[xmlsec] Can't decrypt GCM based algorithms

Timothy Legge timlegge at gmail.com
Wed Mar 30 12:41:01 UTC 2022


I think I figured it out.  The encryption does not appear to be using
the additional authentication data that GCM provides.

Tim
Timothy Legge
timlegge at gmail.com
timlegge at cpan.org

On Wed, Mar 30, 2022 at 8:32 AM Timothy Legge <timlegge at gmail.com> wrote:
>
> Hi
>
> I have confirmed that all my values are the values that xmlsec gets.
> IV, ciphertext and tag.
>
> I have seen some references that say in order to decrypt the
> ciphertext properly you need the IV, authentication data and the tag.
>
> However, the XML spec says to only provide the concatenation of IV .
> CIPHERTEXT . TAG there appears to be nowhere to pass the
> authentication data.  Am I missing something?
>
> Tim
>
>
> Timothy Legge
> timlegge at gmail.com
> timlegge at cpan.org
>
> On Tue, Mar 29, 2022 at 10:27 PM Timothy Legge <timlegge at gmail.com> wrote:
> >
> > Hi
> >
> > I little more information
> > https://github.com/lsh123/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L166
> > definitely unencrypted the data
> >
> > If I add    printf("%s\n", outBuf); before the return at the end of
> > the function it prints the unencrypted XML
> >
> > Tim
> > Timothy Legge
> > timlegge at gmail.com
> > timlegge at cpan.org
> >
> > On Tue, Mar 29, 2022 at 9:23 PM Timothy Legge <timlegge at gmail.com> wrote:
> > >
> > > I read https://www.w3.org/TR/xmlenc-core/#sec-AES-GCM as requiring no padding.
> > >
> > > No padding should be used during encryption
> > >
> > > but if I read 5.2.4 AES-GCM in the context of section 5.2 Block
> > > Encryption Algorithms then I guess the padding is required.
> > >
> > > Great things these standards :-)
> > >
> > > Tim
> > >
> > > Timothy Legge
> > > timlegge at gmail.com
> > > timlegge at cpan.org
> > >
> > > On Tue, Mar 29, 2022 at 9:12 PM Aleksey Sanin <aleksey at aleksey.com> wrote:
> > > >
> > > > Sorry forgot to add a pointer:
> > > >
> > > > https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Alg-Block
> > > >
> > > > This is not the standard RFC 1423 padding that most of the software is
> > > > using these days.
> > > >
> > > > Aleksey
> > > >
> > > > On 3/29/22 8:10 PM, Aleksey Sanin wrote:
> > > > > I would check what kind of padding is used by the encryption software.
> > > > > That's one of the most common reasons for EVP_CipherFinal failure like
> > > > > that.
> > > > >
> > > > > Aleksey
> > > > >
> > > > > On 3/29/22 6:35 PM, Timothy Legge wrote:
> > > > >> That likely answers that particular issue.  My module issue looks like
> > > > >> this:
> > > > >>
> > > > >> xmlsec1 --decrypt --privkey-pem
> > > > >> ~/perl-Net-SAML2/xt/testapp/sign-private.pem tmp.xml
> > > > >> func=xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock:file=ciphers.c:line=250:obj=aes256-gcm:subj=EVP_CipherFinal:error=4:crypto
> > > > >>
> > > > >> library function failed:openssl error: 0: NULL: NULL NULL
> > > > >> func=xmlSecOpenSSLEvpBlockCipherGCMCtxFinal:file=ciphers.c:line=557:obj=aes256-gcm:subj=xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock:error=1:xmlsec
> > > > >>
> > > > >> library function failed:
> > > > >> func=xmlSecOpenSSLEvpBlockCipherExecute:file=ciphers.c:line=843:obj=aes256-gcm:subj=xmlSecOpenSSLEvpBlockCipherCtxFinal:error=1:xmlsec
> > > > >>
> > > > >> library function failed:
> > > > >> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1927:obj=aes256-gcm:subj=xmlSecTransformExecute:error=1:xmlsec
> > > > >>
> > > > >> library function failed:final=1
> > > > >> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1952:obj=aes256-gcm:subj=xmlSecTransformPushBin:error=1:xmlsec
> > > > >>
> > > > >> library function failed:final=1;outSize=74
> > > > >> func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=941:obj=unknown:subj=xmlSecTransformPushBin:error=1:xmlsec
> > > > >>
> > > > >> library function failed:dataSize=102
> > > > >> func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=614:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec
> > > > >>
> > > > >> library function failed:
> > > > >> func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=524:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
> > > > >>
> > > > >> library function failed:
> > > > >> Error: failed to decrypt file
> > > > >> Error: failed to decrypt file "tmp.xml"
> > > > >>
> > > > >>
> > > > >>
> > > > >> Timothy Legge
> > > > >> timlegge at gmail.com
> > > > >> timlegge at cpan.org
> > > > >>
> > > > >> On Tue, Mar 29, 2022 at 6:57 PM Aleksey Sanin <aleksey at aleksey.com>
> > > > >> wrote:
> > > > >>>
> > > > >>> Yes, basically you need to tell XML parser about ID attributes.
