aws-cognito-srp-client
Version:
SRP Client for AWS Cognito UserPools SRP Auth Flow
101 lines (100 loc) • 4 kB
JavaScript
import bigInt from "./bigInteger";
import { computehkdf, hash, hexHash, padHex, randomValue, computeSignature } from "./cryptoUtils";
import encBase64 from "crypto-js/enc-base64";
import encHex from "crypto-js/enc-hex";
import encUtf8 from "crypto-js/enc-utf8";
var initN = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" +
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" +
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" +
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" +
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" +
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" +
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" +
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" +
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" +
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" +
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" +
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
var Srp = /** @class */ (function () {
function Srp(poolId) {
this.g = bigInt("2", 16);
this.N = bigInt(initN, 16);
this.k = bigInt(hexHash(padHex(this.N) + padHex(this.g)), 16);
this.poolName = poolId.split("_")[1];
}
Srp.prototype.getA = function () {
this.a = randomValue(128);
this.A = this.g.modPow(this.a, this.N);
if (this.A.mod(this.N).isZero()) {
new Error("Illegal paramater. A mod N cannot be 0.");
}
return this.A.toString(16);
};
Srp.prototype.getSignature = function (username, strB, strSalt, secretBlock, password) {
var B = bigInt(strB, 16);
if (B.mod(this.N).isZero()) {
new Error("Illegal paramater. B mod N cannot be 0.");
}
var salt = bigInt(strSalt, 16);
var U = bigInt(hexHash(padHex(this.A) + padHex(B)), 16);
if (U.isZero()) {
throw new Error("U cannot be zero.");
}
var usernamePasswordHash = hash(encUtf8.parse(this.poolName + username + ":" + password));
var x = bigInt(hexHash(padHex(salt) + usernamePasswordHash), 16);
var S = B.subtract(this.k.multiply(this.g.modPow(x, this.N))).modPow(this.a.add(U.multiply(x)), this.N);
var paddedS = padHex(S);
var hkdf = computehkdf(encHex.parse(paddedS), encHex.parse(padHex(U)));
var timestamp = getNowString();
var message = encUtf8
.parse(this.poolName)
.concat(encUtf8.parse(username))
.concat(encBase64.parse(secretBlock))
.concat(encUtf8.parse(timestamp));
var signature = computeSignature(message, hkdf);
return { timestamp: timestamp, signature: signature };
};
return Srp;
}());
export default Srp;
var getNowString = function () {
var now = new Date();
var monthNames = [
"Jan",
"Feb",
"Mar",
"Apr",
"May",
"Jun",
"Jul",
"Aug",
"Sep",
"Oct",
"Nov",
"Dec"
];
var weekNames = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
var weekDay = weekNames[now.getUTCDay()];
var month = monthNames[now.getUTCMonth()];
var day = now.getUTCDate();
var hours = now.getUTCHours();
if (hours < 10) {
hours = "0".concat(hours);
}
var minutes = now.getUTCMinutes();
if (minutes < 10) {
minutes = "0".concat(minutes);
}
var seconds = now.getUTCSeconds();
if (seconds < 10) {
seconds = "0".concat(seconds);
}
var year = now.getUTCFullYear();
// ddd MMM D HH:mm:ss UTC YYYY
var dateNow = "".concat(weekDay, " ").concat(month, " ").concat(day, " ").concat(hours, ":").concat(minutes, ":").concat(seconds, " UTC ").concat(year);
return dateNow;
};