[xmlsec] Test case for OAEPparams? (RSA key transport)

Aleksey Sanin aleksey at aleksey.com
Tue Aug 21 13:08:30 PDT 2018

I have a fix (https://github.com/lsh123/xmlsec/pull/215).
This was a matter of not using the same buffer for both
input and output :) :) :)

I'll merge it after it clears all the builds/tests.


On 8/13/18 12:12 PM, Miklos Vajna wrote:
> Hi,
> On Sun, Aug 12, 2018 at 02:15:01PM -0500, Aleksey Sanin <aleksey at aleksey.com> wrote:
>> I guess there were no test vectors for OAEPparams :( I am traveling and can
>> look into it in about a week. Otherwise, please feel free to add a test
>> yourself.
> Here is what I tried: take <OAEPparams> from tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml, create a variant of tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1-params.tmpl with "-params" suffix that has <OAEPparams>; but then openssl can't decrypt the encryption result:
> ----
> $ ~/git/xmlsec/apps/xmlsec1 decrypt  --crypto openssl --crypto-config /tmp/xmlsec-crypto-config --pkcs12 /home/vmiklos/git/xmlsec/tests/01-phaos-xmlenc-3/rsa-priv-key.p12 --pwd secret --output /tmp/testEnc.sh.20180813_211026-16455.tmp.2 /tmp/testEnc.sh.20180813_211026-16455.tmp
> func=xmlSecOpenSSLEvpBlockCipherCBCCtxFinal:file=ciphers.c:line=465:obj=aes256-cbc:subj=unknown:error=12:invalid data:invalid data: actual value 'padLen'=17, actual value 'blockLen'=16 and expected padLen <= blockLen
> func=xmlSecOpenSSLEvpBlockCipherExecute:file=ciphers.c:line=837:obj=aes256-cbc:subj=xmlSecOpenSSLEvpBlockCipherCtxFinal:error=1:xmlsec library function failed:
> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1929:obj=aes256-cbc:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1954:obj=aes256-cbc:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:final=1;outSize=144
> func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=942:obj=unknown:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:dataSize=194
> func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=616:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec library function failed:
> func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=526:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec library function failed:
> ----
> At this point I think I'm more comfortable to do anything regarding this
> once I see a test that works with openssl first. :-)
> I attach the patch if it's of any help.
> And sure, it's not urgent at all.
> Thanks,
> Miklos
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list