[xmlsec] Consecutive calls to xmlSecEncCtxDecrypt() requires xmlSecEncCtxReset() ?

Michael K vk2bea at yahoo.com
Sat Jun 13 06:55:31 PDT 2009 

I am trying to decrypt many AES 128 CBC encrypted data
nodes: . eg:

<navPoint
class="title/author" id="P1_1">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><CipherData><CipherValue>CAq8thgoElo4Xk+/Bg6NPldaJqqq/TyP4OcD0SZ52zCeL4R+HbsxLtri8Qi7CxFfEP2MQR1Ih0A28EWg8kzcCeiCird56W3G3Ahw/bS6FRFzBGhJFhJoynaTAiY+NoAim0mA38LPbTPnBqYD4nO88BLBzfWO4MKp+yd66CxjS+04sTLmKkP8jSSxtfJBv9sBp39Rj/EJx2aqNLfHz43Ye8E9ycEItmCliMt+sLWqRA7cgNu9yr+fYi0Kwo4BAf9JhaNLU1efmsAu9nycC0NptDi0Ztyg931xo7J6GYlI5AvP1B8zQVmR76zK0BWd4ZvY</CipherValue></CipherData></EncryptedData>
    <content src="63611.smil#P1_1"/>
</navPoint>

<navPoint class="annotation" id="P9_1">
    <EncryptedDataType="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><CipherData><CipherValue>k0DdCQJGh7XenC0OOZwWSTZmLEZ63Ir6ZwFZeFHqRHbSuCIre1rwoVyXq3JcM9yW/Xl9bntRP2/2EPITObIsNMZhwh4lpU0FvW9tcz8t8/azEBeUHbef6/diF06I+5WSghv7916og3TuGhY8dTbw8sR6IkOFh/oZRVXRobw//m5rfl2esVJCs4ekr8x50jVC+bSsTKeodVj0A5SC67J0e7Rlr/uhOoCUxt9b8H4RLxYlpDfsTkam2qIzUFt1ikPTAS+CI84RndLCCYykcybQMQ==</CipherValue></CipherData></EncryptedData>
    <content src="63611.smil#P9_1"/>
</navPoint>


I am using xpath to find the node and then using xmlSecEncCtxDecrypt to
decrypt the node (replacing the <EncryptedData> tag with the
decoded node(s).
I create the context and  explicitly setting the AES key ...

    encCtx =
xmlSecEncCtxCreate(NULL);

    if( (encCtx->encKey = xmlSecKeyCreate()) == NULL)
       goto Abort;
    if( (encCtx->encKey->value = xmlSecKeyDataCreate(
xmlSecKeyDataAesId )) == NULL )
       goto Abort;
    if( xmlSecKeyDataBinaryValueSetBuffer( encCtx->encKey->value,
AESKey, 16 ) != 0 )
        goto Abort;
   
if(xmlSecKeySetName(encCtx->encKey, (const xmlChar *)"DTB Text Key")
< 0) 
        goto Abort;
    // In case <EncryptionMethod> not present ..  set default
AES128CBC
    encCtx->defEncMethodId = xmlSecTransformAes128CbcId;

I find the node (e.g. "navpoint" with the class "title/author") and
pass this to 
    node = xmlSecFindNode( nodeset->nodeTab[i],
xmlSecNodeEncryptedData, xmlSecEncNs );
to get the<EncryptedData> node. This is then
passed to xmlSecEncCtxDecrypt to decrypt the node:

    if((xmlSecEncCtxDecrypt(encCtx,
node) < 0) || (encCtx->result == NULL))
                    fprintf(stderr,"Error: decryption of Anotation\n");

I find this only works correctly the
first time I call xmlSecEncCtxDecrypt. If I call xmlSecEncCtxDecrypt a second time  (say after finding the node "navPoint" with
class "annotation" ) I get the following error:
func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=634:obj=unknown:subj=encCtx->result
== NULL:error=100:assertion: 
func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=582:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
library function failed: 

I can get multiple calls to xmlSecEncCtxDecrypt to work if I call xmlSecEncCtxReset( encCtx ); before each call
to xmlSecEncCtxDecrypt.
Reseting the context means that I have to set the AES key again.

Is there something I can do to the encryption context short of reseting
it to enable me to call xmlSecEncCtxDecrypt multiple times ?   Have I
missed some vital piece to clean up the context ?

Michael
 
-- 
   |\      _,,,---,,_             Michael Katzmann
   /,`.-'`'    -.  ;-;;,_         NV3Z / VK2BEA / G4NYV
  |,4-  ) )-,_. ,\ (  `'-' 
 '---''(_/--'  `-'\_)             MichaelK  =>  IEEE  d o t o r g

More information about the xmlsec mailing list