OpenSAML java withcomments canonicalization

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSAML java withcomments canonicalization

Bob Jacoby
I'm trying to verify the "comment attack" is mitigated by using http://www.w3.org/2001/10/xml-exc-c14n#WithComments canonicalization for calculating the digest, but I'm not getting the digest to fail as I expect. Does OpenSAML (using v3.3.1) support this as a transform when performing validation or am I just ignorant on how this is supposed to work?

For reference, I have a saml attribute with a value "helloworld" and then sign the response - specifying http://www.w3.org/2001/10/xml-exc-c14n#WithComments for both the canonicalization method and the transform algorithm. I captured the samlResponse and altered the value of the attribute to "hello<!---->world" without changing anything else. I then validated the modified saml response.

Since the saml response specifies "...#WithComments" I had anticipated the subsequent validation would fail when comparing the digests, but the whole thing validated fine. I understand the BasicParserPool, by default, ignores comments when unmarshalling (which would strip out the comments I added), so I switched it to not ignore comments and verified the comment was loaded when unmarshalling.

Is this as expected? If so, how is 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments' any different from 'http://www.w3.org/2001/10/xml-exc-c14n' with respect to how they work within OpenSAML?

Best,
Bob

For reference, my signedinfo is similar to:

<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#73651ce4-0ee9-4452-b063-c70657fb99dc">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"><ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>MVm6t//vsyxMT7jt1KJl6Ef1G6Ie+f5ewTi54CHV4D8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
EvT1KHe0o2h1pqtgQ7QsjTBJfoopDPgTgR7s1IY7asCxzYWdr95re290xwTPibMsxids36VYYcb1
S5UoXhUY2OCF4KXrWmyY2OVvDbGtKwW1QDTmzx1jaZCuOj+RPdtQaJVWg6YSwQFA7KlkyGtRvASb
nBmh2OkszTHGhB9dkPE=
</ds:SignatureValue>
</ds:Signature>



--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: OpenSAML java withcomments canonicalization

Cantor, Scott E.
> Is this as expected?

No, I don't really believe that's possible. It might be in a case where the final transform in the chain produced a node set, but with a second transform doing c14n, it should be an octet stream and that shouldn't undergo any further c14n.

-- Scott

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSAML java withcomments canonicalization

Bob Jacoby
Scott,

Thanks for you reply. I don't think I fully understand it so sorry if you've already answered this question and I just don't realize it...

Based on https://issues.shibboleth.net/jira/projects/OSJ/issues/OSJ-230 I understand that I can't specify the transform c14n algorithm, and that c14n w/o comments is always used when signing in openSAML. I'm trying to understand the reverse. Suppose I try to use openSAML to validate a signature (e.g. generated by some other library that does allow c14n w/ comments as the transform) that produced the following:

<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#73651ce4-0ee9-4452-b063-c70657fb99dc">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"><ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>MVm6t//vsyxMT7jt1KJl6Ef1G6Ie+f5ewTi54CHV4D8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
EvT1KHe0o2h1pqtgQ7QsjTBJfoopDPgTgR7s1IY7asCxzYWdr95re290xwTPibMsxids36VYYcb1
S5UoXhUY2OCF4KXrWmyY2OVvDbGtKwW1QDTmzx1jaZCuOj+RPdtQaJVWg6YSwQFA7KlkyGtRvASb
nBmh2OkszTHGhB9dkPE=
</ds:SignatureValue>
</ds:Signature>

When the digest of ref #73651ce4-0ee9-4452-b063-c70657fb99dc is recalculated for validation purposes within openSAML, will the c14n w/ comments algorithm specified in the transform be used or will c14n w/o comments be used?

Best,
Bob
 

On Thu, Mar 1, 2018 at 8:25 AM, Cantor, Scott <[hidden email]> wrote:
> Is this as expected?

No, I don't really believe that's possible. It might be in a case where the final transform in the chain produced a node set, but with a second transform doing c14n, it should be an octet stream and that shouldn't undergo any further c14n.

-- Scott

--
To unsubscribe from this list send an email to [hidden email]


--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: OpenSAML java withcomments canonicalization

Cantor, Scott E.
> Based on https://issues.shibboleth.net/jira/projects/OSJ/issues/OSJ-230 I
> understand that I can't specify the transform c14n algorithm, and that c14n
> w/o comments is always used when signing in openSAML.

That's not the case if you do it by hand. Shibboleth does not have the ability to override the transform because it does not, and will not, call those APIs directly. Anybody else can do anything they want to do if they manipulate it directly with those APIs.

> I'm trying to understand the reverse. Suppose I try to use openSAML to validate a
> signature (e.g. generated by some other library that does allow c14n w/
> comments as the transform) that produced the following:

The mechanical validation of the signature, which is not done by OpenSAML, that's Santuario, is done based on whatever the message contains. If it says use Transform X, then that's what is done, provided the library supports it and doesn't have some kind of policy blocking it.

> When the digest of ref #73651ce4-0ee9-4452-b063-c70657fb99dc is
> recalculated for validation purposes within openSAML, will the c14n w/
> comments algorithm specified in the transform be used or will c14n w/o
> comments be used?

The one in the Transform is used. If the last Transform in the chain produced a node set, then I believe XML Signature mandates that the final octet stream be generated by applying *another* c14n, the algorithm for which I don't recall, it's in the standard. If the final Transform is c14n itself, then my understanding is that it produces an octet stream directly and therefore should be consumed into the digester as is, not manipulated again.

-- Scott

--
To unsubscribe from this list send an email to [hidden email]