For Cognito USER_SRP_AUTH - how to calculate PASSWORD_CLAIM_SIGNATURE to respond to ChallengeName: "PASSWORD_VERIFIER"?

0

This knowledge article describes the calculation of PASSWORD_CLAIM_SIGNATURE for the case of ChallengeName: "DEVICE_PASSWORD_VERIFIER".

  • Let PASSWORD_CLAIM_SIGNATURE = SHA256_HMAC(K_USER, DeviceGroupKey + DeviceKey + PASSWORD_CLAIM_SECRET_BLOCK + TIMESTAMP), base64-encoded
  • Let K_USER = SHA256_HASH(S_USER)
  • Let S_USER = (SRP_B - k * gx)(a + ux)
  • Let x = SHA256_HASH(salt + FULL_PASSWORD)
  • Let u = SHA256_HASH(SRP_A + SRP_B)
  • Let k = SHA256_HASH(N + g)

What is the equivalent calculation of PASSWORD_CLAIM_SIGNATURE for the case of ChallengeName: "PASSWORD_VERIFIER"?