[xmlsec] Can't decrypt GCM based algorithms

Aleksey Sanin aleksey at aleksey.com
Wed Mar 30 13:50:26 UTC 2022 

Great to hear it!

Aleksey

On 3/30/22 8:41 AM, Timothy Legge wrote:
> I think I figured it out.  The encryption does not appear to be using
> the additional authentication data that GCM provides.
> 
> Tim
> Timothy Legge
> timlegge at gmail.com
> timlegge at cpan.org
> 
> On Wed, Mar 30, 2022 at 8:32 AM Timothy Legge <timlegge at gmail.com> wrote:
>>
>> Hi
>>
>> I have confirmed that all my values are the values that xmlsec gets.
>> IV, ciphertext and tag.
>>
>> I have seen some references that say in order to decrypt the
>> ciphertext properly you need the IV, authentication data and the tag.
>>
>> However, the XML spec says to only provide the concatenation of IV .
>> CIPHERTEXT . TAG there appears to be nowhere to pass the
>> authentication data.  Am I missing something?
>>
>> Tim
>>
>>
>> Timothy Legge
>> timlegge at gmail.com
>> timlegge at cpan.org
>>
>> On Tue, Mar 29, 2022 at 10:27 PM Timothy Legge <timlegge at gmail.com> wrote:
>>>
>>> Hi
>>>
>>> I little more information
>>> https://github.com/lsh123/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L166
>>> definitely unencrypted the data
>>>
>>> If I add    printf("%s\n", outBuf); before the return at the end of
>>> the function it prints the unencrypted XML
>>>
>>> Tim
>>> Timothy Legge
>>> timlegge at gmail.com
>>> timlegge at cpan.org
>>>
>>> On Tue, Mar 29, 2022 at 9:23 PM Timothy Legge <timlegge at gmail.com> wrote:
>>>>
>>>> I read https://www.w3.org/TR/xmlenc-core/#sec-AES-GCM as requiring no padding.
>>>>
>>>> No padding should be used during encryption
>>>>
>>>> but if I read 5.2.4 AES-GCM in the context of section 5.2 Block
>>>> Encryption Algorithms then I guess the padding is required.
>>>>
>>>> Great things these standards :-)
>>>>
>>>> Tim
>>>>
>>>> Timothy Legge
>>>> timlegge at gmail.com
>>>> timlegge at cpan.org
>>>>
>>>> On Tue, Mar 29, 2022 at 9:12 PM Aleksey Sanin <aleksey at aleksey.com> wrote:
>>>>>
>>>>> Sorry forgot to add a pointer:
>>>>>
>>>>> https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Alg-Block
>>>>>
>>>>> This is not the standard RFC 1423 padding that most of the software is
>>>>> using these days.
>>>>>
>>>>> Aleksey
>>>>>
>>>>> On 3/29/22 8:10 PM, Aleksey Sanin wrote:
>>>>>> I would check what kind of padding is used by the encryption software.
>>>>>> That's one of the most common reasons for EVP_CipherFinal failure like
>>>>>> that.
