Update crypto module to be compliant with LLNG ≥2.0.6

CHANGELOG.md

@@ -3,8 +3,8 @@ Changelog
 
 ## 0.4.1
  * BREACKING CHANGE:
-   * Cryptographic function are now compatible with LLNG ≥ 2.0.5 but then
-     may be incompatible with previous versions. This affects CDA
+   * Cryptographic function are now compatible with LLNG ≥ 2.0.6 but then
+     may be incompatible with previous versions.
 
 ## 0.4.0
  * Reorganize and rename main package to "lemonldap-ng-handler"

Gruntfile.coffee

@@ -2,7 +2,7 @@ fs= require('fs')
 packages = fs.readdirSync('src/packages')
 np = "#{__dirname}/packages"
 process.env.NODE_PATH = if process.env.NODE_PATH? then ":#{np}" else np
-require("module").Module._initPaths();
+require("module").Module._initPaths()
 
 module.exports = (grunt) ->
 	grunt.initConfig
@@ -21,6 +21,14 @@ module.exports = (grunt) ->
 				src: ['**/*.coffee']
 				dest: 'packages/'
 				ext: '.js'
+		copy:
+			test:
+				files: [
+					expand: true
+					cwd: 'src/packages',
+					src: ['*/test/*.json']
+					dest: 'packages/'
+				]
 		mochaTest:
 			test:
 				options:
@@ -32,6 +40,7 @@ module.exports = (grunt) ->
 	grunt.loadNpmTasks 'grunt-contrib-coffee'
 	grunt.loadNpmTasks 'grunt-mocha-test'
 	grunt.loadNpmTasks 'grunt-contrib-clean'
+	grunt.loadNpmTasks 'grunt-contrib-copy'
 
 	# Build package.json files
 	main = grunt.file.readJSON "package.json"
@@ -64,5 +73,5 @@ module.exports = (grunt) ->
 		grunt.log.ok "#{packages.length} README.md files written"
 		packages.forEach (pack) ->
 			# TODO: copy test files
-	grunt.registerTask 'default', ['clean', 'coffee', 'conf']
+	grunt.registerTask 'default', ['clean', 'coffee', 'conf', 'copy']
 	grunt.registerTask 'test', 'mochaTest'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "lemonldap-ng-handler",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "LemonLDAP::NG handler for Node.js",
   "main": "lib/index",
   "maintainers": [
@@ -42,10 +42,11 @@
     "file-cache-simple": "0.0.7",
     "grunt": "*",
     "grunt-contrib-coffee": "*",
+    "grunt-contrib-copy": "^1.0.0",
     "grunt-mocha-test": "^0.13.3",
     "inireader": "*",
-    "sha.js": "*",
-    "mocha": "*"
+    "mocha": "*",
+    "sha.js": "*"
   },
   "llng-compat": "2.0.5",
   "scripts": {
@@ -56,9 +57,9 @@
   "dependencies": {
     "extend": "*",
     "inireader": "^1.2.1",
-    "lemonldap-ng-conf": "0.4.1",
-    "lemonldap-ng-logger": "0.4.1",
-    "lemonldap-ng-session": "0.4.1",
+    "lemonldap-ng-conf": "0.5.0",
+    "lemonldap-ng-logger": "0.5.0",
+    "lemonldap-ng-session": "0.5.0",
     "node-fastcgi": "^1.3.3"
   },
   "optionalDependencies": {

src/packages/lemonldap-ng-conf/lib/crypto.coffee

@@ -6,13 +6,11 @@
 
 rnd = require 'random-bytes'
 sha = require 'sha.js'
+aesjs = require 'aes-js'
 
 class Crypto
 	constructor: (key, @mode) ->
-		@aesjs = require 'aes-js'
 		@rk = new sha('sha256').update(key).digest()
-		@tob = @aesjs.utils.utf8.toBytes
-		@frb = @aesjs.utils.utf8.fromBytes
 
