~drizzle-trunk/drizzle/development : contents of libdrizzle/password.c at revision 202.3.1

~drizzle-trunk/drizzle/development : (revision 202.3.1)

/* Copyright (C) 2000-2006 MySQL AB

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 of the License.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */

/* password checking routines */
/*****************************************************************************
  The main idea is that no password are sent between client & server on
  connection and that no password are saved in mysql in a decodable form.

  On connection a random string is generated and sent to the client.
  The client generates a new string with a random generator inited with
  the hash values from the password and the sent string.
  This 'check' string is sent to the server where it is compared with
  a string generated from the stored hash_value of the password and the
  random string.

  The password is saved (in user.password) by using the PASSWORD() function in
  mysql.

  This is .c file because it's used in libmysqlclient, which is entirely in C.
  (we need it to be portable to a variety of systems).
  Example:
    update user set password=PASSWORD("hello") where user="test"
  This saves a hashed number as a string in the password field.

  The new authentication is performed in following manner:

  SERVER:  public_seed=create_random_string()
           send(public_seed)

  CLIENT:  recv(public_seed)
           hash_stage1=sha1("password")
           hash_stage2=sha1(hash_stage1)
           reply=xor(hash_stage1, sha1(public_seed,hash_stage2)

           // this three steps are done in scramble() 

           send(reply)

     
  SERVER:  recv(reply)
           hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
           candidate_hash2=sha1(hash_stage1)
           check(candidate_hash2==hash_stage2)

           // this three steps are done in check_scramble()

*****************************************************************************/

#include <my_global.h>
#include <my_sys.h>
#include <m_string.h>
#include <sha1.h>
#include "drizzle.h"

/************ MySQL 3.23-4.0 authentication routines: untouched ***********/

/*
  New (MySQL 3.21+) random generation structure initialization
  SYNOPSIS
    randominit()
    rand_st    OUT  Structure to initialize
    seed1      IN   First initialization parameter
    seed2      IN   Second initialization parameter
*/

void randominit(struct rand_struct *rand_st, uint32_t seed1, uint32_t seed2)
{                                               /* For mysql 3.21.# */
#ifdef HAVE_purify
  bzero((char*) rand_st,sizeof(*rand_st));      /* Avoid UMC varnings */
#endif
  rand_st->max_value= 0x3FFFFFFFL;
  rand_st->max_value_dbl=(double) rand_st->max_value;
  rand_st->seed1=seed1%rand_st->max_value ;
  rand_st->seed2=seed2%rand_st->max_value;
}


/*
    Generate random number.
  SYNOPSIS
    my_rnd()
    rand_st    INOUT  Structure used for number generation
  RETURN VALUE
    generated pseudo random number
*/

double my_rnd(struct rand_struct *rand_st)
{
  rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
  rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
  return (((double) rand_st->seed1)/rand_st->max_value_dbl);
}


/*
    Generate binary hash from raw text string 
    Used for Pre-4.1 password handling
  SYNOPSIS
    hash_password()
    result       OUT store hash in this location
    password     IN  plain text password to build hash
    password_len IN  password length (password may be not null-terminated)
*/

void hash_password(uint32_t *result, const char *password, uint32_t password_len)
{
  register ulong nr=1345345333L, add=7, nr2=0x12345671L;
  uint32_t tmp;
  const char *password_end= password + password_len;
  for (; password < password_end; password++)
  {
    if (*password == ' ' || *password == '\t')
      continue;                                 /* skip space in password */
    tmp= (uint32_t) (uchar) *password;
    nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
    nr2+=(nr2 << 8) ^ nr;
    add+=tmp;
  }
  result[0]=nr & (((uint32_t) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
  result[1]=nr2 & (((uint32_t) 1L << 31) -1L);
}

static inline uint8_t char_val(uint8_t X)
{
  return (uint) (X >= '0' && X <= '9' ? X-'0' :
      X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
}