> > > > >>> As I said, section 3.2 in FAQ:
> > > > >>>
> > > > >>> https://www.aleksey.com/xmlsec/faq.html
> > > > >>>
> > > > >>> Aleksey
> > > > >>>
> > > > >>> On 3/29/22 5:52 PM, Timothy Legge wrote:
> > > > >>>> Hi
> > > > >>>>
> > > > >>>> I am missing the reference I think.  Is it related to the --id-attr?
> > > > >>>>
> > > > >>>> Timothy Legge
> > > > >>>> timlegge at gmail.com
> > > > >>>> timlegge at cpan.org
> > > > >>>>
> > > > >>>> On Tue, Mar 29, 2022 at 6:36 PM Aleksey Sanin <aleksey at aleksey.com>
> > > > >>>> wrote:
> > > > >>>>>
> > > > >>>>> FAQ section 3.2 if I recall (or somewhere close by).
> > > > >>>>>
> > > > >>>>> Aleksey
> > > > >>>>>
> > > > >>>>> On 3/29/22 5:34 PM, Timothy Legge wrote:
> > > > >>>>>> Hi
> > > > >>>>>>
> > > > >>>>>> It also seems to be an issue with a IdP SAMLResponse from okta:
> > > > >>>>>>
> > > > >>>>>> I have attached the xml as test xml and the base64 version as well as
> > > > >>>>>> the private key (that private key is from perl-Net-SAML2 and is
> > > > >>>>>> already public so it is fine to post).  My perl XML::Enc module
> > > > >>>>>> decrypts this file without any issues.
> > > > >>>>>>
> > > > >>>>>> I am continuing to review.
> > > > >>>>>>
> > > > >>>>>> Tim
> > > > >>>>>>
> > > > >>>>>> xmlsec1 --decrypt --privkey-pem sign-private-rsa.pem test.xml
> > > > >>>>>> func=xmlSecXPathDataExecute:file=xpath.c:line=246:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
> > > > >>>>>>
> > > > >>>>>> library function
> > > > >>>>>> failed:expr=xpointer(id('_040a0aae3380dc9275ae08c24a8ddd72')); xml
> > > > >>>>>> error: 0: NULL
> > > > >>>>>> func=xmlSecXPathDataListExecute:file=xpath.c:line=330:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:
> > > > >>>>>> func=xmlSecTransformXPathExecute:file=xpath.c:line=430:obj=xpointer:subj=xmlSecXPathDataListExecute:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:
> > > > >>>>>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2108:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:
> > > > >>>>>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1044:obj=xpointer:subj=xmlSecTransformPushXml:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:
> > > > >>>>>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1092:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:
> > > > >>>>>> func=xmlSecKeyDataRetrievalMethodXmlRead:file=keyinfo.c:line=1108:obj=retrieval-method:subj=xmlSecTransformCtxExecute:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:
> > > > >>>>>> func=xmlSecKeyInfoNodeRead:file=keyinfo.c:line=121:obj=retrieval-method:subj=xmlSecKeyDataXmlRead:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:node=RetrievalMethod
> > > > >>>>>> func=xmlSecKeysMngrGetKey:file=keys.c:line=1234:obj=unknown:subj=xmlSecKeyInfoNodeRead:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:node=KeyInfo
> > > > >>>>>> func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=779:obj=unknown:subj=unknown:error=45:key
> > > > >>>>>>
> > > > >>>>>> is not found:encMethod=aes256-gcm
> > > > >>>>>> func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=596:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:
> > > > >>>>>> func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=524:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
> > > > >>>>>>
> > > > >>>>>> library function failed:
> > > > >>>>>> Error: failed to decrypt file
> > > > >>>>>> Error: failed to decrypt file "test.xml"
> > > > >>>>>>
> > > > >>>>>> Timothy Legge
> > > > >>>>>> timlegge at gmail.com
> > > > >>>>>> timlegge at cpan.org
> > > > >>>>>>
> > > > >>>>>> On Tue, Mar 29, 2022 at 1:25 PM Timothy Legge <timlegge at gmail.com>
> > > > >>>>>> wrote:
> > > > >>>>>>>
> > > > >>>>>>> perfect.  I do get errors but my laptop is home at the moment.  I
> > > > >>>>>>> will test again tonight and let you know.
