %srz%caching sha2: succeeded by fast path.z.caching sha2: Unknown result for fast auth: %sz!caching sha2: Trying full auth...z:caching sha2: Sending plain password via secure connectionz/caching sha2: Unknown packet for public key: %sr\)rrHr`rarIrbr^r_hexrordrreadvance read_uint8rCrDr]rcrfrY)rErG scramblednrgrrrcaching_sha2_password_authsR       rx)__doc__errrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrrQr& functoolsrr3r^rnewr rrr%r(r1rArHrLrYrhrorxrrrrs6        ) !