/*
     **************** MySQL 4.1.1 authentication routines *************
*/

/*
    Generate string of printable random characters of requested length
  SYNOPSIS
    create_random_string()
    to       OUT   buffer for generation; must be at least length+1 bytes
                   long; result string is always null-terminated
    length   IN    how many random characters to put in buffer
    rand_st  INOUT structure used for number generation
*/

void create_random_string(char *to, uint length, struct rand_struct *rand_st)
{
  char *end= to + length;
  /* Use pointer arithmetics as it is faster way to do so. */
  for (; to < end; to++)
    *to= (char) (my_rnd(rand_st)*94+33);
  *to= '\0';
}


/* Character to use as version identifier for version 4.1 */

#define PVERSION41_CHAR '*'


/*
    Convert given octet sequence to asciiz string of hex characters;
    str..str+len and 'to' may not overlap.
  SYNOPSIS
    octet2hex()
    buf       OUT output buffer. Must be at least 2*len+1 bytes
    str, len  IN  the beginning and the length of the input string

  RETURN
    buf+len*2
*/

char *octet2hex(char *to, const char *str, uint len)
{
  const char *str_end= str + len; 
  for (; str != str_end; ++str)
  {
    *to++= _dig_vec_upper[((uchar) *str) >> 4];
    *to++= _dig_vec_upper[((uchar) *str) & 0x0F];
  }
  *to= '\0';
  return to;
}


/*
    Convert given asciiz string of hex (0..9 a..f) characters to octet
    sequence.
  SYNOPSIS
    hex2octet()
    to        OUT buffer to place result; must be at least len/2 bytes
    str, len  IN  begin, length for character string; str and to may not
                  overlap; len % 2 == 0
*/ 

static void
hex2octet(uint8_t *to, const char *str, uint len)
{
  const char *str_end= str + len;
  while (str < str_end)
  {
    register char tmp= char_val(*str++);
    *to++= (tmp << 4) | char_val(*str++);
  }
}


/*
    Encrypt/Decrypt function used for password encryption in authentication.
    Simple XOR is used here but it is OK as we crypt random strings. Note,
    that XOR(s1, XOR(s1, s2)) == s2, XOR(s1, s2) == XOR(s2, s1)
  SYNOPSIS
    my_crypt()
    to      OUT buffer to hold crypted string; must be at least len bytes
                long; to and s1 (or s2) may be the same.
    s1, s2  IN  input strings (of equal length)
    len     IN  length of s1 and s2
*/

static void
my_crypt(char *to, const uchar *s1, const uchar *s2, uint len)
{
  const uint8_t *s1_end= s1 + len;
  while (s1 < s1_end)
    *to++= *s1++ ^ *s2++;
}


/*
    MySQL 4.1.1 password hashing: SHA conversion (see RFC 2289, 3174) twice
    applied to the password string, and then produced octet sequence is
    converted to hex string.
    The result of this function is used as return value from PASSWORD() and
    is stored in the database.
  SYNOPSIS
    make_scrambled_password()
    buf       OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
    password  IN  NULL-terminated password string
*/

void
make_scrambled_password(char *to, const char *password)
{
  SHA1_CONTEXT sha1_context;
  uint8_t hash_stage2[SHA1_HASH_SIZE];

  mysql_sha1_reset(&sha1_context);
  /* stage 1: hash password */
  mysql_sha1_input(&sha1_context, (uint8_t *) password, (uint) strlen(password));
  mysql_sha1_result(&sha1_context, (uint8_t *) to);
  /* stage 2: hash stage1 output */
  mysql_sha1_reset(&sha1_context);
  mysql_sha1_input(&sha1_context, (uint8_t *) to, SHA1_HASH_SIZE);
  /* separate buffer is used to pass 'to' in octet2hex */
  mysql_sha1_result(&sha1_context, hash_stage2);
  /* convert hash_stage2 to hex string */
  *to++= PVERSION41_CHAR;
  octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
}
  

