auth0 · Mar 17, 2021 · Apr 22, 2021 · Apr 22, 2021 · Apr 23, 2021 · Aug 24, 2021
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -0,0 +1,20 @@
+name: Semgrep
+
+on:
+  pull_request_target: {}
+  push:
+    branches: ["master", "main"]
+permissions:
+  contents: read
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
+    steps:
+      - uses: actions/checkout@v3
+      - run: semgrep ci
+        env:
+          SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,45 @@
+name: Build and Test
+
+on:
+  merge_group:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+  push:
+    branches:
+      - master
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node: [ 12, 14, 16 ]
+    name: Node ${{ matrix.node }} Test
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.ref }}
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node }}
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run Mocha unit tests
+        run: npm run test
+
diff --git a/CODEOWNERS b/CODEOWNERS
diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
 [![Build Status](https://travis-ci.org/auth0/node-xml-encryption.png)](https://travis-ci.org/auth0/node-xml-encryption)
 
-W3C XML Encryption implementation for node.js (http://www.w3.org/TR/xmlenc-core/)
+W3C XML Encryption implementation for Node.js (http://www.w3.org/TR/xmlenc-core/)
 
-Supports node >= 8
+Node 18+ does not support Triple DES algorithms due to https://github.com/nodejs/node/issues/52017
 
 ## Usage
 
@@ -18,6 +18,7 @@ var options = {
   pem: fs.readFileSync(__dirname + '/your_public_cert.pem'),
   encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
   keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
+  keyEncryptionDigest: 'sha1',
   disallowEncryptionWithInsecureAlgorithm: true,
   warnInsecureAlgorithm: true
 };

diff --git a/lib/templates/keyinfo.tpl.xml.js b/lib/templates/keyinfo.tpl.xml.js
@@ -1,10 +1,10 @@
 var escapehtml = require('escape-html');
 
-module.exports = ({ encryptionPublicCert, encryptedKey, keyEncryptionMethod }) => `
+module.exports = ({ encryptionPublicCert, encryptedKey, keyEncryptionMethod, keyEncryptionDigest }) => `
 <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
   <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
     <e:EncryptionMethod Algorithm="${escapehtml(keyEncryptionMethod)}">
-      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#${escapehtml(keyEncryptionDigest)}" />
     </e:EncryptionMethod>
     <KeyInfo>
       ${encryptionPublicCert}

diff --git a/lib/xmlenc.js b/lib/xmlenc.js
@@ -1,24 +1,30 @@
 var crypto  = require('crypto');
-var xmldom  = require('xmldom');
+var xmldom  = require('@xmldom/xmldom');
 var xpath   = require('xpath');
 var utils   = require('./utils');
-var pki     = require('node-forge').pki;
 
 const insecureAlgorithms = [
   //https://www.w3.org/TR/xmlenc-core1/#rsav15note
   'http://www.w3.org/2001/04/xmlenc#rsa-1_5',
   //https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
   'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'];
-function encryptKeyInfoWithScheme(symmetricKey, options, scheme, callback) {
+
+function encryptKeyInfoWithScheme(symmetricKey, options, padding, callback) {
+  const symmetricKeyBuffer = Buffer.isBuffer(symmetricKey) ? symmetricKey : Buffer.from(symmetricKey, 'utf-8');
+
   try {
-    var rsa_pub = pki.publicKeyFromPem(options.rsa_pub);
-    var encrypted = rsa_pub.encrypt(symmetricKey.toString('binary'), scheme);
-    var base64EncodedEncryptedKey = Buffer.from(encrypted, 'binary').toString('base64');
+    var encrypted = crypto.publicEncrypt({
+      key: options.rsa_pub,
+      oaepHash: padding == crypto.constants.RSA_PKCS1_OAEP_PADDING ? options.keyEncryptionDigest : undefined,
+      padding: padding
+    }, symmetricKeyBuffer);
+    var base64EncodedEncryptedKey = encrypted.toString('base64');
 
     var params = {
       encryptedKey:  base64EncodedEncryptedKey,
       encryptionPublicCert: '<X509Data><X509Certificate>' + utils.pemToCert(options.pem.toString()) + '</X509Certificate></X509Data>',
-      keyEncryptionMethod: options.keyEncryptionAlgorithm
+      keyEncryptionMethod: options.keyEncryptionAlgorithm,
+      keyEncryptionDigest: options.keyEncryptionDigest,
     };
 
