1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 |
|
16 |
|
17 | import { Buffer } from 'buffer';
|
18 | import CryptoJS from 'crypto-js/core';
|
19 | import 'crypto-js/lib-typedarrays';
|
20 |
|
21 | import SHA256 from 'crypto-js/sha256';
|
22 | import HmacSHA256 from 'crypto-js/hmac-sha256';
|
23 |
|
24 | var randomBytes = function randomBytes(nBytes) {
|
25 | return Buffer.from(CryptoJS.lib.WordArray.random(nBytes).toString(), 'hex');
|
26 | };
|
27 |
|
28 | import BigInteger from './BigInteger';
|
29 | var initN = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1' + '29024E088A67CC74020BBEA63B139B22514A08798E3404DD' + 'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245' + 'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' + 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D' + 'C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F' + '83655D23DCA3AD961C62F356208552BB9ED529077096966D' + '670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' + 'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9' + 'DE2BCBF6955817183995497CEA956AE515D2261898FA0510' + '15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64' + 'ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' + 'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B' + 'F12FFA06D98A0864D87602733EC86A64521F2B18177B200C' + 'BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31' + '43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF';
|
30 | var newPasswordRequiredChallengeUserAttributePrefix = 'userAttributes.';
|
31 |
|
32 |
|
33 | var AuthenticationHelper = function () {
|
34 | |
35 |
|
36 |
|
37 |
|
38 | function AuthenticationHelper(PoolName) {
|
39 | this.N = new BigInteger(initN, 16);
|
40 | this.g = new BigInteger('2', 16);
|
41 | this.k = new BigInteger(this.hexHash("00" + this.N.toString(16) + "0" + this.g.toString(16)), 16);
|
42 | this.smallAValue = this.generateRandomSmallA();
|
43 | this.getLargeAValue(function () {});
|
44 | this.infoBits = Buffer.from('Caldera Derived Key', 'utf8');
|
45 | this.poolName = PoolName;
|
46 | }
|
47 | |
48 |
|
49 |
|
50 |
|
51 |
|
52 | var _proto = AuthenticationHelper.prototype;
|
53 |
|
54 | _proto.getSmallAValue = function getSmallAValue() {
|
55 | return this.smallAValue;
|
56 | }
|
57 | |
58 |
|
59 |
|
60 |
|
61 | ;
|
62 |
|
63 | _proto.getLargeAValue = function getLargeAValue(callback) {
|
64 | var _this = this;
|
65 |
|
66 | if (this.largeAValue) {
|
67 | callback(null, this.largeAValue);
|
68 | } else {
|
69 | this.calculateA(this.smallAValue, function (err, largeAValue) {
|
70 | if (err) {
|
71 | callback(err, null);
|
72 | }
|
73 |
|
74 | _this.largeAValue = largeAValue;
|
75 | callback(null, _this.largeAValue);
|
76 | });
|
77 | }
|
78 | }
|
79 | |
80 |
|
81 |
|
82 |
|
83 |
|
84 | ;
|
85 |
|
86 | _proto.generateRandomSmallA = function generateRandomSmallA() {
|
87 | var hexRandom = randomBytes(128).toString('hex');
|
88 | var randomBigInt = new BigInteger(hexRandom, 16);
|
89 | var smallABigInt = randomBigInt.mod(this.N);
|
90 | return smallABigInt;
