[xmlsec] Consecutive calls to xmlSecEncCtxDecrypt() requires
xmlSecEncCtxReset() ?
Michael K
vk2bea at yahoo.com
Sat Jun 13 06:55:31 PDT 2009
I am trying to decrypt many AES 128 CBC encrypted data
nodes: . eg:
<navPoint
class="title/author" id="P1_1">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><CipherData><CipherValue>CAq8thgoElo4Xk+/Bg6NPldaJqqq/TyP4OcD0SZ52zCeL4R+HbsxLtri8Qi7CxFfEP2MQR1Ih0A28EWg8kzcCeiCird56W3G3Ahw/bS6FRFzBGhJFhJoynaTAiY+NoAim0mA38LPbTPnBqYD4nO88BLBzfWO4MKp+yd66CxjS+04sTLmKkP8jSSxtfJBv9sBp39Rj/EJx2aqNLfHz43Ye8E9ycEItmCliMt+sLWqRA7cgNu9yr+fYi0Kwo4BAf9JhaNLU1efmsAu9nycC0NptDi0Ztyg931xo7J6GYlI5AvP1B8zQVmR76zK0BWd4ZvY</CipherValue></CipherData></EncryptedData>
<content src="63611.smil#P1_1"/>
</navPoint>
<navPoint class="annotation" id="P9_1">
<EncryptedDataType="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><CipherData><CipherValue>k0DdCQJGh7XenC0OOZwWSTZmLEZ63Ir6ZwFZeFHqRHbSuCIre1rwoVyXq3JcM9yW/Xl9bntRP2/2EPITObIsNMZhwh4lpU0FvW9tcz8t8/azEBeUHbef6/diF06I+5WSghv7916og3TuGhY8dTbw8sR6IkOFh/oZRVXRobw//m5rfl2esVJCs4ekr8x50jVC+bSsTKeodVj0A5SC67J0e7Rlr/uhOoCUxt9b8H4RLxYlpDfsTkam2qIzUFt1ikPTAS+CI84RndLCCYykcybQMQ==</CipherValue></CipherData></EncryptedData>
<content src="63611.smil#P9_1"/>
</navPoint>
I am using xpath to find the node and then using xmlSecEncCtxDecrypt to
decrypt the node (replacing the <EncryptedData> tag with the
decoded node(s).
I create the context and explicitly setting the AES key ...
encCtx =
xmlSecEncCtxCreate(NULL);
if( (encCtx->encKey = xmlSecKeyCreate()) == NULL)
goto Abort;
if( (encCtx->encKey->value = xmlSecKeyDataCreate(
xmlSecKeyDataAesId )) == NULL )
goto Abort;
if( xmlSecKeyDataBinaryValueSetBuffer( encCtx->encKey->value,
AESKey, 16 ) != 0 )
goto Abort;
if(xmlSecKeySetName(encCtx->encKey, (const xmlChar *)"DTB Text Key")
< 0)
goto Abort;
// In case <EncryptionMethod> not present .. set default
AES128CBC
encCtx->defEncMethodId = xmlSecTransformAes128CbcId;
I find the node (e.g. "navpoint" with the class "title/author") and
pass this to
node = xmlSecFindNode( nodeset->nodeTab[i],
xmlSecNodeEncryptedData, xmlSecEncNs );
to get the<EncryptedData> node. This is then
passed to xmlSecEncCtxDecrypt to decrypt the node:
if((xmlSecEncCtxDecrypt(encCtx,
node) < 0) || (encCtx->result == NULL))
fprintf(stderr,"Error: decryption of Anotation\n");
I find this only works correctly the
first time I call xmlSecEncCtxDecrypt. If I call xmlSecEncCtxDecrypt a second time (say after finding the node "navPoint" with
class "annotation" ) I get the following error:
func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=634:obj=unknown:subj=encCtx->result
== NULL:error=100:assertion:
func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=582:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
library function failed:
I can get multiple calls to xmlSecEncCtxDecrypt to work if I call xmlSecEncCtxReset( encCtx ); before each call
to xmlSecEncCtxDecrypt.
Reseting the context means that I have to set the AES key again.
Is there something I can do to the encryption context short of reseting
it to enable me to call xmlSecEncCtxDecrypt multiple times ? Have I
missed some vital piece to clean up the context ?
Michael
--
|\ _,,,---,,_ Michael Katzmann
/,`.-'`' -. ;-;;,_ NV3Z / VK2BEA / G4NYV
|,4- ) )-,_. ,\ ( `'-'
'---''(_/--' `-'\_) MichaelK => IEEE d o t o r g
More information about the xmlsec
mailing list