UNPKG

@scirexs/srp6a

Version:

SRP-6a (Secure Remote Password) implementation in TypeScript for browser and server.

github.com/scirexs/srp6a

scirexs/srp6a

322 lines (321 loc) 10.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
var _a; export { computeHash, CryptoNumber, generateSecureRandom, getDefaultConfig, SRPConfig }; import { GROUP_2048, SHA_256 } from "./constants.js"; // Works with Web Crypto API like brower, Node.js, Deno. const crypto = globalThis?.crypto; if (!crypto || !crypto.subtle) throw new Error("Could not find `globalThis.crypto` with Web Crypto API."); /** * Configuration class for SRP6a authentication protocol * Combines security group and hash settings to provide various parameters required for authentication */ class SRPConfig { #group; #hash; #prime; #generator; /** * Gets the prime number from the security group * @returns {CryptoNumber} Prime number value */ get prime() { return this.#prime; } /** * Gets the generator from the security group * @returns {CryptoNumber} Generator value */ get generator() { return this.#generator; } /** * Gets the bit length of the security group * @returns {number} Bit length */ get length() { return this.#group.length; } /** * Gets the multiplier from the security group * @returns {string} Multiplier value */ get multiplier() { return this.#group.multiplier; } /** * Gets the hash algorithm * @returns {HashAlgorithm} Hash algorithm */ get algorithm() { return this.#hash.algorithm; } /** * Gets the number of bytes in the hash value * @returns {number} Number of bytes in hash value */ get hashBytes() { return this.#hash.bytes; } /** * Gets the salt bit length * @returns {number} Salt bit length */ get salt() { return this.#hash.salt; } /** * Creates an instance of SRPConfig * @param {SRPSecurityGroup} group - Security group configuration * @param {SRPHashConfig} hash - Hash configuration */ constructor(group, hash) { this.#group = group; this.#hash = hash; CryptoNumber.PAD_LEN = Math.ceil(group.length / 4); // pad length as hex string this.#prime = new CryptoNumber(group.prime); this.#generator = new CryptoNumber(group.generator); } } /** * Gets the default SRP configuration * Returns default configuration using GROUP_2048 and SHA_256 * @returns {SRPConfig} Default SRP configuration */ function getDefaultConfig() { return new SRPConfig(GROUP_2048, SHA_256); } async function computeHash(num, config) { num = num instanceof CryptoNumber ? num.buf : num; return new CryptoNumber(new Uint8Array(await crypto.subtle.digest(config.algorithm, num))); } function generateSecureRandom(bytes) { const result = new Uint8Array(bytes); crypto.getRandomValues(result); return new CryptoNumber(result); } /** * Class representing numbers used in cryptographic operations * Manages numbers in three formats: bigint, hex string, and Uint8Array, * with lazy conversion performed as needed */ class CryptoNumber { /** Padding length for hex strings (no need to use) */ static PAD_LEN = 0; #int; #hex = ""; #buf; /** * Gets the number in bigint format (lazy evaluation) * @returns {bigint} Number in bigint format */ get int() { if (this.#int === undefined) this.#int = this.#deriveInt(); return this.#int; } /** * Gets the number in hex string format (lazy evaluation) * @returns {string} Number in hex string format */ get hex() { if (!this.#hex) this.#hex = this.#deriveHex(); return this.#hex; } /** * Gets the number in Uint8Array format (lazy evaluation) * @returns {Uint8Array} Number in Uint8Array format */ get buf() { if (!this.#buf) this.#buf = this.#deriveBuf(); return this.#buf; } /** * Creates an instance of CryptoNumber * @param {bigint | string | Uint8Array} value - Initial value (bigint, hex string, or Uint8Array) * @throws {Error} If PAD_LEN is not initialized */ constructor(value) { if (_a.PAD_LEN <= 0) throw new Error("PAD_BYTES must be initialized before use."); switch (typeof value) { case "bigint": this.#int = value; break; case "string": this.#hex = _a.#guardHex(value); break; case "object": this.#buf = value; break; } } /** * Returns a new CryptoNumber with hex string left-padded with zeros to the specified length * @param {number} [len] - Padding length (uses PAD_LEN if omitted) * @returns {CryptoNumber} New CryptoNumber with padded value */ pad(len) { return new _a(this.hex.padStart(len ?? _a.PAD_LEN, "0")); } /** * Clears the internal Uint8Array buffer by filling it with zeros * Used to securely erase sensitive data */ clear() { if (!this.