[xmlsec] Test case for OAEPparams? (RSA key transport)

Miklos Vajna vmiklos at vmiklos.hu
Mon Aug 13 12:12:37 PDT 2018


Hi,

On Sun, Aug 12, 2018 at 02:15:01PM -0500, Aleksey Sanin <aleksey at aleksey.com> wrote:
> I guess there were no test vectors for OAEPparams :( I am traveling and can
> look into it in about a week. Otherwise, please feel free to add a test
> yourself.

Here is what I tried: take <OAEPparams> from tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml, create a variant of tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1-params.tmpl with "-params" suffix that has <OAEPparams>; but then openssl can't decrypt the encryption result:

----
$ ~/git/xmlsec/apps/xmlsec1 decrypt  --crypto openssl --crypto-config /tmp/xmlsec-crypto-config --pkcs12 /home/vmiklos/git/xmlsec/tests/01-phaos-xmlenc-3/rsa-priv-key.p12 --pwd secret --output /tmp/testEnc.sh.20180813_211026-16455.tmp.2 /tmp/testEnc.sh.20180813_211026-16455.tmp
func=xmlSecOpenSSLEvpBlockCipherCBCCtxFinal:file=ciphers.c:line=465:obj=aes256-cbc:subj=unknown:error=12:invalid data:invalid data: actual value 'padLen'=17, actual value 'blockLen'=16 and expected padLen <= blockLen
func=xmlSecOpenSSLEvpBlockCipherExecute:file=ciphers.c:line=837:obj=aes256-cbc:subj=xmlSecOpenSSLEvpBlockCipherCtxFinal:error=1:xmlsec library function failed:
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1929:obj=aes256-cbc:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1954:obj=aes256-cbc:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:final=1;outSize=144
func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=942:obj=unknown:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:dataSize=194
func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=616:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec library function failed:
func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=526:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec library function failed:
----

At this point I think I'm more comfortable to do anything regarding this
once I see a test that works with openssl first. :-)

I attach the patch if it's of any help.

And sure, it's not urgent at all.

Thanks,

Miklos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-WIP.patch
Type: text/x-patch
Size: 8565 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20180813/63f82d2d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20180813/63f82d2d/attachment.sig>


More information about the xmlsec mailing list