>>>>>>
>>>>>> Aleksey
>>>>>>
>>>>>> On 3/29/22 6:35 PM, Timothy Legge wrote:
>>>>>>> That likely answers that particular issue.  My module issue looks like
>>>>>>> this:
>>>>>>>
>>>>>>> xmlsec1 --decrypt --privkey-pem
>>>>>>> ~/perl-Net-SAML2/xt/testapp/sign-private.pem tmp.xml
>>>>>>> func=xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock:file=ciphers.c:line=250:obj=aes256-gcm:subj=EVP_CipherFinal:error=4:crypto
>>>>>>>
>>>>>>> library function failed:openssl error: 0: NULL: NULL NULL
>>>>>>> func=xmlSecOpenSSLEvpBlockCipherGCMCtxFinal:file=ciphers.c:line=557:obj=aes256-gcm:subj=xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock:error=1:xmlsec
>>>>>>>
>>>>>>> library function failed:
>>>>>>> func=xmlSecOpenSSLEvpBlockCipherExecute:file=ciphers.c:line=843:obj=aes256-gcm:subj=xmlSecOpenSSLEvpBlockCipherCtxFinal:error=1:xmlsec
>>>>>>>
>>>>>>> library function failed:
>>>>>>> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1927:obj=aes256-gcm:subj=xmlSecTransformExecute:error=1:xmlsec
>>>>>>>
>>>>>>> library function failed:final=1
>>>>>>> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1952:obj=aes256-gcm:subj=xmlSecTransformPushBin:error=1:xmlsec
>>>>>>>
>>>>>>> library function failed:final=1;outSize=74
>>>>>>> func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=941:obj=unknown:subj=xmlSecTransformPushBin:error=1:xmlsec
>>>>>>>
>>>>>>> library function failed:dataSize=102
>>>>>>> func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=614:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec
>>>>>>>
>>>>>>> library function failed:
>>>>>>> func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=524:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
>>>>>>>
>>>>>>> library function failed:
>>>>>>> Error: failed to decrypt file
>>>>>>> Error: failed to decrypt file "tmp.xml"
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Timothy Legge
>>>>>>> timlegge at gmail.com
>>>>>>> timlegge at cpan.org
>>>>>>>
>>>>>>> On Tue, Mar 29, 2022 at 6:57 PM Aleksey Sanin <aleksey at aleksey.com>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Yes, basically you need to tell XML parser about ID attributes.
>>>>>>>> As I said, section 3.2 in FAQ:
>>>>>>>>
>>>>>>>> https://www.aleksey.com/xmlsec/faq.html
>>>>>>>>
>>>>>>>> Aleksey
>>>>>>>>
>>>>>>>> On 3/29/22 5:52 PM, Timothy Legge wrote:
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> I am missing the reference I think.  Is it related to the --id-attr?
>>>>>>>>>
>>>>>>>>> Timothy Legge
>>>>>>>>> timlegge at gmail.com
>>>>>>>>> timlegge at cpan.org
>>>>>>>>>
>>>>>>>>> On Tue, Mar 29, 2022 at 6:36 PM Aleksey Sanin <aleksey at aleksey.com>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> FAQ section 3.2 if I recall (or somewhere close by).
>>>>>>>>>>
>>>>>>>>>> Aleksey
>>>>>>>>>>
>>>>>>>>>> On 3/29/22 5:34 PM, Timothy Legge wrote:
>>>>>>>>>>> Hi
>>>>>>>>>>>
>>>>>>>>>>> It also seems to be an issue with a IdP SAMLResponse from okta:
>>>>>>>>>>>
>>>>>>>>>>> I have attached the xml as test xml and the base64 version as well as
>>>>>>>>>>> the private key (that private key is from perl-Net-SAML2 and is
>>>>>>>>>>> already public so it is fine to post).  My perl XML::Enc module
>>>>>>>>>>> decrypts this file without any issues.
>>>>>>>>>>>
>>>>>>>>>>> I am continuing to review.
>>>>>>>>>>>
>>>>>>>>>>> Tim
>>>>>>>>>>>
>>>>>>>>>>> xmlsec1 --decrypt --privkey-pem sign-private-rsa.pem test.xml
>>>>>>>>>>> func=xmlSecXPathDataExecute:file=xpath.c:line=246:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
>>>>>>>>>>>
>>>>>>>>>>> library function
>>>>>>>>>>> failed:expr=xpointer(id('_040a0aae3380dc9275ae08c24a8ddd72')); xml
>>>>>>>>>>> error: 0: NULL
>>>>>>>>>>> func=xmlSecXPathDataListExecute:file=xpath.c:line=330:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:
>>>>>>>>>>> func=xmlSecTransformXPathExecute:file=xpath.c:line=430:obj=xpointer:subj=xmlSecXPathDataListExecute:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:
>>>>>>>>>>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2108:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:
>>>>>>>>>>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1044:obj=xpointer:subj=xmlSecTransformPushXml:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:
>>>>>>>>>>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1092:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:
>>>>>>>>>>> func=xmlSecKeyDataRetrievalMethodXmlRead:file=keyinfo.c:line=1108:obj=retrieval-method:subj=xmlSecTransformCtxExecute:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:
>>>>>>>>>>> func=xmlSecKeyInfoNodeRead:file=keyinfo.c:line=121:obj=retrieval-method:subj=xmlSecKeyDataXmlRead:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:node=RetrievalMethod
>>>>>>>>>>> func=xmlSecKeysMngrGetKey:file=keys.c:line=1234:obj=unknown:subj=xmlSecKeyInfoNodeRead:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:node=KeyInfo
>>>>>>>>>>> func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=779:obj=unknown:subj=unknown:error=45:key
>>>>>>>>>>>
>>>>>>>>>>> is not found:encMethod=aes256-gcm
>>>>>>>>>>> func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=596:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:
>>>>>>>>>>> func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=524:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
>>>>>>>>>>>
>>>>>>>>>>> library function failed:
>>>>>>>>>>> Error: failed to decrypt file
>>>>>>>>>>> Error: failed to decrypt file "test.xml"
>>>>>>>>>>>
>>>>>>>>>>> Timothy Legge
>>>>>>>>>>> timlegge at gmail.com
>>>>>>>>>>> timlegge at cpan.org
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Mar 29, 2022 at 1:25 PM Timothy Legge <timlegge at gmail.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> perfect.  I do get errors but my laptop is home at the moment.  I
>>>>>>>>>>>> will test again tonight and let you know.