/*
    Produce an obscure octet sequence from password and random
    string, recieved from the server. This sequence corresponds to the
    password, but password can not be easily restored from it. The sequence
    is then sent to the server for validation. Trailing zero is not stored
    in the buf as it is not needed.
    This function is used by client to create authenticated reply to the
    server's greeting.
  SYNOPSIS
    scramble()
    buf       OUT store scrambled string here. The buf must be at least 
                  SHA1_HASH_SIZE bytes long. 
    message   IN  random message, must be exactly SCRAMBLE_LENGTH long and 
                  NULL-terminated.
    password  IN  users' password 
*/

void
scramble(char *to, const char *message, const char *password)
{
  SHA1_CONTEXT sha1_context;
  uint8_t hash_stage1[SHA1_HASH_SIZE];
  uint8_t hash_stage2[SHA1_HASH_SIZE];

  mysql_sha1_reset(&sha1_context);
  /* stage 1: hash password */
  mysql_sha1_input(&sha1_context, (uint8_t *) password, (uint) strlen(password));
  mysql_sha1_result(&sha1_context, hash_stage1);
  /* stage 2: hash stage 1; note that hash_stage2 is stored in the database */
  mysql_sha1_reset(&sha1_context);
  mysql_sha1_input(&sha1_context, hash_stage1, SHA1_HASH_SIZE);
  mysql_sha1_result(&sha1_context, hash_stage2);
  /* create crypt string as sha1(message, hash_stage2) */;
  mysql_sha1_reset(&sha1_context);
  mysql_sha1_input(&sha1_context, (const uint8_t *) message, SCRAMBLE_LENGTH);
  mysql_sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
  /* xor allows 'from' and 'to' overlap: lets take advantage of it */
  mysql_sha1_result(&sha1_context, (uint8_t *) to);
  my_crypt(to, (const uchar *) to, hash_stage1, SCRAMBLE_LENGTH);
}


/*
    Check that scrambled message corresponds to the password; the function
    is used by server to check that recieved reply is authentic.
    This function does not check lengths of given strings: message must be
    null-terminated, reply and hash_stage2 must be at least SHA1_HASH_SIZE
    long (if not, something fishy is going on).
  SYNOPSIS
    check_scramble()
    scramble     clients' reply, presumably produced by scramble()
    message      original random string, previously sent to client
                 (presumably second argument of scramble()), must be 
                 exactly SCRAMBLE_LENGTH long and NULL-terminated.
    hash_stage2  hex2octet-decoded database entry
    All params are IN.

  RETURN VALUE
    0  password is correct
    !0  password is invalid
*/

my_bool
check_scramble(const char *scramble_arg, const char *message,
               const uint8_t *hash_stage2)
{
  SHA1_CONTEXT sha1_context;
  uint8_t buf[SHA1_HASH_SIZE];
  uint8_t hash_stage2_reassured[SHA1_HASH_SIZE];

  mysql_sha1_reset(&sha1_context);
  /* create key to encrypt scramble */
  mysql_sha1_input(&sha1_context, (const uint8_t *) message, SCRAMBLE_LENGTH);
  mysql_sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
  mysql_sha1_result(&sha1_context, buf);
  /* encrypt scramble */
    my_crypt((char *) buf, buf, (const uchar *) scramble_arg, SCRAMBLE_LENGTH);
  /* now buf supposedly contains hash_stage1: so we can get hash_stage2 */
  mysql_sha1_reset(&sha1_context);
  mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
  mysql_sha1_result(&sha1_context, hash_stage2_reassured);
  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
}


/*
  Convert scrambled password from asciiz hex string to binary form.

  SYNOPSIS
    get_salt_from_password()
    res       OUT buf to hold password. Must be at least SHA1_HASH_SIZE
                  bytes long.
    password  IN  4.1.1 version value of user.password
*/
    
void get_salt_from_password(uint8_t *hash_stage2, const char *password)
{
  hex2octet(hash_stage2, password+1 /* skip '*' */, SHA1_HASH_SIZE * 2);
}

/*
    Convert scrambled password from binary form to asciiz hex string.
  SYNOPSIS
    make_password_from_salt()
    to    OUT store resulting string here, 2*SHA1_HASH_SIZE+2 bytes 
    salt  IN  password in salt format
*/

void make_password_from_salt(char *to, const uint8_t *hash_stage2)
{
  *to++= PVERSION41_CHAR;
  octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
}

