Decryption Transform for XML Signature

2 Decryption Transform

This section describes the processing rules of the transform. The rules are written as three functions; the inputs and outputs of the transform are the inputs and outputs of the decryptIncludedNodes() function, which itself calls the decryptXML() or decryptOctets() function.

The transform operates over a node-set X, and its parsing context , which consists of the following items:

Prefix and ~~namespace~~ name of each namespace that is in scope for the first element node in X.
Name and value of each general entity that is effective for the XML document causing X.

2.1 Processing Rules

2.1.1 Functions

Y = decryptXML(X, e, C)

where X is a node-set, e is an element node with the type xenc:EncryptedData in X, and C is a parsing context of X. Y is a node-set obtained by the following steps:

Convert X to an octet stream as described in The Reference Processing Model (section 4.3.3.2) of the XML Signature specification [XML-Signature].
Decrypt the element corresponding to e (which may require parsing) and replace it with the resulting octet stream according to the XML Encryption specification [XML-Encryption].
Wrap the decrypted octet stream in the context of C as specified in Text Wrapping (Appendix A) ~~and if needed, add the octets representing a document type declaration~~. In order to parse the octet stream in the context of C, all the namespace declarations in C MUST be added to the wrapping element. Also all the entity declarations in C MUST be added to the document type declaration.
Parse the wrapped octet stream as described in The Reference Processing Model (section 4.3.3.2) of the XML Signature specification [XML-Signature], resulting in a node-set.
Y is the node-set obtained by removing the root node, the wrapping element node, and its associated set of attribute and namespace nodes from the node-set obtained in Step 4.
Return Y.

(In decryptXML(), all of the steps except the actual decryption are necessary because XPath does not permit one to remove and then replace a node. Consequently, we must serialize (1), wrap (2), reparse (4), and trim the node set (5).)

6 Appendices

6.A Text Wrapping

This appendix specifies the process for wrapping text in a certain parsing context, which is performed in decryptXML() (section 2.1.1). The process is a part of the process proposed by Richard Tobin in [Tobin] for constructing the infoset [XML-Infoset] of an external entity.

The process consists of the following steps:

Emit an XML declaration with the version number "1.0" ~~and the encoding "UTF-8"~~.
If the parsing context contains any general entities, then emit a document type declaration that provides entity declarations declaring the entities.
Emit a dummy element start-tag with namespace declaration attributes declaring all the namespaces in the parsing context.
Emit the text.
Emit a dummy element end-tag.

In the above steps, the document type declaration and dummy element tags MUST be encoded in UTF-8.

Consider the following document containing an EncryptedData element:

<!DOCTYPE Document [
  <!ENTITY dsig "http://www.w3.org/2000/09/xmldsig#">
]>
<Document xmlns="http://example.org/">
  <foo:Body xmlns:foo="http://example.org/foo">
    <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
                   Type="http://www.w3.org/2001/04/xmlenc#Element">
      ...
    </EncryptedData> 
  </foo:Body>
</Document>

If the EncryptedData element is fed through the decryption transform and is decrypted to the text "<One><foo:Two/></One>", then the text will be wrapped as follows:

<?xml version="1.0"?>
<!DOCTYPE dummy [
  <!ENTITY dsig "http://www.w3.org/2000/09/xmldsig#">
]>
<dummy xmlns="http://example.org/"
       xmlns:foo="http://example.org/foo"><One><foo:Two/></One></dummy>