UNPKG

aws-cognito-srp-client

Version:

SRP Client for AWS Cognito UserPools SRP Auth Flow

105 lines (104 loc) 4.12 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.computeSignature = exports.computehkdf = exports.randomValue = exports.hexHash = exports.hash = exports.padHex = void 0; var tslib_1 = require("tslib"); var bigInteger_1 = (0, tslib_1.__importDefault)(require("./bigInteger")); var sha256_1 = (0, tslib_1.__importDefault)(require("crypto-js/sha256")); var hmac_sha256_1 = (0, tslib_1.__importDefault)(require("crypto-js/hmac-sha256")); var enc_base64_1 = (0, tslib_1.__importDefault)(require("crypto-js/enc-base64")); var enc_hex_1 = (0, tslib_1.__importDefault)(require("crypto-js/enc-hex")); var enc_utf8_1 = (0, tslib_1.__importDefault)(require("crypto-js/enc-utf8")); var polyFillCrypto = function () { // Native crypto from window (Browser) if (typeof window !== "undefined" && window.crypto) { return window.crypto; } // Native (experimental IE 11) crypto from window (Browser) // @ts-expect-error window in IE11 contains msCrypto if (typeof window !== "undefined" && window.msCrypto) { // @ts-expect-error window in IE11 contains msCrypto return window.msCrypto; } // @ts-expect-error require is present in node env if (typeof require === "function") { // @ts-expect-error require is present in node env // eslint-disable-next-line @typescript-eslint/no-var-requires return require("crypto").webcrypto; } }; var crypto = polyFillCrypto(); var padHex = function (bigInteger) { var hashStr = bigInteger.toString(16); if (hashStr.length % 2 === 1) { hashStr = "0".concat(hashStr); } else if ("89ABCDEFabcdef".indexOf(hashStr[0]) !== -1) { hashStr = "00".concat(hashStr); } return hashStr; }; exports.padHex = padHex; var hash = function (str) { var hashHex = (0, sha256_1.default)(str).toString(); return new Array(64 - hashHex.length).join("0") + hashHex; }; exports.hash = hash; var hexHash = function (hexStr) { return (0, exports.hash)(enc_hex_1.default.parse(hexStr)); }; exports.hexHash = hexHash; var getRandomIntFromNativeCrypto = function () { if (crypto) { // Use getRandomValues method (Browser) if (typeof crypto.getRandomValues === "function") { try { return crypto.getRandomValues(new Uint32Array(1))[0]; } catch (err) { // dont do anything here } } // Use randomBytes method (NodeJS) //@ts-expect-error nativeCrypto in NodeJs has randomBytes if (typeof crypto.randomBytes === "function") { try { //@ts-expect-error nativeCrypto in NodeJs has randomBytes return crypto.randomBytes(4).readInt32LE(); } catch (err) { // dont do anything here } } } throw new Error("Native crypto module could not be used to get secure random number."); }; var randomValue = function (nBytes) { var words = []; for (var i = 0; i < nBytes; i += 4) { words.push(getRandomIntFromNativeCrypto()); } // Convert var hexChars = []; for (var i = 0; i < nBytes; i++) { var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff; hexChars.push((bite >>> 4).toString(16)); hexChars.push((bite & 0x0f).toString(16)); } var hexRandom = hexChars.join(""); var randomInt = (0, bigInteger_1.default)(hexRandom, 16); return randomInt; }; exports.randomValue = randomValue; var computehkdf = function (ikm, salt) { var infoBits = enc_utf8_1.default .parse("Caldera Derived Key") .concat(enc_utf8_1.default.parse(String.fromCharCode(1))); var prk = (0, hmac_sha256_1.default)(ikm, salt); var hmac = (0, hmac_sha256_1.default)(infoBits, prk); return enc_hex_1.default.parse(hmac.toString().slice(0, 32)); }; exports.computehkdf = computehkdf; var computeSignature = function (message, key) { return enc_base64_1.default.stringify((0, hmac_sha256_1.default)(message, key)); }; exports.computeSignature = computeSignature;