1 by brian clean slate	1	/* Copyright (C) 2000-2006 MySQL AB
	2
	3	This program is free software; you can redistribute it and/or modify
	4	it under the terms of the GNU General Public License as published by
	5	the Free Software Foundation; version 2 of the License.
	6
	7	This program is distributed in the hope that it will be useful,
	8	but WITHOUT ANY WARRANTY; without even the implied warranty of
	9	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	10	GNU General Public License for more details.
	11
	12	You should have received a copy of the GNU General Public License
	13	along with this program; if not, write to the Free Software
	14	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
	15
	16	/* password checking routines */
	17	/*****************************************************************************
	18	The main idea is that no password are sent between client & server on
	19	connection and that no password are saved in mysql in a decodable form.
	20
	21	On connection a random string is generated and sent to the client.
	22	The client generates a new string with a random generator inited with
	23	the hash values from the password and the sent string.
	24	This 'check' string is sent to the server where it is compared with
	25	a string generated from the stored hash_value of the password and the
	26	random string.
	27
	28	The password is saved (in user.password) by using the PASSWORD() function in
	29	mysql.
	30
	31	This is .c file because it's used in libmysqlclient, which is entirely in C.
	32	(we need it to be portable to a variety of systems).
	33	Example:
	34	update user set password=PASSWORD("hello") where user="test"
	35	This saves a hashed number as a string in the password field.
	36
	37	The new authentication is performed in following manner:
	38
	39	SERVER: public_seed=create_random_string()
	40	send(public_seed)
	41
	42	CLIENT: recv(public_seed)
	43	hash_stage1=sha1("password")
	44	hash_stage2=sha1(hash_stage1)
	45	reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
	46
	47	// this three steps are done in scramble()
	48
	49	send(reply)
	50
	51
	52	SERVER: recv(reply)
	53	hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
	54	candidate_hash2=sha1(hash_stage1)
	55	check(candidate_hash2==hash_stage2)
	56
	57	// this three steps are done in check_scramble()
	58
	59	*****************************************************************************/
	60
	61	#include <my_global.h>
	62	#include <my_sys.h>
	63	#include <m_string.h>
	64	#include <sha1.h>
77.1.39 by Monty Taylor More mysql->drizzle renaming.	65	#include "drizzle.h"
1 by brian clean slate	66
	67	/********** MySQL 3.23-4.0 authentication routines: untouched *********/
	68
	69	/*
	70	New (MySQL 3.21+) random generation structure initialization
	71	SYNOPSIS
	72	randominit()
	73	rand_st OUT Structure to initialize
	74	seed1 IN First initialization parameter
	75	seed2 IN Second initialization parameter
	76	*/
	77
164 by Brian Aker Commit cleanup of export types.	78	void randominit(struct rand_struct *rand_st, uint32_t seed1, uint32_t seed2)
1 by brian clean slate	79	{ /* For mysql 3.21.# */
	80	#ifdef HAVE_purify
	81	bzero((char) rand_st,sizeof(rand_st)); /* Avoid UMC varnings */
	82	#endif
	83	rand_st->max_value= 0x3FFFFFFFL;
	84	rand_st->max_value_dbl=(double) rand_st->max_value;
	85	rand_st->seed1=seed1%rand_st->max_value ;
	86	rand_st->seed2=seed2%rand_st->max_value;
	87	}
	88
	89
	90	/*
	91	Generate random number.
	92	SYNOPSIS
	93	my_rnd()
	94	rand_st INOUT Structure used for number generation
	95	RETURN VALUE
	96	generated pseudo random number
	97	*/
	98
	99	double my_rnd(struct rand_struct *rand_st)
	100	{
	101	rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % rand_st->max_value;