|
91 | }
|
92 | |
93 |
|
94 |
|
95 |
|
96 |
|
97 | ;
|
98 |
|
99 | _proto.generateRandomString = function generateRandomString() {
|
100 | return randomBytes(40).toString('base64');
|
101 | }
|
102 | |
103 |
|
104 |
|
105 | ;
|
106 |
|
107 | _proto.getRandomPassword = function getRandomPassword() {
|
108 | return this.randomPassword;
|
109 | }
|
110 | |
111 |
|
112 |
|
113 | ;
|
114 |
|
115 | _proto.getSaltDevices = function getSaltDevices() {
|
116 | return this.SaltToHashDevices;
|
117 | }
|
118 | |
119 |
|
120 |
|
121 | ;
|
122 |
|
123 | _proto.getVerifierDevices = function getVerifierDevices() {
|
124 | return this.verifierDevices;
|
125 | }
|
126 | |
127 |
|
128 |
|
129 |
|
130 |
|
131 |
|
132 |
|
133 | ;
|
134 |
|
135 | _proto.generateHashDevice = function generateHashDevice(deviceGroupKey, username, callback) {
|
136 | var _this2 = this;
|
137 |
|
138 | this.randomPassword = this.generateRandomString();
|
139 | var combinedString = "" + deviceGroupKey + username + ":" + this.randomPassword;
|
140 | var hashedString = this.hash(combinedString);
|
141 | var hexRandom = randomBytes(16).toString('hex');
|
142 | this.SaltToHashDevices = this.padHex(new BigInteger(hexRandom, 16));
|
143 | this.g.modPow(new BigInteger(this.hexHash(this.SaltToHashDevices + hashedString), 16), this.N, function (err, verifierDevicesNotPadded) {
|
144 | if (err) {
|
145 | callback(err, null);
|
146 | }
|
147 |
|
148 | _this2.verifierDevices = _this2.padHex(verifierDevicesNotPadded);
|
149 | callback(null, null);
|
150 | });
|
151 | }
|
152 | |
153 |
|
154 |
|
155 |
|
156 |
|
157 |
|
158 |
|
159 |
|
160 | ;
|
161 |
|
162 | _proto.calculateA = function calculateA(a, callback) {
|
163 | var _this3 = this;
|
164 |
|
165 | this.g.modPow(a, this.N, function (err, A) {
|
166 | if (err) {
|
167 | callback(err, null);
|
168 | }
|
169 |
|
170 | if (A.mod(_this3.N).equals(BigInteger.ZERO)) {
|
171 | callback(new Error('Illegal paramater. A mod N cannot be 0.'), null);
|
172 | }
|
173 |
|
174 | callback(null, A);
|
175 | });
|
176 | }
|
177 | |
178 |
|
179 |
|
180 |
|
181 |
|
182 |
|
183 |
|
184 | ;
|
185 |
|
186 | _proto.calculateU = function calculateU(A, B) {
|
187 | this.UHexHash = this.hexHash(this.padHex(A) + this.padHex(B));
|
188 | var finalU = new BigInteger(this.UHexHash, 16);
|
189 | return finalU;
|
190 | }
|
191 | |
192 |
|
193 |
|
194 |
|
195 |
|
196 |
|
197 | ;
|
198 |
|
199 | _proto.hash = function hash(buf) {
|
200 | var str = buf instanceof Buffer ? CryptoJS.lib.WordArray.create(buf) : buf;
|
201 | var hashHex = SHA256(str).toString();
|
202 | return new Array(64 - hashHex.length).join('0') + hashHex;
|
203 | }
|
204 | |
205 |
|
206 |
|
207 |
|
208 |
|
209 |
|
210 | ;
|
211 |
|
212 | _proto.hexHash = function hexHash(hexStr) {
|
213 | return this.hash(Buffer.from(hexStr, 'hex'));
|
214 | }
|
215 | |
216 |
|
217 |
|
218 |
|
219 |
|
220 |
|
221 |
|
222 | ;
|
223 |
|
224 | _proto.computehkdf = function computehkdf(ikm, salt) {
|
225 | var infoBitsWordArray = CryptoJS.lib.WordArray.create(Buffer.concat([this.infoBits, Buffer.from(String.fromCharCode(1), 'utf8')]));
