[xmlsec] Test case for OAEPparams? (RSA key transport)

Discussion:

Miklos Vajna

2018-08-12 14:12:00 UTC

Hi,

I'm trying to eliminate the last xmlSecNotImplementedError in
src/mscng/kt_rsa.c, and I wonder, what would be a testcase that would
trigger it?

I see that the openssl and mscrypto backends implement it, but would it
be possible to have a test doc that would show it in action?

git grep OAEPparams tests/

points out 2 test documents, but
encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256 is not invoked by make
check and encsig-hmac-sha256-rsa-oaep-mgf1p is only used for a test
where transforms are checked, but then nothing else happens.

Thanks,

Miklos

Aleksey Sanin

2018-08-12 19:15:01 UTC

Permalink

I guess there were no test vectors for OAEPparams :( I am traveling and
can look into it in about a week. Otherwise, please feel free to add a
test yourself.

Thanks
Aleksey

Post by Miklos Vajna
Hi,
I'm trying to eliminate the last xmlSecNotImplementedError in
src/mscng/kt_rsa.c, and I wonder, what would be a testcase that would
trigger it?
I see that the openssl and mscrypto backends implement it, but would it
be possible to have a test doc that would show it in action?
git grep OAEPparams tests/
points out 2 test documents, but
encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256 is not invoked by make
check and encsig-hmac-sha256-rsa-oaep-mgf1p is only used for a test
where transforms are checked, but then nothing else happens.
Thanks,
Miklos
_______________________________________________
xmlsec mailing list
http://www.aleksey.com/mailman/listinfo/xmlsec

Miklos Vajna

2018-08-13 19:12:37 UTC

Permalink

Hi,

I guess there were no test vectors for OAEPparams :( I am traveling and can
look into it in about a week. Otherwise, please feel free to add a test
yourself.

Here is what I tried: take <OAEPparams> from tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml, create a variant of tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1-params.tmpl with "-params" suffix that has <OAEPparams>; but then openssl can't decrypt the encryption result:

----
$ ~/git/xmlsec/apps/xmlsec1 decrypt --crypto openssl --crypto-config /tmp/xmlsec-crypto-config --pkcs12 /home/vmiklos/git/xmlsec/tests/01-phaos-xmlenc-3/rsa-priv-key.p12 --pwd secret --output /tmp/testEnc.sh.20180813_211026-16455.tmp.2 /tmp/testEnc.sh.20180813_211026-16455.tmp
func=xmlSecOpenSSLEvpBlockCipherCBCCtxFinal:file=ciphers.c:line=465:obj=aes256-cbc:subj=unknown:error=12:invalid data:invalid data: actual value 'padLen'=17, actual value 'blockLen'=16 and expected padLen <= blockLen
func=xmlSecOpenSSLEvpBlockCipherExecute:file=ciphers.c:line=837:obj=aes256-cbc:subj=xmlSecOpenSSLEvpBlockCipherCtxFinal:error=1:xmlsec library function failed:
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1929:obj=aes256-cbc:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1954:obj=aes256-cbc:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:final=1;outSize=144
func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=942:obj=unknown:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:dataSize=194
func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=616:obj=unknown:subj=xmlSecTransformCtxBinaryExecute:error=1:xmlsec library function failed:
func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=526:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec library function failed:
----

At this point I think I'm more comfortable to do anything regarding this
once I see a test that works with openssl first. :-)

I attach the patch if it's of any help.

And sure, it's not urgent at all.

Thanks,

Miklos

Aleksey Sanin

2018-08-21 20:08:30 UTC

Permalink

I have a fix (https://github.com/lsh123/xmlsec/pull/215).
This was a matter of not using the same buffer for both
input and output :) :) :)

I'll merge it after it clears all the builds/tests.

Aleksey

Post by Miklos Vajna
Hi,

I guess there were no test vectors for OAEPparams :( I am traveling and can
look into it in about a week. Otherwise, please feel free to add a test
yourself.

----
$ ~/git/xmlsec/apps/xmlsec1 decrypt --crypto openssl --crypto-config /tmp/xmlsec-crypto-config --pkcs12 /home/vmiklos/git/xmlsec/tests/01-phaos-xmlenc-3/rsa-priv-key.p12 --pwd secret --output /tmp/testEnc.sh.20180813_211026-16455.tmp.2 /tmp/testEnc.sh.20180813_211026-16455.tmp
func=xmlSecOpenSSLEvpBlockCipherCBCCtxFinal:file=ciphers.c:line=465:obj=aes256-cbc:subj=unknown:error=12:invalid data:invalid data: actual value 'padLen'=17, actual value 'blockLen'=16 and expected padLen <= blockLen
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1929:obj=aes256-cbc:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1954:obj=aes256-cbc:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:final=1;outSize=144
func=xmlSecTransformCtxBinaryExecute:file=transforms.c:line=942:obj=unknown:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed:dataSize=194
----
At this point I think I'm more comfortable to do anything regarding this
once I see a test that works with openssl first. :-)
I attach the patch if it's of any help.
And sure, it's not urgent at all.
Thanks,
Miklos
_______________________________________________
xmlsec mailing list
http://www.aleksey.com/mailman/listinfo/xmlsec

Miklos Vajna

2018-08-28 19:36:36 UTC

Permalink

Hi,

Post by Aleksey Sanin
I have a fix (https://github.com/lsh123/xmlsec/pull/215).
This was a matter of not using the same buffer for both
input and output :) :) :)
I'll merge it after it clears all the builds/tests.

Thanks!

https://github.com/lsh123/xmlsec/pull/219 fixes up mscng now that I
could depend on the new tests.

Regards,

Miklos

Aleksey Sanin

2018-08-28 20:55:52 UTC

Permalink

Thank you! Merged!

Aleksey

Post by Miklos Vajna
Hi,

Thanks!
https://github.com/lsh123/xmlsec/pull/219 fixes up mscng now that I
could depend on the new tests.
Regards,
Miklos