entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

[core] do not emit a warning for expected decryption errors 

The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.

Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
This commit is contained in:
Benjamin Dauvergne 2011-11-22 16:55:30 +01:00
parent 5957f3e230
commit fd7af65e91
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lasso/saml-2.0/login.c
View File

@ -1193,8 +1193,11 @@ _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *sa
break;
}
lasso_foreach_full_end();
if (rc1) {
if (rc1 == LASSO_DS_ERROR_DECRYPTION_FAILED) {
message(G_LOG_LEVEL_WARNING, "Could not decrypt the EncryptedKey");
at_least_one_decryption_failture |= TRUE;
continue;
} else if (rc1) {
message(G_LOG_LEVEL_WARNING, "Could not decrypt an assertion: %s", lasso_strerror(rc1));
at_least_one_decryption_failture |= TRUE;
continue;

7
lasso/xml/tools.c
View File

@ -1574,7 +1574,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
xmlChar *algorithm = NULL;
xmlSecKeyDataId key_type;
GList *i = NULL;
int rc = LASSO_DS_ERROR_DECRYPTION_FAILED;
int rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA;
if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) {
message(G_LOG_LEVEL_WARNING, "Invalid decryption key");
@ -1582,6 +1582,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
goto cleanup;
}
xmlSetGenericErrorFunc(NULL, lasso_xml_generic_error_func);
/* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */
encryption_private_key = xmlSecKeyDuplicate(encryption_private_key);
@ -1655,8 +1657,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
if (key_buffer != NULL) {
sym_key = xmlSecKeyReadBuffer(key_type, key_buffer);
}
rc = LASSO_DS_ERROR_ENCRYPTION_FAILED;
if (sym_key == NULL) {
message(G_LOG_LEVEL_WARNING, "EncryptedKey decryption failed");
goto cleanup;
}
@ -1673,6 +1675,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
/* decrypt the EncryptedData */
if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) {
rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA;
message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed");
goto cleanup;
}