Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | 1x 1x 1x 9x 9x 1x 8x 7x 5x 7x 1x 6x 1x 5x 5x 5x 5x 5x 5x 5x 5x 1x | /** * @file MFKDF HMAC-SHA1 Factor Setup * @copyright Multifactor, Inc. 2022–2025 * * @description * Setup an HMAC-SHA1 challenge-response factor for multi-factor key derivation * * @author Vivek Nair (https://nair.me) <[email protected]> */ const defaults = require('../../defaults') const crypto = require('crypto') const { encrypt } = require('../../crypt') /** * Setup a YubiKey-compatible MFKDF HMAC-SHA1 challenge-response factor * * @example * // setup key with hmacsha1 factor * const setup = await mfkdf.setup.key([ * await mfkdf.setup.factors.hmacsha1() * ]) * * // calculate response; could be done using hardware device * const secret = setup.outputs.hmacsha1.secret * const challenge = Buffer.from(setup.policy.factors[0].params.challenge, 'hex') * const response = crypto.createHmac('sha1', secret).update(challenge).digest() * * // derive key with hmacsha1 factor * const derive = await mfkdf.derive.key(setup.policy, { * hmacsha1: mfkdf.derive.factors.hmacsha1(response) * }) * * setup.key.toString('hex') // -> 01d0…2516 * derive.key.toString('hex') // -> 01d0…2516 * * @param {Object} [options] - Configuration options * @param {string} [options.id='hmacsha1'] - Unique identifier for this factor * @param {Buffer} [options.secret] - HMAC secret to use; randomly generated by default * @returns {MFKDFFactor} MFKDF factor information * @author Vivek Nair (https://nair.me) <[email protected]> * @since 0.21.0 * @async * @memberof setup.factors */ async function hmacsha1 (options) { options = Object.assign(Object.assign({}, defaults.hmacsha1), options) if (typeof options.id !== 'string') { throw new TypeError('id must be a string') } if (options.id.length === 0) throw new RangeError('id cannot be empty') if (typeof options.secret === 'undefined') { options.secret = crypto.randomBytes(20) } if (!Buffer.isBuffer(options.secret)) { throw new TypeError('secret must be a buffer') } if (Buffer.byteLength(options.secret) !== 20) { throw new RangeError('secret must be 20 bytes') } const paddedSecret = Buffer.concat([options.secret, crypto.randomBytes(12)]) return { type: 'hmacsha1', id: options.id, data: paddedSecret, entropy: 160, params: async ({ key }) => { const challenge = crypto.randomBytes(64) const response = crypto .createHmac('sha1', paddedSecret.subarray(0, 20)) .update(challenge) .digest() const paddedKey = Buffer.concat([response, Buffer.alloc(12)]) const pad = encrypt(paddedSecret, paddedKey) return { challenge: challenge.toString('hex'), pad: pad.toString('hex') } }, output: async () => { return { secret: options.secret } } } } module.exports.hmacsha1 = hmacsha1 |