#buf) return; this.#buf.fill(0); this.#buf = undefined; } /** Derives bigint from internal state */ #deriveInt() { return this.#hex ? this.#castHex2Int() : this.#castBuf2Int(); } /** Derives hex string from internal state */ #deriveHex() { const str = this.#buf ? this.#castBuf2Hex() : this.#castInt2Hex(); return _a.#guardHex(str); } /** Derives Uint8Array from internal state */ #deriveBuf() { return this.#hex ? this.#castHex2Buf() : this.#castInt2Buf(); } /** Converts bigint to hex string */ #castInt2Hex() { if (this.#int === undefined) _a.#castError(); return _a.#padHexString(this.#int.toString(16)); } /** Converts bigint to Uint8Array */ #castInt2Buf() { if (this.#int === undefined) _a.#castError(); return new Uint8Array(this.hex.match(/.{2}/g).map((x) => parseInt(x, 16))); } /** Converts hex string to bigint */ #castHex2Int() { if (!this.#hex) _a.#castError(); return BigInt(`0x${this.#hex}`); } /** Converts hex string to Uint8Array */ #castHex2Buf() { if (!this.#hex) _a.#castError(); return new Uint8Array(this.#hex.match(/.{2}/g).map((x) => parseInt(x, 16))); } /** Converts Uint8Array to bigint */ #castBuf2Int() { if (!this.#buf) _a.#castError(); return BigInt(`0x${this.hex}`); } /** Converts Uint8Array to hex string */ #castBuf2Hex() { if (!this.#buf) _a.#castError(); return Array.from(this.#buf) .map((x) => x.toString(16).padStart(2, "0")) .join(""); } /** Throws a conversion error */ static #castError() { throw new Error("Can't cast from empty."); } /** Validates and pads hex string */ static #guardHex(str) { if (!_a.#isValidHexString(str)) throw new Error("Contains invalid characters as hexadecimal."); return _a.#padHexString(str); } /** Checks if string is a valid hex string */ static #isValidHexString(str) { return /^[0-9a-fA-F]+$/.test(str); } /** Pads hex string to even length */ static #padHexString(str) { return str.length % 2 === 0 ? str : "0" + str; } /** * Efficiently calculates modular exponentiation (base^pow mod mod) * @param {CryptoNumber | bigint} base - Base value * @param {CryptoNumber | bigint} pow - Exponent value * @param {CryptoNumber} mod - Modulus value * @returns {CryptoNumber} Result of modular exponentiation * @throws {Error} If arguments are invalid */ static modPow(base, pow, mod) { base = typeof base === "object" ? base.int : base; pow = typeof pow === "object" ? pow.int : pow; if (base < 0n) throw new Error(`Invalid base: ${base.toString()}`); if (pow < 0n) throw new Error(`Invalid power: ${pow.toString()}`); if (mod.int < 1n) throw new Error(`Invalid modulo: ${mod.int.toString()}`); let result = 1n; base = base % mod.int; while (pow > 0n) { if (pow % 2n === 1n) result = (result * base) % mod.int; base = (base * base) % mod.int; pow /= 2n; } return new _a(result); } /** * Concatenates multiple CryptoNumber buffers * @param {...CryptoNumber} nums - CryptoNumbers to concatenate * @returns {CryptoNumber} Concatenated CryptoNumber */ static concat(...nums) { const len = nums.reduce((sum, num) => sum + num.buf.length, 0); const result = new Uint8Array(len); let offset = 0; for (const num of nums) { result.set(num.buf, offset); offset += num.buf.length; } return new _a(result); } /** * Performs XOR operation on two CryptoNumbers * @param {CryptoNumber} a - First operand * @param {CryptoNumber} b - Second operand * @returns {CryptoNumber} XOR operation result * @throws {Error} If buffer lengths differ */ static xor(a, b) { if (a.buf.length !== b.buf.length) throw new Error("Uint8Array length must be same."); const aBuf = a.buf; const bBuf = b.buf; const result = new Uint8Array(aBuf.length); for (let i = 0; i < aBuf.length; i++) { result[i] = aBuf[i] ^ bBuf[i]; } return new _a(result); } /** * Compares two CryptoNumbers in constant time * Used to prevent timing attacks * @param {CryptoNumber} a - First comparison target * @param {CryptoNumber} b - Second comparison target * @returns {boolean} True if values are equal */ static compare(a, b) { const aBuf = a.buf; const bBuf = b.buf; const len = Math.max(aBuf.length, bBuf.length); let result = aBuf.length ^ bBuf.length; for (let i = 0; i < len; i++) { const aVal = i < aBuf.length ? aBuf[i] : 0; const bVal = i < bBuf.length ? bBuf[i] : 0; result |= aVal ^ bVal; } return result === 0; } } _a = CryptoNumber;