	102	rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % rand_st->max_value;
	103	return (((double) rand_st->seed1)/rand_st->max_value_dbl);
	104	}
	105
	106
	107	/*
	108	Generate binary hash from raw text string
	109	Used for Pre-4.1 password handling
	110	SYNOPSIS
	111	hash_password()
	112	result OUT store hash in this location
	113	password IN plain text password to build hash
	114	password_len IN password length (password may be not null-terminated)
	115	*/
	116
164 by Brian Aker Commit cleanup of export types.	117	void hash_password(uint32_t result, const char password, uint32_t password_len)
1 by brian clean slate	118	{
1 by brian clean slate	119	register ulong nr=1345345333L, add=7, nr2=0x12345671L;
164 by Brian Aker Commit cleanup of export types.	120	uint32_t tmp;
1 by brian clean slate	121	const char *password_end= password + password_len;
	122	for (; password < password_end; password++)
	123	{
	124	if (password == ' ' \|\| password == '\t')
	125	continue; /* skip space in password */
164 by Brian Aker Commit cleanup of export types.	126	tmp= (uint32_t) (uchar) *password;
1 by brian clean slate	127	nr^= (((nr & 63)+add)*tmp)+ (nr << 8);
	128	nr2+=(nr2 << 8) ^ nr;
	129	add+=tmp;
	130	}
164 by Brian Aker Commit cleanup of export types.	131	result[0]=nr & (((uint32_t) 1L << 31) -1L); /* Don't use sign bit (str2int) */;
164 by Brian Aker Commit cleanup of export types.	132	result[1]=nr2 & (((uint32_t) 1L << 31) -1L);
1 by brian clean slate	133	}
1 by brian clean slate	134
206 by Brian Aker Removed final uint dead types.	135	static inline uint8_t char_val(uint8_t X)
1 by brian clean slate	136	{
	137	return (uint) (X >= '0' && X <= '9' ? X-'0' :
	138	X >= 'A' && X <= 'Z' ? X-'A'+10 : X-'a'+10);
	139	}
	140
	141
	142	/*
	143	************** MySQL 4.1.1 authentication routines ***********
	144	*/
	145
	146	/*
	147	Generate string of printable random characters of requested length
	148	SYNOPSIS
	149	create_random_string()
	150	to OUT buffer for generation; must be at least length+1 bytes
	151	long; result string is always null-terminated
	152	length IN how many random characters to put in buffer
	153	rand_st INOUT structure used for number generation
	154	*/
	155
	156	void create_random_string(char to, uint length, struct rand_struct rand_st)
	157	{
	158	char *end= to + length;
	159	/* Use pointer arithmetics as it is faster way to do so. */
	160	for (; to < end; to++)
	161	to= (char) (my_rnd(rand_st)94+33);
	162	*to= '\0';
	163	}
	164
	165
	166	/* Character to use as version identifier for version 4.1 */
	167
	168	#define PVERSION41_CHAR '*'
	169
	170
	171	/*
	172	Convert given octet sequence to asciiz string of hex characters;
	173	str..str+len and 'to' may not overlap.
	174	SYNOPSIS
	175	octet2hex()
	176	buf OUT output buffer. Must be at least 2*len+1 bytes
	177	str, len IN the beginning and the length of the input string
	178
	179	RETURN
	180	buf+len*2
	181	*/
	182
	183	char octet2hex(char to, const char *str, uint len)
	184	{
	185	const char *str_end= str + len;
	186	for (; str != str_end; ++str)
	187	{
	188	to++= _dig_vec_upper[((uchar) str) >> 4];
	189	to++= _dig_vec_upper[((uchar) str) & 0x0F];
	190	}
	191	*to= '\0';
	192	return to;
	193	}
	194
	195
	196	/*
	197	Convert given asciiz string of hex (0..9 a..f) characters to octet
	198	sequence.
	199	SYNOPSIS
200	hex2octet()
201	to OUT buffer to place result; must be at least len/2 bytes
202	str, len IN begin, length for character string; str and to may not
203	overlap; len % 2 == 0
204	*/
205
206	static void
206 by Brian Aker Removed final uint dead types.	207	hex2octet(uint8_t to, const char str, uint len)
1 by brian clean slate	208	{
	209	const char *str_end= str + len;
	210	while (str < str_end)
	211	{
	212	register char tmp= char_val(*str++);
