Change parameter name for clarity and update documentation.

bgrainger · bgrainger · commit 2aea924edfd6 · 2024-07-27T21:49:08.000-07:00
Signed-off-by: Bradley Grainger &lt;bgrainger@gmail.com&gt;
diff --git a/src/MySqlConnector/Core/ServerSession.cs b/src/MySqlConnector/Core/ServerSession.cs
@@ -624,7 +624,7 @@ private bool ValidateFingerprint(byte[]? validationHash, ReadOnlySpan<byte> chal
 		switch (m_pluginName)
 		{
 			case "mysql_native_password":
-				passwordHashResult = AuthenticationUtility.HashPassword([], password, false);
+				passwordHashResult = AuthenticationUtility.HashPassword([], password, onlyHashPassword: true);
 				break;
 
 			case "client_ed25519":
diff --git a/src/MySqlConnector/Protocol/Serialization/AuthenticationUtility.cs b/src/MySqlConnector/Protocol/Serialization/AuthenticationUtility.cs
@@ -25,20 +25,22 @@ public static byte[] GetNullTerminatedPasswordBytes(string password)
 	}
 
 	public static byte[] CreateAuthenticationResponse(ReadOnlySpan<byte> challenge, string password) =>
-		string.IsNullOrEmpty(password) ? [] : HashPassword(challenge, password, true);
+		string.IsNullOrEmpty(password) ? [] : HashPassword(challenge, password, false);
 
 	/// <summary>
 	/// Hashes a password with the "Secure Password Authentication" method.
 	/// </summary>
 	/// <param name="challenge">The 20-byte random challenge (from the "auth-plugin-data" in the initial handshake).</param>
 	/// <param name="password">The password to hash.</param>
-	/// <param name="withXor">must xor results.</param>
+	/// <param name="onlyHashPassword">If true, <paramref name="challenge"/> is ignored and only the twice-hashed password
+	/// is returned, instead of performing the full "secure password authentication" algorithm that XORs the hashed password against
+	/// a hash derived from the challenge.</param>
 	/// <returns>A 20-byte password hash.</returns>
 	/// <remarks>See <a href="https://dev.mysql.com/doc/internals/en/secure-password-authentication.html">Secure Password Authentication</a>.</remarks>
 #if NET5_0_OR_GREATER
 	[SkipLocalsInit]
 #endif
-	public static byte[] HashPassword(ReadOnlySpan<byte> challenge, string password, bool withXor)
+	public static byte[] HashPassword(ReadOnlySpan<byte> challenge, string password, bool onlyHashPassword)
 	{
 #if !NET5_0_OR_GREATER
 		using var sha1 = SHA1.Create();
@@ -56,7 +58,7 @@ public static byte[] HashPassword(ReadOnlySpan<byte> challenge, string password,
 		sha1.TryComputeHash(passwordBytes, hashedPassword, out _);
 		sha1.TryComputeHash(hashedPassword, combined[20..], out _);
 #endif
-		if (!withXor)
+		if (onlyHashPassword)
 			return combined[20..].ToArray();
 
 		challenge[..20].CopyTo(combined);

Original file line number	Diff line number	Diff line change
`@@ -624,7 +624,7 @@ private bool ValidateFingerprint(byte[]? validationHash, ReadOnlySpan<byte> chal`
`624`	`624`	`switch (m_pluginName)`
`625`	`625`	`{`
`626`	`626`	`case "mysql_native_password":`
`627`		`- passwordHashResult = AuthenticationUtility.HashPassword([], password, false);`
	`627`	`+ passwordHashResult = AuthenticationUtility.HashPassword([], password, onlyHashPassword: true);`
`628`	`628`	`break;`
`629`	`629`
`630`	`630`	`case "client_ed25519":`