Hi Michael,
What you can do is after decrypt, to copy the encKey pointer
somewhere, set it to NULL in the context, then reset then
set it back. This way it will be as fast as copying few
pointers.
Hope this makes sense.
Aleksey
Michael K wrote:
I am trying to decrypt many AES 128 CBC encrypted data
nodes: . eg:
<navPoint
class="title/author" id="P1_1">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element";
xmlns="http://www.w3.org/2001/04/xmlenc#";><EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><CipherData><CipherValue>CAq8thgoElo4Xk+/Bg6NPldaJqqq/TyP4OcD0SZ52zCeL4R+HbsxLtri8Qi7CxFfEP2MQR1Ih0A28EWg8kzcCeiCird56W3G3Ahw/bS6FRFzBGhJFhJoynaTAiY+NoAim0mA38LPbTPnBqYD4nO88BLBzfWO4MKp+yd66CxjS+04sTLmKkP8jSSxtfJBv9sBp39Rj/EJx2aqNLfHz43Ye8E9ycEItmCliMt+sLWqRA7cgNu9yr+fYi0Kwo4BAf9JhaNLU1efmsAu9nycC0NptDi0Ztyg931xo7J6GYlI5AvP1B8zQVmR76zK0BWd4ZvY</CipherValue></CipherData></EncryptedData>
<content src="63611.smil#P1_1"/>
</navPoint>
<navPoint class="annotation" id="P9_1">
<EncryptedDataType="http://www.w3.org/2001/04/xmlenc#Element";
xmlns="http://www.w3.org/2001/04/xmlenc#";><EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><CipherData><CipherValue>k0DdCQJGh7XenC0OOZwWSTZmLEZ63Ir6ZwFZeFHqRHbSuCIre1rwoVyXq3JcM9yW/Xl9bntRP2/2EPITObIsNMZhwh4lpU0FvW9tcz8t8/azEBeUHbef6/diF06I+5WSghv7916og3TuGhY8dTbw8sR6IkOFh/oZRVXRobw//m5rfl2esVJCs4ekr8x50jVC+bSsTKeodVj0A5SC67J0e7Rlr/uhOoCUxt9b8H4RLxYlpDfsTkam2qIzUFt1ikPTAS+CI84RndLCCYykcybQMQ==</CipherValue></CipherData></EncryptedData>
<content src="63611.smil#P9_1"/>
</navPoint>
I am using xpath to find the node and then using xmlSecEncCtxDecrypt to
decrypt the node (replacing the <EncryptedData> tag with the
decoded node(s).
I create the context and explicitly setting the AES key ...
encCtx =
xmlSecEncCtxCreate(NULL);
if( (encCtx->encKey = xmlSecKeyCreate()) == NULL)
goto Abort;
if( (encCtx->encKey->value = xmlSecKeyDataCreate(
xmlSecKeyDataAesId )) == NULL )
goto Abort;
if( xmlSecKeyDataBinaryValueSetBuffer( encCtx->encKey->value,
AESKey, 16 ) != 0 )
goto Abort;
if(xmlSecKeySetName(encCtx->encKey, (const xmlChar *)"DTB Text Key")
< 0)
goto Abort;
// In case <EncryptionMethod> not present .. set default
AES128CBC
encCtx->defEncMethodId = xmlSecTransformAes128CbcId;
I find the node (e.g. "navpoint" with the class "title/author") and
pass this to
node = xmlSecFindNode( nodeset->nodeTab[i],
xmlSecNodeEncryptedData, xmlSecEncNs );
to get the<EncryptedData> node. This is then
passed to xmlSecEncCtxDecrypt to decrypt the node:
if((xmlSecEncCtxDecrypt(encCtx,
node) < 0) || (encCtx->result == NULL))
fprintf(stderr,"Error: decryption of Anotation\n");
I find this only works correctly the
first time I call xmlSecEncCtxDecrypt. If I call xmlSecEncCtxDecrypt a second time (say
after finding the node "navPoint" with
class "annotation" ) I get the following error:
func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=634:obj=unknown:subj=encCtx->result
== NULL:error=100:assertion:
func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=582:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec
library function failed:
I can get multiple calls to xmlSecEncCtxDecrypt to work if I call
xmlSecEncCtxReset( encCtx ); before each call
to xmlSecEncCtxDecrypt.
Reseting the context means that I have to set the AES key again.
Is there something I can do to the encryption context short of reseting
it to enable me to call xmlSecEncCtxDecrypt multiple times ? Have I
missed some vital piece to clean up the context ?
Michael
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
