in public/amazon-cognito-identity.js [2709:3027]
var AuthenticationHelper = function () {
/**
* Constructs a new AuthenticationHelper object
* @param {string} PoolName Cognito user pool name.
*/
function AuthenticationHelper(PoolName) {
_classCallCheck(this, AuthenticationHelper);
this.N = new __WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */](initN, 16);
this.g = new __WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */]('2', 16);
this.k = new __WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */](this.hexHash('00' + this.N.toString(16) + '0' + this.g.toString(16)), 16);
this.smallAValue = this.generateRandomSmallA();
this.getLargeAValue(function () {});
this.infoBits = __WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"].from('Caldera Derived Key', 'utf8');
this.poolName = PoolName;
}
/**
* @returns {BigInteger} small A, a random number
*/
AuthenticationHelper.prototype.getSmallAValue = function getSmallAValue() {
return this.smallAValue;
};
/**
* @param {nodeCallback<BigInteger>} callback Called with (err, largeAValue)
* @returns {void}
*/
AuthenticationHelper.prototype.getLargeAValue = function getLargeAValue(callback) {
var _this = this;
if (this.largeAValue) {
callback(null, this.largeAValue);
} else {
this.calculateA(this.smallAValue, function (err, largeAValue) {
if (err) {
callback(err, null);
}
_this.largeAValue = largeAValue;
callback(null, _this.largeAValue);
});
}
};
/**
* helper function to generate a random big integer
* @returns {BigInteger} a random value.
* @private
*/
AuthenticationHelper.prototype.generateRandomSmallA = function generateRandomSmallA() {
var hexRandom = randomBytes(128).toString('hex');
var randomBigInt = new __WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */](hexRandom, 16);
var smallABigInt = randomBigInt.mod(this.N);
return smallABigInt;
};
/**
* helper function to generate a random string
* @returns {string} a random value.
* @private
*/
AuthenticationHelper.prototype.generateRandomString = function generateRandomString() {
return randomBytes(40).toString('base64');
};
/**
* @returns {string} Generated random value included in password hash.
*/
AuthenticationHelper.prototype.getRandomPassword = function getRandomPassword() {
return this.randomPassword;
};
/**
* @returns {string} Generated random value included in devices hash.
*/
AuthenticationHelper.prototype.getSaltDevices = function getSaltDevices() {
return this.SaltToHashDevices;
};
/**
* @returns {string} Value used to verify devices.
*/
AuthenticationHelper.prototype.getVerifierDevices = function getVerifierDevices() {
return this.verifierDevices;
};
/**
* Generate salts and compute verifier.
* @param {string} deviceGroupKey Devices to generate verifier for.
* @param {string} username User to generate verifier for.
* @param {nodeCallback<null>} callback Called with (err, null)
* @returns {void}
*/
AuthenticationHelper.prototype.generateHashDevice = function generateHashDevice(deviceGroupKey, username, callback) {
var _this2 = this;
this.randomPassword = this.generateRandomString();
var combinedString = '' + deviceGroupKey + username + ':' + this.randomPassword;
var hashedString = this.hash(combinedString);
var hexRandom = randomBytes(16).toString('hex');
this.SaltToHashDevices = this.padHex(new __WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */](hexRandom, 16));
this.g.modPow(new __WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */](this.hexHash(this.SaltToHashDevices + hashedString), 16), this.N, function (err, verifierDevicesNotPadded) {
if (err) {
callback(err, null);
}
_this2.verifierDevices = _this2.padHex(verifierDevicesNotPadded);
callback(null, null);
});
};
/**
* Calculate the client's public value A = g^a%N
* with the generated random number a
* @param {BigInteger} a Randomly generated small A.
* @param {nodeCallback<BigInteger>} callback Called with (err, largeAValue)
* @returns {void}
* @private
*/
AuthenticationHelper.prototype.calculateA = function calculateA(a, callback) {
var _this3 = this;
this.g.modPow(a, this.N, function (err, A) {
if (err) {
callback(err, null);
}
if (A.mod(_this3.N).equals(__WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */].ZERO)) {
callback(new Error('Illegal paramater. A mod N cannot be 0.'), null);
}
callback(null, A);
});
};
/**
* Calculate the client's value U which is the hash of A and B
* @param {BigInteger} A Large A value.
* @param {BigInteger} B Server B value.
* @returns {BigInteger} Computed U value.
* @private
*/
AuthenticationHelper.prototype.calculateU = function calculateU(A, B) {
this.UHexHash = this.hexHash(this.padHex(A) + this.padHex(B));
var finalU = new __WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */](this.UHexHash, 16);
return finalU;
};
/**
* Calculate a hash from a bitArray
* @param {Buffer} buf Value to hash.
* @returns {String} Hex-encoded hash.
* @private
*/
AuthenticationHelper.prototype.hash = function hash(buf) {
var str = buf instanceof __WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"] ? __WEBPACK_IMPORTED_MODULE_1_crypto_js_core___default.a.lib.WordArray.create(buf) : buf;
var hashHex = __WEBPACK_IMPORTED_MODULE_3_crypto_js_sha256___default()(str).toString();
return new Array(64 - hashHex.length).join('0') + hashHex;
};
/**
* Calculate a hash from a hex string
* @param {String} hexStr Value to hash.
* @returns {String} Hex-encoded hash.
* @private
*/
AuthenticationHelper.prototype.hexHash = function hexHash(hexStr) {
return this.hash(__WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"].from(hexStr, 'hex'));
};
/**
* Standard hkdf algorithm
* @param {Buffer} ikm Input key material.
* @param {Buffer} salt Salt value.
* @returns {Buffer} Strong key material.
* @private
*/
AuthenticationHelper.prototype.computehkdf = function computehkdf(ikm, salt) {
var infoBitsWordArray = __WEBPACK_IMPORTED_MODULE_1_crypto_js_core___default.a.lib.WordArray.create(__WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"].concat([this.infoBits, __WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"].from(String.fromCharCode(1), 'utf8')]));
var ikmWordArray = ikm instanceof __WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"] ? __WEBPACK_IMPORTED_MODULE_1_crypto_js_core___default.a.lib.WordArray.create(ikm) : ikm;
var saltWordArray = salt instanceof __WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"] ? __WEBPACK_IMPORTED_MODULE_1_crypto_js_core___default.a.lib.WordArray.create(salt) : salt;
var prk = __WEBPACK_IMPORTED_MODULE_4_crypto_js_hmac_sha256___default()(ikmWordArray, saltWordArray);
var hmac = __WEBPACK_IMPORTED_MODULE_4_crypto_js_hmac_sha256___default()(infoBitsWordArray, prk);
return __WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"].from(hmac.toString(), 'hex').slice(0, 16);
};
/**
* Calculates the final hkdf based on computed S value, and computed U value and the key
* @param {String} username Username.
* @param {String} password Password.
* @param {BigInteger} serverBValue Server B value.
* @param {BigInteger} salt Generated salt.
* @param {nodeCallback<Buffer>} callback Called with (err, hkdfValue)
* @returns {void}
*/
AuthenticationHelper.prototype.getPasswordAuthenticationKey = function getPasswordAuthenticationKey(username, password, serverBValue, salt, callback) {
var _this4 = this;
if (serverBValue.mod(this.N).equals(__WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */].ZERO)) {
throw new Error('B cannot be zero.');
}
this.UValue = this.calculateU(this.largeAValue, serverBValue);
if (this.UValue.equals(__WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */].ZERO)) {
throw new Error('U cannot be zero.');
}
var usernamePassword = '' + this.poolName + username + ':' + password;
var usernamePasswordHash = this.hash(usernamePassword);
var xValue = new __WEBPACK_IMPORTED_MODULE_5__BigInteger__["a" /* default */](this.hexHash(this.padHex(salt) + usernamePasswordHash), 16);
this.calculateS(xValue, serverBValue, function (err, sValue) {
if (err) {
callback(err, null);
}
var hkdf = _this4.computehkdf(__WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"].from(_this4.padHex(sValue), 'hex'), __WEBPACK_IMPORTED_MODULE_0_buffer___["Buffer"].from(_this4.padHex(_this4.UValue.toString(16)), 'hex'));
callback(null, hkdf);
});
};
/**
* Calculates the S value used in getPasswordAuthenticationKey
* @param {BigInteger} xValue Salted password hash value.
* @param {BigInteger} serverBValue Server B value.
* @param {nodeCallback<string>} callback Called on success or error.
* @returns {void}
*/
AuthenticationHelper.prototype.calculateS = function calculateS(xValue, serverBValue, callback) {
var _this5 = this;
this.g.modPow(xValue, this.N, function (err, gModPowXN) {
if (err) {
callback(err, null);
}
var intValue2 = serverBValue.subtract(_this5.k.multiply(gModPowXN));
intValue2.modPow(_this5.smallAValue.add(_this5.UValue.multiply(xValue)), _this5.N, function (err2, result) {
if (err2) {
callback(err2, null);
}
callback(null, result.mod(_this5.N));
});
});
};
/**
* Return constant newPasswordRequiredChallengeUserAttributePrefix
* @return {newPasswordRequiredChallengeUserAttributePrefix} constant prefix value
*/
AuthenticationHelper.prototype.getNewPasswordRequiredChallengeUserAttributePrefix = function getNewPasswordRequiredChallengeUserAttributePrefix() {
return newPasswordRequiredChallengeUserAttributePrefix;
};
/**
* Converts a BigInteger (or hex string) to hex format padded with zeroes for hashing
* @param {BigInteger|String} bigInt Number or string to pad.
* @returns {String} Padded hex string.
*/
AuthenticationHelper.prototype.padHex = function padHex(bigInt) {
var hashStr = bigInt.toString(16);
if (hashStr.length % 2 === 1) {
hashStr = '0' + hashStr;
} else if ('89ABCDEFabcdef'.indexOf(hashStr[0]) !== -1) {
hashStr = '00' + hashStr;
}
return hashStr;
};
return AuthenticationHelper;
}();