Add support for OAEP digest method is specified as SHA256 and SHA512

Author: Leonardo Zanivan

lib/xmlenc.js

@@ -238,6 +238,25 @@ function decryptKeyInfo(doc, options) {
     throw new Error('cant find encryption algorithm');
   }
 
+  const keyDigestMethod = xpath.select("//*[local-name(.)='KeyInfo']/*[local-name(.)='EncryptedKey']/*[local-name(.)='EncryptionMethod']/*[local-name(.)='DigestMethod']", doc)[0];
+  if (keyDigestMethod) {
+    const keyDigestMethodAlgorithm = keyDigestMethod.getAttribute('Algorithm');
+
+    switch (keyDigestMethodAlgorithm) {
+      case 'http://www.w3.org/2000/09/xmldsig#sha1':
+        options.oaepHash = 'sha1';
+        break;
+      case 'http://www.w3.org/2000/09/xmldsig#sha256':
+        options.oaepHash = 'sha256';
+        break;
+        case 'http://www.w3.org/2000/09/xmldsig#sha512':
+          options.oaepHash = 'sha512';
+          break;
+      default:
+        throw new Error('key encryption digest algorithm ' + keyDigestMethodAlgorithm + ' not supported');
+    }
+  }
+
   var keyEncryptionAlgorithm = keyEncryptionMethod.getAttribute('Algorithm');
   if (options.disallowDecryptionWithInsecureAlgorithm
     && insecureAlgorithms.indexOf(keyEncryptionAlgorithm) >= 0) {
@@ -259,10 +278,10 @@ function decryptKeyInfo(doc, options) {
 }
 
 function decryptKeyInfoWithScheme(encryptedKey, options, scheme) {
-  var padding = scheme === 'RSA-OAEP' ? crypto.constants.RSA_PKCS1_OAEP_PADDING : crypto.constants.RSA_PKCS1_PADDING;
-  var key = Buffer.from(encryptedKey.textContent, 'base64');
+  const padding = scheme === 'RSA-OAEP' ? crypto.constants.RSA_PKCS1_OAEP_PADDING : crypto.constants.RSA_PKCS1_PADDING;
+  const key = Buffer.from(encryptedKey.textContent, 'base64');
   const oaepHash = options.oaepHash || 'sha1';
-  var decrypted = crypto.privateDecrypt({ key: options.key, oaepHash: oaepHash, padding: padding}, key);
+  const decrypted = crypto.privateDecrypt({ key: options.key, oaepHash, padding}, key);
   return Buffer.from(decrypted, 'binary');
 }
 

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "xml-encryption",
-  "version": "3.0.2",
+  "version": "3.0.3",
   "devDependencies": {
     "mocha": "^7.1.2",
     "should": "^11.2.1",
@@ -30,8 +30,5 @@
   ],
   "scripts": {
     "test": "mocha"
-  },
-  "engines": {
-    "node": ">=12 < 18"
   }
 }

package.json

@@ -1,9 +1,7 @@
 var assert = require('assert');
 var fs = require('fs');
-var should = require('should');
 var sinon = require('sinon');
 var xmlenc = require('../lib');
-var xpath = require('xpath');
 
 describe('encrypt', function() {
   let consoleSpy = null;
@@ -39,13 +37,21 @@ describe('encrypt', function() {
       encryptionAlgorithm: 'http://www.w3.org/2009/xmlenc11#aes128-gcm',
       keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
     }
-  }, {
+  },
+  {
     name: 'aes-128-gcm with sha256',
     encryptionOptions: {
       encryptionAlgorithm: 'http://www.w3.org/2009/xmlenc11#aes128-gcm',
       keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
       oaepHash: 'sha256'
     }
+  }, {
+    name: 'aes-128-gcm with sha512',
+    encryptionOptions: {
+      encryptionAlgorithm: 'http://www.w3.org/2009/xmlenc11#aes128-gcm',
+      keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
+      oaepHash: 'sha512'
+    }
   }, {
     name: 'des-ede3-cbc',
     encryptionOptions: {
@@ -79,6 +85,7 @@ describe('encrypt', function() {
 
     xmlenc.encrypt(content, options, function(err, result) {
       xmlenc.decrypt(result, { key: fs.readFileSync(__dirname + '/test-auth0.key'), warnInsecureAlgorithm: false}, function (err, decrypted) {
+        if (err) return done(err);
         assert.equal(decrypted, content);
         done();
       });