 	newIv: () ->
 		tmp = rnd.sync 16
@@ -25,7 +23,7 @@ class Crypto
 		l = 16 - s.length % 16
 		s = Buffer.concat [s, Buffer.allocUnsafe(l).fill "\0"]
 		iv = this.newIv()
-		cipher = new @aesjs.ModeOfOperation.cbc @rk, iv
+		cipher = new aesjs.ModeOfOperation.cbc @rk, iv
 		buf = Buffer.concat [iv, cipher.encrypt s]
 		res = Buffer(buf).toString 'base64'
 		res
@@ -35,20 +33,21 @@ class Crypto
 		s = Buffer.from(s, 'base64')
 		iv = s.slice 0, 16
 		s = s.slice 16
-		cipher = new @aesjs.ModeOfOperation.cbc(@rk, iv)
+		cipher = new aesjs.ModeOfOperation.cbc @rk, iv
 		res = Buffer.from cipher.decrypt s
 		hmac = res.slice 0,32
 		res = res.slice 32
 		z = res.indexOf "\0"
 		if z > 0
 			res = res.slice 0, z+1
 		res = res.toString()
+		newhmac = new sha('sha256').update(res).digest()
 		# Remove \0 at end
 		res = res.substring 0, res.length-1
-		if hmac.equals new sha('sha256').update(res).digest()
+		if hmac.equals(newhmac) or hmac.equals(new sha('sha256').update(res).digest())
 			return res
 		else
-			console.log "Bad hmac, ignored for now due to unknown Perl/JS incompatibility"
+			console.error "Bad hmac"
 			return res
 
 module.exports = Crypto

src/packages/lemonldap-ng-conf/test/cr.json

@@ -1,6 +1,6 @@
 {
-   "longtext xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" : "2SaRKLy8EzIOoWN8xZYCAlfkgnUqACiqxp3jYLkReROHzK3vYp9AoDOVqd6EX1UHODbiaGn7++jH35qlpzWAjqo/cm3pLih9yrLfQweiAbJbqQsgg/3nji/h9Bg61qBe",
-   "test" : "qAgnmss/ihDZMNQ3Ch5Dusa1418GF1hHsE9G7Hl70/RUle7Pyqy2U+dj9yPgpj+iDXEs2gp4kzpCZYjwJhasRw==",
-   "utf8 Русский" : "4d6WmDDwrjXpx7Lm1xFxYGf3tnbazZLNyB/2moel+m6RDOr8IoX44fOQ8Rr9WoP7wq5ij2FINa1xN1PKuQII8eDK7TLi04lClQKELXTDDaQ=",
-   "utf8 iso 8859 àéç" : "ivhAQ+46EGjtWICp+KlRwnIa6JwPSjRdgR94MqMxCokrpRBYTsKjAJ79KBpVOHYxC6R0umEB0X8PNsCsklTpukph1oW595pjc2l+AYwC/v0="
+   "utf8 iso 8859 àéç" : "T33lc1/Mmab2ZS29Fe/vkof3I/b00xeg0ChwyllDCI3dQXoff+yclU982UxUFML1KzgUXDHCBkbShcJujOOG88P1LyWDlQd+2jkOEBejA/k=",
+   "longtext xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" : "kEJtTbuQ/FlxOhNDwzq0n6icNFTaeghod3UH7Mbv313i9GR9OBpHaywiEhFRg0SxDC+Lxav1NwNF2jTHQHq8zPZgscy0jbueW1k1uly0SPg+o7onCeXlxCqncaUqce2r",
+   "utf8 Русский" : "oWLWC9+/CgyEaAnO4M9f4J1H1z7NZkxwcKKqISHgciT9znETYMS5FMuTJYg8b25h5CeEirQVmuN/FRnHCFR7NajgJ+lgqtTHReRJR09ErNQ=",
+   "test" : "px9k88IRXWgAU/edNUozgTzoDrUqcRWKeI4vtKFE7m+RfrFQmDqk8vlg4fb+9ibVVeNrIik6nJI7JRTcDXcD+Q=="
 }

src/packages/node-lemonldap-ng-handler/package.json

@@ -1,5 +1,5 @@
 {
   "dependencies": {
-    "lemonldap-ng-handler": "$version"
+    "lemonldap-ng-handler": "latest"
   }
 }