aws-cognito-srp-client
Version:
SRP Client for AWS Cognito UserPools SRP Auth Flow
105 lines (104 loc) • 4.12 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.computeSignature = exports.computehkdf = exports.randomValue = exports.hexHash = exports.hash = exports.padHex = void 0;
var tslib_1 = require("tslib");
var bigInteger_1 = (0, tslib_1.__importDefault)(require("./bigInteger"));
var sha256_1 = (0, tslib_1.__importDefault)(require("crypto-js/sha256"));
var hmac_sha256_1 = (0, tslib_1.__importDefault)(require("crypto-js/hmac-sha256"));
var enc_base64_1 = (0, tslib_1.__importDefault)(require("crypto-js/enc-base64"));
var enc_hex_1 = (0, tslib_1.__importDefault)(require("crypto-js/enc-hex"));
var enc_utf8_1 = (0, tslib_1.__importDefault)(require("crypto-js/enc-utf8"));
var polyFillCrypto = function () {
// Native crypto from window (Browser)
if (typeof window !== "undefined" && window.crypto) {
return window.crypto;
}
// Native (experimental IE 11) crypto from window (Browser)
// @ts-expect-error window in IE11 contains msCrypto
if (typeof window !== "undefined" && window.msCrypto) {
// @ts-expect-error window in IE11 contains msCrypto
return window.msCrypto;
}
// @ts-expect-error require is present in node env
if (typeof require === "function") {
// @ts-expect-error require is present in node env
// eslint-disable-next-line @typescript-eslint/no-var-requires
return require("crypto").webcrypto;
}
};
var crypto = polyFillCrypto();
var padHex = function (bigInteger) {
var hashStr = bigInteger.toString(16);
if (hashStr.length % 2 === 1) {
hashStr = "0".concat(hashStr);
}
else if ("89ABCDEFabcdef".indexOf(hashStr[0]) !== -1) {
hashStr = "00".concat(hashStr);
}
return hashStr;
};
exports.padHex = padHex;
var hash = function (str) {
var hashHex = (0, sha256_1.default)(str).toString();
return new Array(64 - hashHex.length).join("0") + hashHex;
};
exports.hash = hash;
var hexHash = function (hexStr) {
return (0, exports.hash)(enc_hex_1.default.parse(hexStr));
};
exports.hexHash = hexHash;
var getRandomIntFromNativeCrypto = function () {
if (crypto) {
// Use getRandomValues method (Browser)
if (typeof crypto.getRandomValues === "function") {
try {
return crypto.getRandomValues(new Uint32Array(1))[0];
}
catch (err) {
// dont do anything here
}
}
// Use randomBytes method (NodeJS)
//@ts-expect-error nativeCrypto in NodeJs has randomBytes
if (typeof crypto.randomBytes === "function") {
try {
//@ts-expect-error nativeCrypto in NodeJs has randomBytes
return crypto.randomBytes(4).readInt32LE();
}
catch (err) {
// dont do anything here
}
}
}
throw new Error("Native crypto module could not be used to get secure random number.");
};
var randomValue = function (nBytes) {
var words = [];
for (var i = 0; i < nBytes; i += 4) {
words.push(getRandomIntFromNativeCrypto());
}
// Convert
var hexChars = [];
for (var i = 0; i < nBytes; i++) {
var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
hexChars.push((bite >>> 4).toString(16));
hexChars.push((bite & 0x0f).toString(16));
}
var hexRandom = hexChars.join("");
var randomInt = (0, bigInteger_1.default)(hexRandom, 16);
return randomInt;
};
exports.randomValue = randomValue;
var computehkdf = function (ikm, salt) {
var infoBits = enc_utf8_1.default
.parse("Caldera Derived Key")
.concat(enc_utf8_1.default.parse(String.fromCharCode(1)));
var prk = (0, hmac_sha256_1.default)(ikm, salt);
var hmac = (0, hmac_sha256_1.default)(infoBits, prk);
return enc_hex_1.default.parse(hmac.toString().slice(0, 32));
};
exports.computehkdf = computehkdf;
var computeSignature = function (message, key) {
return enc_base64_1.default.stringify((0, hmac_sha256_1.default)(message, key));
};
exports.computeSignature = computeSignature;