Anwender-Probleme mit XML Signature

Frage: Welche Probleme haben die Nutzer und Entwickler aktuell mit Canonical XML und XML Signature?

Christian Geuer-Pollmann <geuerp@apache.org>
Universität Siegen
Institut für Digitale Kommunikationssysteme

Audience: XML Signatur Workshop / TU Ilmenau / 3. - 4. April 2003

Slides URL: http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/publications/20030403_XMLSignaturWorkshop/

Standards

XML

Canonicalization

Digital Signatures

Encryption

XML Signature

Was wird 'signiert'?

Beispiel

<Signature Id="MyFirstSignature" xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>
<KeyInfo>
<KeyValue>
<DSAKeyValue>
<P>...</P><Q>...</Q><G>...</G><Y>...</Y>
</DSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>

Signatur Aufbau

Adressierung signierter Inhalte via URI

Signierte Daten werden via URI Attribut in der <Reference> adressiert

Probleme mit URIs

Transformationen

XML Signature 1.0 definiert verschiedene Transformationen:

TransformStatus
Canonical XML (omitting comments) REQUIRED
Base64 decoding REQUIRED
Enveloped Signature REQUIRED
Canonical XML (with comments) RECOMMENDED
XPath v1.0 RECOMMENDED
XSLT OPTIONAL
Exclusive XML Canonicalization n.a.
Exclusive XML Canonicalization (with comments) n.a.
XPath Filter v2.0 n.a.
Custom transform n.a.

Probleme der einzelnen Transformationen

Semantik von "obfuscated node sets"

Mittels XPath v1.0 und XPath Filter v2.0 können sehr 'merkwürdige' XPath node sets ausgewählt werden. Das wird dann ein Problem, wenn die kanonisierten Octets semantisch bewertet werden sollen. Das Ergebnis der Kanonisierung eines document subset (XPath node sets) muss nicht unbedingt XML sein...

Probleme für Toolkit Entwickler

WYPMBTSTWYV – "What you process must be the same than what you verified!"

<transaction Id="transact" xmlns="http://www.example.com/#highSecureBanking">
<volume currency="USD">1.000.000.000</volume>
<sender>Alice</sender>
<recipient>Bob</recipient>
<text>I (Alice) owe Bob 1.000.000.000 USD.</text> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
... <Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"
xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xf2:XPath Filter="subtract">
here()/ancestor::ds:Signature[1]
</xf2:XPath>
<xf2:XPath Filter="intersect">
id("transact") </xf2:XPath>
</ds:Transform>
</ds:Transforms>
... </Reference> ... <Object Id="transact">My dog has fleas. </Object> </Signature> </transaction>

Real-life verification code

// WRONG (vulnerable)!!!
if (signature.validity() == true) {
handleTransaction(data);
} else {
raiseError();
}

Verification

Careful checking

if (signature.validity() == true) {
if (checkTransforms) {
checkSchema(document)
checkTransforms(signedInfo, profilingDoc);
checkCanonicalizationAndSignatureMethod (signedInfo, profilingDoc);
handleTransaction(document);
}
if (checkSignedData) {
signedData = signedInfo.extractSignedData(); // for each reference
handleTransaction(signedData);
}
if (!checkTransforms && !checkSignedData) {
raiseError();
}
} else {
raiseError();
}

Checking in Apache

// create the signature in some way
XMLSignature signature = ...;
// get the SignedInfo
SignedInfo signedInfo = signature.getSignedInfo();
// get the first Reference
Reference ref0 = signedInfo.item(0);
// get the result of the Transforms
XMLSignatureInput signedContents = ref0.getContentsAfterTransformation(); if (signedContents.isNodeSet()) { Set signedNodes = signedContents.getNodeSet(); } else { byte[] signedOctets = signedContents.getBytes(); } // print out Transforms/Transform/@URI Transforms transforms = ref0.getTransforms(); for (int i=0; i<transforms.getLength(); i++) { Transform t = transforms.item(i); System.out.println(i + " " + t.getURI()); }

User problems