	213	to++= (tmp << 4) \| char_val(str++);
	214	}
	215	}
	216
	217
	218	/*
	219	Encrypt/Decrypt function used for password encryption in authentication.
	220	Simple XOR is used here but it is OK as we crypt random strings. Note,
	221	that XOR(s1, XOR(s1, s2)) == s2, XOR(s1, s2) == XOR(s2, s1)
	222	SYNOPSIS
	223	my_crypt()
	224	to OUT buffer to hold crypted string; must be at least len bytes
	225	long; to and s1 (or s2) may be the same.
	226	s1, s2 IN input strings (of equal length)
	227	len IN length of s1 and s2
	228	*/
	229
	230	static void
	231	my_crypt(char to, const uchar s1, const uchar *s2, uint len)
	232	{
206 by Brian Aker Removed final uint dead types.	233	const uint8_t *s1_end= s1 + len;
1 by brian clean slate	234	while (s1 < s1_end)
	235	to++= s1++ ^ *s2++;
	236	}
	237
	238
	239	/*
	240	MySQL 4.1.1 password hashing: SHA conversion (see RFC 2289, 3174) twice
	241	applied to the password string, and then produced octet sequence is
	242	converted to hex string.
	243	The result of this function is used as return value from PASSWORD() and
	244	is stored in the database.
	245	SYNOPSIS
	246	make_scrambled_password()
	247	buf OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
	248	password IN NULL-terminated password string
	249	*/
	250
	251	void
	252	make_scrambled_password(char to, const char password)
	253	{
	254	SHA1_CONTEXT sha1_context;
206 by Brian Aker Removed final uint dead types.	255	uint8_t hash_stage2[SHA1_HASH_SIZE];
1 by brian clean slate	256
	257	mysql_sha1_reset(&sha1_context);
	258	/* stage 1: hash password */
206 by Brian Aker Removed final uint dead types.	259	mysql_sha1_input(&sha1_context, (uint8_t *) password, (uint) strlen(password));
206 by Brian Aker Removed final uint dead types.	260	mysql_sha1_result(&sha1_context, (uint8_t *) to);
1 by brian clean slate	261	/* stage 2: hash stage1 output */
1 by brian clean slate	262	mysql_sha1_reset(&sha1_context);
206 by Brian Aker Removed final uint dead types.	263	mysql_sha1_input(&sha1_context, (uint8_t *) to, SHA1_HASH_SIZE);
1 by brian clean slate	264	/* separate buffer is used to pass 'to' in octet2hex */
	265	mysql_sha1_result(&sha1_context, hash_stage2);
	266	/* convert hash_stage2 to hex string */
	267	*to++= PVERSION41_CHAR;
	268	octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
	269	}
	270
	271
	272	/*
	273	Produce an obscure octet sequence from password and random
	274	string, recieved from the server. This sequence corresponds to the
	275	password, but password can not be easily restored from it. The sequence
	276	is then sent to the server for validation. Trailing zero is not stored
	277	in the buf as it is not needed.
	278	This function is used by client to create authenticated reply to the
	279	server's greeting.
	280	SYNOPSIS
	281	scramble()
	282	buf OUT store scrambled string here. The buf must be at least
	283	SHA1_HASH_SIZE bytes long.
	284	message IN random message, must be exactly SCRAMBLE_LENGTH long and
	285	NULL-terminated.
	286	password IN users' password
	287	*/
	288
	289	void
	290	scramble(char to, const char message, const char *password)
	291	{
	292	SHA1_CONTEXT sha1_context;
206 by Brian Aker Removed final uint dead types.	293	uint8_t hash_stage1[SHA1_HASH_SIZE];
206 by Brian Aker Removed final uint dead types.	294	uint8_t hash_stage2[SHA1_HASH_SIZE];
1 by brian clean slate	295
	296	mysql_sha1_reset(&sha1_context);
	297	/* stage 1: hash password */
206 by Brian Aker Removed final uint dead types.	298	mysql_sha1_input(&sha1_context, (uint8_t *) password, (uint) strlen(password));
1 by brian clean slate	299	mysql_sha1_result(&sha1_context, hash_stage1);
	300	/* stage 2: hash stage 1; note that hash_stage2 is stored in the database */
	301	mysql_sha1_reset(&sha1_context);