> > > > >>>>>>>
> > > > >>>>>>> Tim
> > > > >>>>>>>
> > > > >>>>>>> On Tue., Mar. 29, 2022, 12:57 p.m. Aleksey Sanin,
> > > > >>>>>>> <aleksey at aleksey.com> wrote:
> > > > >>>>>>>>
> > > > >>>>>>>> Well, the gcm code for openssl is here:
> > > > >>>>>>>>
> > > > >>>>>>>> https://github.com/lsh123/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L80
> > > > >>>>>>>>
> > > > >>>>>>>>
> > > > >>>>>>>> so adding printfs in these functions would help.
> > > > >>>>>>>>
> > > > >>>>>>>> Do you get any errors?
> > > > >>>>>>>>
> > > > >>>>>>>> Aleksey
> > > > >>>>>>>>
> > > > >>>>>>>> On 3/29/22 11:51 AM, Timothy Legge wrote:
> > > > >>>>>>>>> Hi
> > > > >>>>>>>>>
> > > > >>>>>>>>> I am working on adding support for aes*-gcm to perl's
> > > > >>>>>>>>> XML::Enc.  I can:
> > > > >>>>>>>>>
> > > > >>>>>>>>> 1. Decrypt SAML responses encrypted with aes*-gcm using XML::Enc
> > > > >>>>>>>>> 2. Decrypt xmlsec encrypted aes*-gcm XML using XML::Enc
> > > > >>>>>>>>> 3. Encrypt XML using aes*-gcm with XML::Sec
> > > > >>>>>>>>> 4. Decrypt XML that was encrypted with XML::Sec using ases*-gcm
> > > > >>>>>>>>>
> > > > >>>>>>>>> However, I cannot use xmlsec to decrypt XML::Sec encrypted XML
> > > > >>>>>>>>> that
> > > > >>>>>>>>> uses aes*-gcm.
> > > > >>>>>>>>>
> > > > >>>>>>>>> I can't think of any issues that would allow me to encrypt and
> > > > >>>>>>>>> decrypt
> > > > >>>>>>>>> XML successfully with XML::Enc but not allow xmlsec to decrypt
> > > > >>>>>>>>> those
> > > > >>>>>>>>> files.
> > > > >>>>>>>>>
> > > > >>>>>>>>> I was wondering if there is a debug flag for XML sec that would
> > > > >>>>>>>>> allow
> > > > >>>>>>>>> me to output the following:
> > > > >>>>>>>>>
> > > > >>>>>>>>> 1. base64 of the CipherValue it reads from the XML file
> > > > >>>>>>>>> 2. base 64 of IV
> > > > >>>>>>>>> 3 base64 of encrypted data
> > > > >>>>>>>>> 4 base 64 of the tag
> > > > >>>>>>>>> 5 base 64 of the key
> > > > >>>>>>>>>
> > > > >>>>>>>>> I don't mind adding some print debugging and recompiling if you
> > > > >>>>>>>>> can
> > > > >>>>>>>>> point me to a starting place.  It has been a while since I
> > > > >>>>>>>>> wrote much
> > > > >>>>>>>>> C but I have no issues.  Finding the correct spot though...
> > > > >>>>>>>>>
> > > > >>>>>>>>> Tim
> > > > >>>>>>>>>
> > > > >>>>>>>>> Timothy Legge
> > > > >>>>>>>>> timlegge at gmail.com
> > > > >>>>>>>>> timlegge at cpan.org
> > > > >>>>>>>>> _______________________________________________
> > > > >>>>>>>>> xmlsec mailing list
> > > > >>>>>>>>> xmlsec at aleksey.com
> > > > >>>>>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
> > > > >>>> _______________________________________________
> > > > >>>> xmlsec mailing list
> > > > >>>> xmlsec at aleksey.com
> > > > >>>> http://www.aleksey.com/mailman/listinfo/xmlsec
> > > > > _______________________________________________
> > > > > xmlsec mailing list
> > > > > xmlsec at aleksey.com
> > > > > http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list