|
226 | var ikmWordArray = ikm instanceof Buffer ? CryptoJS.lib.WordArray.create(ikm) : ikm;
|
227 | var saltWordArray = salt instanceof Buffer ? CryptoJS.lib.WordArray.create(salt) : salt;
|
228 | var prk = HmacSHA256(ikmWordArray, saltWordArray);
|
229 | var hmac = HmacSHA256(infoBitsWordArray, prk);
|
230 | return Buffer.from(hmac.toString(), 'hex').slice(0, 16);
|
231 | }
|
232 | |
233 |
|
234 |
|
235 |
|
236 |
|
237 |
|
238 |
|
239 |
|
240 |
|
241 | ;
|
242 |
|
243 | _proto.getPasswordAuthenticationKey = function getPasswordAuthenticationKey(username, password, serverBValue, salt, callback) {
|
244 | var _this4 = this;
|
245 |
|
246 | if (serverBValue.mod(this.N).equals(BigInteger.ZERO)) {
|
247 | throw new Error('B cannot be zero.');
|
248 | }
|
249 |
|
250 | this.UValue = this.calculateU(this.largeAValue, serverBValue);
|
251 |
|
252 | if (this.UValue.equals(BigInteger.ZERO)) {
|
253 | throw new Error('U cannot be zero.');
|
254 | }
|
255 |
|
256 | var usernamePassword = "" + this.poolName + username + ":" + password;
|
257 | var usernamePasswordHash = this.hash(usernamePassword);
|
258 | var xValue = new BigInteger(this.hexHash(this.padHex(salt) + usernamePasswordHash), 16);
|
259 | this.calculateS(xValue, serverBValue, function (err, sValue) {
|
260 | if (err) {
|
261 | callback(err, null);
|
262 | }
|
263 |
|
264 | var hkdf = _this4.computehkdf(Buffer.from(_this4.padHex(sValue), 'hex'), Buffer.from(_this4.padHex(_this4.UValue.toString(16)), 'hex'));
|
265 |
|
266 | callback(null, hkdf);
|
267 | });
|
268 | }
|
269 | |
270 |
|
271 |
|
272 |
|
273 |
|
274 |
|
275 |
|
276 | ;
|
277 |
|
278 | _proto.calculateS = function calculateS(xValue, serverBValue, callback) {
|
279 | var _this5 = this;
|
280 |
|
281 | this.g.modPow(xValue, this.N, function (err, gModPowXN) {
|
282 | if (err) {
|
283 | callback(err, null);
|
284 | }
|
285 |
|
286 | var intValue2 = serverBValue.subtract(_this5.k.multiply(gModPowXN));
|
287 | intValue2.modPow(_this5.smallAValue.add(_this5.UValue.multiply(xValue)), _this5.N, function (err2, result) {
|
288 | if (err2) {
|
289 | callback(err2, null);
|
290 | }
|
291 |
|
292 | callback(null, result.mod(_this5.N));
|
293 | });
|
294 | });
|
295 | }
|
296 | |
297 |
|
298 |
|
299 |
|
300 | ;
|
301 |
|
302 | _proto.getNewPasswordRequiredChallengeUserAttributePrefix = function getNewPasswordRequiredChallengeUserAttributePrefix() {
|
303 | return newPasswordRequiredChallengeUserAttributePrefix;
|
304 | }
|
305 | |
306 |
|
307 |
|
308 |
|
309 |
|
310 | ;
|
311 |
|
312 | _proto.padHex = function padHex(bigInt) {
|
313 | var hashStr = bigInt.toString(16);
|
314 |
|
315 | if (hashStr.length % 2 === 1) {
|
316 | hashStr = "0" + hashStr;
|
317 | } else if ('89ABCDEFabcdef'.indexOf(hashStr[0]) !== -1) {
|
318 | hashStr = "00" + hashStr;
|
319 | }
|
320 |
|
321 | return hashStr;
|
322 | };
|
323 |
|
324 | return AuthenticationHelper;
|
325 | }();
|
326 |
|
327 | export { AuthenticationHelper as default }; |
\ | No newline at end of file |