	302	mysql_sha1_input(&sha1_context, hash_stage1, SHA1_HASH_SIZE);
	303	mysql_sha1_result(&sha1_context, hash_stage2);
	304	/* create crypt string as sha1(message, hash_stage2) */;
	305	mysql_sha1_reset(&sha1_context);
206 by Brian Aker Removed final uint dead types.	306	mysql_sha1_input(&sha1_context, (const uint8_t *) message, SCRAMBLE_LENGTH);
1 by brian clean slate	307	mysql_sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
1 by brian clean slate	308	/* xor allows 'from' and 'to' overlap: lets take advantage of it */
206 by Brian Aker Removed final uint dead types.	309	mysql_sha1_result(&sha1_context, (uint8_t *) to);
1 by brian clean slate	310	my_crypt(to, (const uchar *) to, hash_stage1, SCRAMBLE_LENGTH);
	311	}
	312
	313
	314	/*
	315	Check that scrambled message corresponds to the password; the function
	316	is used by server to check that recieved reply is authentic.
	317	This function does not check lengths of given strings: message must be
	318	null-terminated, reply and hash_stage2 must be at least SHA1_HASH_SIZE
	319	long (if not, something fishy is going on).
	320	SYNOPSIS
	321	check_scramble()
	322	scramble clients' reply, presumably produced by scramble()
	323	message original random string, previously sent to client
	324	(presumably second argument of scramble()), must be
	325	exactly SCRAMBLE_LENGTH long and NULL-terminated.
	326	hash_stage2 hex2octet-decoded database entry
	327	All params are IN.
	328
	329	RETURN VALUE
	330	0 password is correct
	331	!0 password is invalid
	332	*/
	333
	334	my_bool
	335	check_scramble(const char scramble_arg, const char message,
206 by Brian Aker Removed final uint dead types.	336	const uint8_t *hash_stage2)
1 by brian clean slate	337	{
1 by brian clean slate	338	SHA1_CONTEXT sha1_context;
206 by Brian Aker Removed final uint dead types.	339	uint8_t buf[SHA1_HASH_SIZE];
206 by Brian Aker Removed final uint dead types.	340	uint8_t hash_stage2_reassured[SHA1_HASH_SIZE];
1 by brian clean slate	341
	342	mysql_sha1_reset(&sha1_context);
	343	/* create key to encrypt scramble */
206 by Brian Aker Removed final uint dead types.	344	mysql_sha1_input(&sha1_context, (const uint8_t *) message, SCRAMBLE_LENGTH);
1 by brian clean slate	345	mysql_sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
	346	mysql_sha1_result(&sha1_context, buf);
	347	/* encrypt scramble */
	348	my_crypt((char ) buf, buf, (const uchar ) scramble_arg, SCRAMBLE_LENGTH);
	349	/* now buf supposedly contains hash_stage1: so we can get hash_stage2 */
	350	mysql_sha1_reset(&sha1_context);
	351	mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
	352	mysql_sha1_result(&sha1_context, hash_stage2_reassured);
	353	return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
	354	}
	355
	356
	357	/*
	358	Convert scrambled password from asciiz hex string to binary form.
	359
	360	SYNOPSIS
	361	get_salt_from_password()
	362	res OUT buf to hold password. Must be at least SHA1_HASH_SIZE
	363	bytes long.
	364	password IN 4.1.1 version value of user.password
	365	*/
	366
206 by Brian Aker Removed final uint dead types.	367	void get_salt_from_password(uint8_t hash_stage2, const char password)
1 by brian clean slate	368	{
	369	hex2octet(hash_stage2, password+1 /* skip '' /, SHA1_HASH_SIZE * 2);
	370	}
	371
	372	/*
	373	Convert scrambled password from binary form to asciiz hex string.
	374	SYNOPSIS
	375	make_password_from_salt()
	376	to OUT store resulting string here, 2*SHA1_HASH_SIZE+2 bytes
	377	salt IN password in salt format
	378	*/
	379
206 by Brian Aker Removed final uint dead types.	380	void make_password_from_salt(char to, const uint8_t hash_stage2)
1 by brian clean slate	381	{
	382	*to++= PVERSION41_CHAR;
	383	octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
	384	}