     var result = utils.renderTemplate('keyinfo', params);
@@ -42,13 +48,14 @@ function encryptKeyInfo(symmetricKey, options, callback) {
     && insecureAlgorithms.indexOf(options.keyEncryptionAlgorithm) >= 0) {
     return callback(new Error('encryption algorithm ' + options.keyEncryptionAlgorithm + 'is not secure'));
   }
+  options.keyEncryptionDigest = options.keyEncryptionDigest || 'sha1';
   switch (options.keyEncryptionAlgorithm) {
     case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
-      return encryptKeyInfoWithScheme(symmetricKey, options, 'RSA-OAEP', callback);
+      return encryptKeyInfoWithScheme(symmetricKey, options, crypto.constants.RSA_PKCS1_OAEP_PADDING, callback);
 
     case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
       utils.warnInsecureAlgorithm(options.keyEncryptionAlgorithm, options.warnInsecureAlgorithm);
-      return encryptKeyInfoWithScheme(symmetricKey, options, 'RSAES-PKCS1-V1_5', callback);
+      return encryptKeyInfoWithScheme(symmetricKey, options, crypto.constants.RSA_PKCS1_PADDING, callback);
 
     default:
       return callback(new Error('encryption key algorithm not supported'));
@@ -215,6 +222,9 @@ function decryptKeyInfo(doc, options) {
 
   var keyRetrievalMethodUri;
   var keyInfo = xpath.select("//*[local-name(.)='KeyInfo' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']", doc)[0];
+  if (!keyInfo) {
+    keyInfo = xpath.select("//*[local-name(.)='EncryptedData']/*[local-name(.)='KeyInfo']", doc)[0];
+  }
   var keyEncryptionMethod = xpath.select("//*[local-name(.)='KeyInfo']/*[local-name(.)='EncryptedKey']/*[local-name(.)='EncryptionMethod']", doc)[0];
 
   if (!keyEncryptionMethod) { // try with EncryptedData->KeyInfo->RetrievalMethod
@@ -227,6 +237,20 @@ function decryptKeyInfo(doc, options) {
     throw new Error('cant find encryption algorithm');
   }
 
+  let oaepHash = 'sha1';
+  const keyDigestMethod = xpath.select("//*[local-name(.)='KeyInfo']/*[local-name(.)='EncryptedKey']/*[local-name(.)='EncryptionMethod']/*[local-name(.)='DigestMethod']", doc)[0];
+  if (keyDigestMethod) {
+    const keyDigestMethodAlgorithm = keyDigestMethod.getAttribute('Algorithm');
+    switch (keyDigestMethodAlgorithm) {
+      case 'http://www.w3.org/2000/09/xmldsig#sha256':
+        oaepHash = 'sha256';
+        break;
+      case 'http://www.w3.org/2000/09/xmldsig#sha512':
+        oaepHash = 'sha512';
+        break;
+    }
+  }
+
   var keyEncryptionAlgorithm = keyEncryptionMethod.getAttribute('Algorithm');
   if (options.disallowDecryptionWithInsecureAlgorithm
     && insecureAlgorithms.indexOf(keyEncryptionAlgorithm) >= 0) {
@@ -238,19 +262,18 @@ function decryptKeyInfo(doc, options) {
 
   switch (keyEncryptionAlgorithm) {
     case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
-      return decryptKeyInfoWithScheme(encryptedKey, options, 'RSA-OAEP');
+      return decryptKeyInfoWithScheme(encryptedKey, options, crypto.constants.RSA_PKCS1_OAEP_PADDING, oaepHash);
     case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
       utils.warnInsecureAlgorithm(keyEncryptionAlgorithm, options.warnInsecureAlgorithm);
-      return decryptKeyInfoWithScheme(encryptedKey, options, 'RSAES-PKCS1-V1_5');
+      return decryptKeyInfoWithScheme(encryptedKey, options, crypto.constants.RSA_PKCS1_PADDING);
     default:
       throw new Error('key encryption algorithm ' + keyEncryptionAlgorithm + ' not supported');
   }
 }
 
-function decryptKeyInfoWithScheme(encryptedKey, options, scheme) {
-  var key = Buffer.from(encryptedKey.textContent, 'base64').toString('binary');
-  var private_key = pki.privateKeyFromPem(options.key);
-  var decrypted = private_key.decrypt(key, scheme);
+function decryptKeyInfoWithScheme(encryptedKey, options, padding, oaepHash) {
+  const key = Buffer.from(encryptedKey.textContent, 'base64');
+  const decrypted = crypto.privateDecrypt({ key: options.key, padding, oaepHash}, key);
   return Buffer.from(decrypted, 'binary');
 }
 

diff --git a/opslevel.yml b/opslevel.yml
@@ -0,0 +1,6 @@
+---
+version: 1
+repository:
+  owner: iam_protocols
+  tier:
+  tags: