diff --git a/.github/workflows/integrations.yml b/.github/workflows/integrations.yml index 3a4418d..42df30e 100644 --- a/.github/workflows/integrations.yml +++ b/.github/workflows/integrations.yml @@ -24,7 +24,7 @@ jobs: run: | # curl -L https://ziglang.org/download/ > page.xml # ZIG_VERSION=$(cat page.xml | tidy -html 2> /dev/null | grep zig-linux-x86_64 | head -n 1 | cut -d '-' -f 4,5 | cut -d '.' -f 1,2,3,4) - ZIG_VERSION=0.12.0-dev.1390+94cee4fb2 + ZIG_VERSION=0.12.0-dev.1642+5f8641401 echo "zig version: $ZIG_VERSION" wget https://ziglang.org/builds/zig-linux-x86_64-$ZIG_VERSION.tar.xz tar xf zig-linux-x86_64-$ZIG_VERSION.tar.xz diff --git a/src/auth.zig b/src/auth.zig index 3436bc7..230dfb5 100644 --- a/src/auth.zig +++ b/src/auth.zig @@ -35,10 +35,7 @@ pub const caching_sha2_password_full_authentication_start = 0x04; pub const DecodedPublicKey = struct { allocated: []const u8, - value: struct { - modulus: []const u8, - exponent: []const u8, - }, + value: std.crypto.Certificate.rsa.PublicKey, pub fn deinit(d: *const DecodedPublicKey, allocator: std.mem.Allocator) void { allocator.free(d.allocated); @@ -86,7 +83,7 @@ pub fn decodePublicKey(encoded_bytes: []const u8, allocator: std.mem.Allocator) }; const pk_decoded = try std.crypto.Certificate.rsa.PublicKey.parseDer(bitstring); - decoded_pk.value = .{ .modulus = pk_decoded.modulus, .exponent = pk_decoded.exponent }; + decoded_pk.value = try std.crypto.Certificate.rsa.PublicKey.fromBytes(pk_decoded.exponent, pk_decoded.modulus); return decoded_pk; } diff --git a/src/conn.zig b/src/conn.zig index cd31347..e0e01cc 100644 --- a/src/conn.zig +++ b/src/conn.zig @@ -205,16 +205,21 @@ pub const Conn = struct { auth.caching_sha2_password_full_authentication_start => { // Full Authentication start + // TODO: support TLS + // // if TLS, send password as plain text + // try conn.sendBytesAsPacket(config.password); + + // Request public key from server try conn.sendBytesAsPacket(&[_]u8{auth.caching_sha2_password_public_key_request}); const pk_packet = try conn.readPacket(allocator); defer pk_packet.deinit(allocator); + // Decode public key const pub_key = try auth.decodePublicKey(pk_packet.payload, allocator); defer pub_key.deinit(allocator); - // TODO: support TLS - // // if TLS, send password as plain text - // try conn.sendBytesAsPacket(config.password); + // Encrypt password with public key + // TODO const auth_resp = try generate_auth_response(.sha256_password, &auth_data, config.password); try conn.sendBytesAsPacket(auth_resp.get()); @@ -236,8 +241,6 @@ pub const Conn = struct { else => return packet.asError(conn.client_capabilities), } } - - // Server ack } fn sendPacketUsingSmallPacketWriter(conn: *Conn, packet: anytype) !void {