xml-encryption - npm Package Compare versions

Comparing version 0.4.1 to 0.5.0

lib/xmlenc.js

@@ -123,19 +123,19 @@ var crypto = require('crypto');
         decipher = crypto.createDecipheriv('aes-128-cbc', symmetricKey, encrypted.slice(0, 16));
-        if (typeof options.autopadding !== 'undefined') {
-          decipher.setAutoPadding(options.autopadding);
-        }
+
+        decipher.setAutoPadding(false);
         decrypted = decipher.update(encrypted.slice(16), null, 'binary') + decipher.final();
-        
-        // HACK: padding is not working as expected, 
-        // so this is a hack to remove characters which should not be there
-        // since the decrypted content will be xml, we just remove chars after >
-        if (decrypted.lastIndexOf('>') > 0) {
-          decrypted = decrypted.substr(0, decrypted.lastIndexOf('>') + 1);
-        }
 
+        // Remove padding bytes equal to the value of the last byte of the returned data.
+        decrypted = decrypted.substr(0, decrypted.length - decrypted.charCodeAt(decrypted.length - 1));
+
         break;
       case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc':
         decipher = crypto.createDecipheriv('aes-256-cbc', symmetricKey, encrypted.slice(0, 16)); 
+
+        decipher.setAutoPadding(false);
         decrypted = decipher.update(encrypted.slice(16), null, 'binary') + decipher.final();
 
+        // Remove padding bytes equal to the value of the last byte of the returned data.
+        decrypted = decrypted.substr(0, decrypted.length - decrypted.charCodeAt(decrypted.length - 1));
+
         break;
@@ -142,0 +142,0 @@ default:

package.json

 {
   "name": "xml-encryption",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "devDependencies": {
@@ -5,0 +5,0 @@ "mocha": "*",

test/xmlenc.encryptedkey.js

@@ -101,2 +101,11 @@ var assert = require('assert'),
 
+  it('should decrypt xml with odd padding (aes256-cbc)', function (done) {
+    var encryptedContent = fs.readFileSync(__dirname + '/test-cbc256-padding.xml').toString()
+    xmlenc.decrypt(encryptedContent, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function(err, decrypted) {
+      assert.ifError(err);
+      assert.equal(decrypted, 'content');
+      done();
+    });
+  });
+
 });

test/xmlenc.integration.js

@@ -15,3 +15,3 @@ var assert = require('assert'),
 
-    xmlenc.decrypt(result, { autopadding: false, key: fs.readFileSync(__dirname + '/test-cbc128.key')}, function (err, decrypted) {
+    xmlenc.decrypt(result, { key: fs.readFileSync(__dirname + '/test-cbc128.key')}, function (err, decrypted) {
       // decrypted content should finish with <saml2:Assertion>
@@ -18,0 +18,0 @@ assert.equal(/<\/saml2:Assertion>$/.test(decrypted), true);

No alert changes

Improved metrics

Total package byte prevSize

44995

increased by4.27%

Number of package files

21

increased by5%

Lines of code

288

increased by1.77%

No dependency changes