[Pyxmlsec-devel] Error while encrypting XML (SAML assertion)

Patrick Craston Patrick.Craston at contextis.co.uk
Thu Apr 10 11:40:05 CEST 2014


Hello

I'm trying to encrypt a XML node (SAML Assertion) using PyXMLSec 0.3.1 (following this example http://pyxmlsec.labs.libre-entreprise.org/index.php?section=examples&id=10)  and failing.

My code is this (config['public_key_file'] is the path to the public key):
    mngr = xmlsec.KeysMngr()
    key = xmlsec.cryptoAppKeyLoad(config['public_key_file'], xmlsec.KeyDataFormatPem, None, None, None)
    key.setName(config['public_key_file'])
    # add the key to the manager
    xmlsec.cryptoAppDefaultKeysMngrAdoptKey(mngr, key)
    # now encrypt the xml
    doc = libxml2.parseDoc(unencrypted)
    # Create encryption template to encrypt XML file and replace
    # its content with encryption result
    enc_data_node = xmlsec.TmplEncData(doc, xmlsec.transformAes128CbcId(), None, xmlsec.TypeEncElement, None, None)
    # put encrypted data in the <enc:CipherValue/> node
    enc_data_node.ensureCipherValue()
    # add <dsig:KeyInfo/>
    key_info_node = enc_data_node.ensureKeyInfo(None)
    # Add <enc:EncryptedKey/> to store the encrypted session key
    enc_key_node = key_info_node.addEncryptedKey(xmlsec.transformRsaPkcs1Id(), None, None, None)
    # put encrypted key in the <enc:CipherValue/> node
    enc_key_node.ensureCipherValue()
    # Add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/>
    key_info_node2 = enc_key_node.ensureKeyInfo(None)
    # Set key name so we can lookup key when needed
    key_info_node2.addKeyName(config['public_key_file'])
    # Create encryption context
    enc_ctx = xmlsec.EncCtx(mngr)
    # Generate a Triple DES key
    key = xmlsec.keyGenerate(xmlsec.keyDataDesId(), 192, xmlsec.KeyDataTypeSession)
    enc_ctx.encKey = key
    # Encrypt the data
    enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement())

When I run my Django app that calls the above code, I get this error:

func=xmlSecOpenSSLAppDefaultKeysMngrAdoptKey:file=app.c:line=1319:obj=unknown:subj=xmlSecKeysMngrGetKeysStore:error=1:xmlsec library function failed: 
func=xmlSecTransformIdListFindByHref:file=transforms.c:line=2538:obj=unknown:subj=xmlSecPtrListCheckId(list, xmlSecTransformIdListId):error=100:assertion: 
func=xmlSecTransformNodeRead:file=transforms.c:line=1533:obj=unknown:subj=xmlSecTransformIdListFindByHref:error=1:xmlsec library function failed:href=http://www.w3.org/2001/04/xmlenc#aes128-cbc
func=xmlSecTransformCtxNodeRead:file=transforms.c:line=684:obj=unknown:subj=xmlSecTransformNodeRead:error=1:xmlsec library function failed:name=EncryptionMethod
func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=905:obj=unknown:subj=xmlSecTransformCtxNodeRead:error=1:xmlsec library function failed:node=EncryptionMethod
func=xmlSecEncCtxXmlEncrypt:file=xmlenc.c:line=386:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed: 
*** glibc detected *** /home/vagrant/venv/bin/python: double free or corruption (fasttop): 0x00007f55f4583350 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7f560532ab96]
/usr/lib/libxmlsec1.so.1(xmlSecEncCtxReset+0x93)[0x7f560077ecb3]
/usr/lib/libxmlsec1.so.1(xmlSecEncCtxFinalize+0x16)[0x7f560077ee06]
/usr/lib/libxmlsec1.so.1(xmlSecEncCtxDestroy+0x12)[0x7f560077ef42]
/home/vagrant/venv/local/lib/python2.7/site-packages/xmlsecmod.so(xmlsec_EncCtxDestroy+0x6a)[0x7f5600bf90ea]
...

I if I execute each line at a time, when I run this:
xmlsec.cryptoAppDefaultKeysMngrAdoptKey(mngr, key)
I get this error:
func=xmlSecOpenSSLAppDefaultKeysMngrAdoptKey:file=app.c:line=1319:obj=unknown:subj=xmlSecKeysMngrGetKeysStore:error=1:xmlsec library function failed:

The other errors seem to occur during the encryption process, i.e this line:
enc_ctx.xmlEncrypt(enc_data_node, doc.getRootElement())


When I encrypt the XML using xmlsec1 on the command line it works fine (using this example http://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html) :
xmlsec1 encrypt --pubkey-pem <public key file> --session-key des-192 --xml-data <unencrypted xml> --output doc-encrypted.xml session-key-template.xml


Anyone have any ideas what my problem could be?

Any help much appreciated!

Thanks
Patrick



More information about the Pyxmlsec-devel mailing list