BREAKING CHANGE: Fix digest method algorithm id#135
Conversation
b9f4e4c to
7f68d30
Compare
| const digestUri = DIGEST_ALGORITHMS[keyEncryptionDigest] || keyEncryptionDigest; | ||
|
|
||
| // RSA-OAEP requires it. RSA-1.5 must NOT have it. | ||
| const isOAEP = keyEncryptionMethod && keyEncryptionMethod.includes('rsa-oaep'); |
There was a problem hiding this comment.
Can you add a link to the relevant portion of the spec that says RSA-1.5 must not have a DigestMethod?
There was a problem hiding this comment.
There isn't really a relevant portion of the spec, but I updated the comment 8bc66ed
There was a problem hiding this comment.
Is that a breaking change ?
There was a problem hiding this comment.
I don't know how anyone could rely on the DigestMethod when using RSA 1.5, but the shape of the XML is changing, so strictly speaking yes
| oaepHash = 'sha256'; | ||
| break; | ||
| case 'http://www.w3.org/2001/04/xmlenc#sha512': | ||
| case 'http://www.w3.org/2000/09/xmldsig#sha512': |
There was a problem hiding this comment.
Should we have a similar comment here about // backwards compatibility for previous wrong usage?
| const digestUri = DIGEST_ALGORITHMS[keyEncryptionDigest] || keyEncryptionDigest; | ||
|
|
||
| // RSA-OAEP requires it. RSA-1.5 must NOT have it. | ||
| const isOAEP = keyEncryptionMethod && keyEncryptionMethod.includes('rsa-oaep'); |
There was a problem hiding this comment.
Is there a previous check on whether the key encryption method is on an allow list? The check here is pretty lax in that rsa-oaep can appear anywhere within the string.
There was a problem hiding this comment.
| var xmlenc = require('../lib'); | ||
| var keyinfoTemplate = require('../lib/templates/keyinfo.tpl.xml'); | ||
|
|
||
| var RSA_OAEP = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'; |
There was a problem hiding this comment.
Should we try both http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p and http://www.w3.org/2001/04/xmlenc#rsa-oaep?
There was a problem hiding this comment.
I believe there's a http://www.w3.org/2009/xmlenc11#rsa-oaep but we don't support that https://github.com/auth0/node-xml-encryption/blob/master/lib/xmlenc.js#L56-L66
| assert(xml.includes('<DigestMethod Algorithm="' + custom + '" />')); | ||
| }); | ||
|
|
||
| it('includes a DigestMethod for RSA-OAEP', function () { |
There was a problem hiding this comment.
All the previous tests are implicitly RSA-OAEP, make sense to ditch this test and add an explicit keyEncryptionMethod to those?
| } | ||
|
|
||
| ['sha1', 'sha256', 'sha512'].forEach(function (digest) { | ||
| it('round trips with ' + digest, function (done) { |
There was a problem hiding this comment.
Would this test have failed prior to this fix?
There was a problem hiding this comment.
No, but it seems like a reasonable regression test to have
| }); | ||
| }); | ||
|
|
||
| it('emits the correct xmlenc URI in the produced XML for sha256', function (done) { |
There was a problem hiding this comment.
I don't see similar tests for sha1/sha512?
|
|
||
| module.exports = ({ encryptionPublicCert, encryptedKey, keyEncryptionMethod, keyEncryptionDigest }) => ` | ||
| const DIGEST_ALGORITHMS = { | ||
| 'sha1': 'http://www.w3.org/2000/09/xmldsig#sha1', |
There was a problem hiding this comment.
Maybe add a comment about why sha1 uses xmldsig and the others use xmlenc within the URI.
719ec21 to
8bc66ed
Compare
| switch (keyDigestMethodAlgorithm) { | ||
| case 'http://www.w3.org/2000/09/xmldsig#sha256': | ||
| case 'http://www.w3.org/2001/04/xmlenc#sha256': | ||
| case 'http://www.w3.org/2000/09/xmldsig#sha256': // backwards compatibility for previous wrong usage |
|
🎉 This PR is included in version 5.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Description
Replaces #118
http://www.w3.org/2000/09/xmldsig#sha256andhttp://www.w3.org/2000/09/xmldsig#sha512are not valid DigestMethod algorithm values, the correct DigestMethod algorithm identifier’s should behttp://www.w3.org/2001/04/xmlenc#sha256andhttp://www.w3.org/2001/04/xmlenc#sha512. (see XML Encryption Syntax and Processing Version 1.1 )Update the decryption logic to support the new
2001/04/xmlencidentifiers for encryption and decryption and the existing2000/09/xmldsigidentifiers for decryption (for backwards compatibility)This is a breaking change for people doing
rsa-oaepwithsha256orsha512References
https://www.w3.org/TR/xmlenc-core1/#sec-SHA256
Testing
Checklist