factors hmacsha1.js

100% Statements 13/13
100% Branches 2/2
100% Functions 4/4
100% Lines 12/12
Press n or j to go to the next uncovered block, b, p or k for the previous block.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66  
 
 
 
 
 
 
 
 
1x
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7x
 
6x
6x
 
6x
 
 
 
6x
6x
6x
6x
 
 
 
 
 
6x
 
 
 
 
1x
  /**
 * @file MFKDF HMAC-SHA1 Factor Setup
 * @copyright Multifactor 2022 All Rights Reserved
 *
 * @description
 * Derive an HMAC-SHA1 challenge-response factor for multi-factor key derivation
 *
 * @author Vivek Nair (https://nair.me) <[email protected]>
 */
const xor = require('buffer-xor')
const crypto = require('crypto')
 
/**
 * Derive a YubiKey-compatible MFKDF HMAC-SHA1 challenge-response factor
 *
 * @example
 * // setup key with hmacsha1 factor
 * const setup = await mfkdf.setup.key([
 *   await mfkdf.setup.factors.hmacsha1()
 * ], {size: 8})
 *
 * // calculate response; could be done using hardware device
 * const secret = setup.outputs.hmacsha1.secret
 * const challenge = Buffer.from(setup.policy.factors[0].params.challenge, 'hex')
 * const response = crypto.createHmac('sha1', secret).update(challenge).digest()
 *
 * // derive key with hmacsha1 factor
 * const derive = await mfkdf.derive.key(setup.policy, {
 *   hmacsha1: mfkdf.derive.factors.hmacsha1(response)
 * })
 *
 * setup.key.toString('hex') // -> 01d0c7236adf2516
 * derive.key.toString('hex') // -> 01d0c7236adf2516
 *
 * @param {Buffer} response - HMAC-SHA1 response
 * @returns {function(config:Object): Promise<MFKDFFactor>} Async function to generate MFKDF factor information
 * @author Vivek Nair (https://nair.me) <[email protected]>
 * @since 0.21.0
 * @memberof derive.factors
 */
function hmacsha1 (response) {
  if (!Buffer.isBuffer(response)) throw new TypeError('response must be a buffer')
 
  return async (params) => {
    const secret = xor(response.subarray(0, 20), Buffer.from(params.pad, 'hex'))
 
    return {
      type: 'hmacsha1',
      data: secret,
      params: async ({ key }) => {
        const challenge = crypto.randomBytes(64)
        const response = crypto.createHmac('sha1', secret).update(challenge).digest()
        const pad = xor(response.subarray(0, 20), secret)
        return {
          challenge: challenge.toString('hex'),
          pad: pad.toString('hex')
        }
      },
      output: async () => {
        return { secret }
      }
    }
  }
}
module.exports.hmacsha1 = hmacsha1