[xmlsec] Consecutive calls to xmlSecEncCtxDecrypt() requires xmlSecEncCtxReset() ?

Aleksey Sanin aleksey at aleksey.com
Sat Jun 13 09:35:12 PDT 2009


Hi Michael,

What you can do is after decrypt, to copy the encKey pointer
somewhere, set it to NULL in the context, then reset then
set it back. This way it will be as fast as copying few
pointers.

Hope this makes sense.

Aleksey

Michael K wrote:
> I am trying to decrypt many AES 128 CBC encrypted data
> nodes: . eg:
> 
> <navPoint
> class="title/author" id="P1_1">
>     <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><CipherData><CipherValue>CAq8thgoElo4Xk+/Bg6NPldaJqqq/TyP4OcD0SZ52zCeL4R+HbsxLtri8Qi7CxFfEP2MQR1Ih0A28EWg8kzcCeiCird56W3G3Ahw/bS6FRFzBGhJFhJoynaTAiY+NoAim0mA38LPbTPnBqYD4nO88BLBzfWO4MKp+yd66CxjS+04sTLmKkP8jSSxtfJBv9sBp39Rj/EJx2aqNLfHz43Ye8E9ycEItmCliMt+sLWqRA7cgNu9yr+fYi0Kwo4BAf9JhaNLU1efmsAu9nycC0NptDi0Ztyg931xo7J6GYlI5AvP1B8zQVmR76zK0BWd4ZvY</CipherValue></CipherData></EncryptedData>
>     <content src="63611.smil#P1_1"/>
> </navPoint>
> 
> <navPoint class="annotation" id="P9_1">
>     <EncryptedDataType="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><CipherData><CipherValue>k0DdCQJGh7XenC0OOZwWSTZmLEZ63Ir6ZwFZeFHqRHbSuCIre1rwoVyXq3JcM9yW/Xl9bntRP2/2EPITObIsNMZhwh4lpU0FvW9tcz8t8/azEBeUHbef6/diF06I+5WSghv7916og3TuGhY8dTbw8sR6IkOFh/oZRVXRobw//m5rfl2esVJCs4ekr8x50jVC+bSsTKeodVj0A5SC67J0e7Rlr/uhOoCUxt9b8H4RLxYlpDfsTkam2qIzUFt1ikPTAS+CI84RndLCCYykcybQMQ==</CipherValue></CipherData></EncryptedData>
>     <content src="63611.smil#P9_1"/>
> </navPoint>
> 
> 
> I am using xpath to find the node and then using xmlSecEncCtxDecrypt to
> decrypt the node (replacing the <EncryptedData> tag with the
> decoded node(s).
> I create the context and  explicitly setting the AES key ...
> 
>     encCtx =
> xmlSecEncCtxCreate(NULL);
> 
>     if( (encCtx->encKey = xmlSecKeyCreate()) == NULL)
>        goto Abort;
>     if( (encCtx->encKey->value = xmlSecKeyDataCreate(
> xmlSecKeyDataAesId )) == NULL )
>        goto Abort;
>     if( xmlSecKeyDataBinaryValueSetBuffer( encCtx->encKey->value,
> AESKey, 16 ) != 0 )
>         goto Abort;
>    
> if(xmlSecKeySetName(encCtx->encKey, (const xmlChar *)"DTB Text Key")
> < 0) 
>         goto Abort;
>     // In case <EncryptionMethod> not present ..  set default
> AES128CBC
>     encCtx->defEncMethodId = xmlSecTransformAes128CbcId;
> 
> I find the node (e.g. "navpoint" with the class "title/author") and
> pass this to 
>     node = xmlSecFindNode( nodeset->nodeTab[i],
> xmlSecNodeEncryptedData, xmlSecEncNs );
> to get the<EncryptedData> node. This is then
> passed to xmlSecEncCtxDecrypt to decrypt the node:
> 
>     if((xmlSecEncCtxDecrypt(encCtx,
> node) < 0) || (encCtx->result == NULL))
>                     fprintf(stderr,"Error: decryption of Anotation\n");
> 
> I find this only works correctly the
> first time I call xmlSecEncCtxDecrypt. If I call xmlSecEncCtxDecrypt a second time  (say after finding the node "navPoint" with
> class "annotation" ) I get the following error:
> func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=634:obj=unknown:subj=encCtx->result
> == NULL:error=100:assertion: 
> func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=582:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
> library function failed: 
> 
> I can get multiple calls to xmlSecEncCtxDecrypt to work if I call xmlSecEncCtxReset( encCtx ); before each call
> to xmlSecEncCtxDecrypt.
> Reseting the context means that I have to set the AES key again.
> 
> Is there something I can do to the encryption context short of reseting
> it to enable me to call xmlSecEncCtxDecrypt multiple times ?   Have I
> missed some vital piece to clean up the context ?
> 
> Michael
>  


More information about the xmlsec mailing list