>>>>>>>>>>>>
>>>>>>>>>>>> Tim
>>>>>>>>>>>>
>>>>>>>>>>>> On Tue., Mar. 29, 2022, 12:57 p.m. Aleksey Sanin,
>>>>>>>>>>>> <aleksey at aleksey.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Well, the gcm code for openssl is here:
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://github.com/lsh123/xmlsec/blob/4b6ab2d86b71f8642f19ab3b7a0777984b6bce9a/src/openssl/ciphers.c#L80
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> so adding printfs in these functions would help.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Do you get any errors?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Aleksey
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 3/29/22 11:51 AM, Timothy Legge wrote:
>>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I am working on adding support for aes*-gcm to perl's
>>>>>>>>>>>>>> XML::Enc.  I can:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 1. Decrypt SAML responses encrypted with aes*-gcm using XML::Enc
>>>>>>>>>>>>>> 2. Decrypt xmlsec encrypted aes*-gcm XML using XML::Enc
>>>>>>>>>>>>>> 3. Encrypt XML using aes*-gcm with XML::Sec
>>>>>>>>>>>>>> 4. Decrypt XML that was encrypted with XML::Sec using ases*-gcm
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> However, I cannot use xmlsec to decrypt XML::Sec encrypted XML
>>>>>>>>>>>>>> that
>>>>>>>>>>>>>> uses aes*-gcm.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I can't think of any issues that would allow me to encrypt and
>>>>>>>>>>>>>> decrypt
>>>>>>>>>>>>>> XML successfully with XML::Enc but not allow xmlsec to decrypt
>>>>>>>>>>>>>> those
>>>>>>>>>>>>>> files.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I was wondering if there is a debug flag for XML sec that would
>>>>>>>>>>>>>> allow
>>>>>>>>>>>>>> me to output the following:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 1. base64 of the CipherValue it reads from the XML file
>>>>>>>>>>>>>> 2. base 64 of IV
>>>>>>>>>>>>>> 3 base64 of encrypted data
>>>>>>>>>>>>>> 4 base 64 of the tag
>>>>>>>>>>>>>> 5 base 64 of the key
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I don't mind adding some print debugging and recompiling if you
>>>>>>>>>>>>>> can
>>>>>>>>>>>>>> point me to a starting place.  It has been a while since I
>>>>>>>>>>>>>> wrote much
>>>>>>>>>>>>>> C but I have no issues.  Finding the correct spot though...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Tim
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Timothy Legge
>>>>>>>>>>>>>> timlegge at gmail.com
>>>>>>>>>>>>>> timlegge at cpan.org
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> xmlsec mailing list
>>>>>>>>>>>>>> xmlsec at aleksey.com
>>>>>>>>>>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>>>>>> _______________________________________________
>>>>>>>>> xmlsec mailing list
>>>>>>>>> xmlsec at aleksey.com
>>>>>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>>> _______________________________________________
>>>>>> xmlsec mailing list
>>>>>> xmlsec at aleksey.com
>>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list