search

robrichards / xmlseclibs

A PHP library for XML Security
BSD 3-Clause "New" or "Revised" License
387 stars 181 forks source link

XMLSecLibs cannot validate ECDSA signatures #170

Closed restena-sw closed 6 years ago

restena-sw commented 6 years ago

Hello,

I'm using XMLSecLibs embedded in simpleSAMLphp 1.15.3. I have an IdP whose metadata has an ECDSA key (only). Upon authenticating to that IdP successfully, the SP gets back the SAML assertion but fails to verify the signature. simpleSAMLphp's backtrace on it is:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace: 1 www/_include.php:45 (SimpleSAML_exception_handler) 0 [builtin] (N/A) Caused by: Exception: Unable to validate Signature Backtrace: 6 vendor/simplesamlphp/saml2/src/SAML2/Utils.php:179 (SAML2\Utils::validateSignature) 5 [builtin] (call_user_func) 4 vendor/simplesamlphp/saml2/src/SAML2/Message.php:261 (SAML2\Message::validate) 3 modules/saml/lib/Message.php:216 (sspmod_saml_Message::checkSign) 2 modules/saml/lib/Message.php:565 (sspmod_saml_Message::processResponse) 1 modules/saml/www/sp/saml2-acs.php:129 (require) 0 www/module.php:135 (N/A)

Looking at the XMLSecLibs code, I came to the point of inspecting XMLSecurityKey having constants for many DSig values, but not for the ECDSA ones. Looking at RFC4051, the DSig algorithm to support would be

2.3.6. ECDSA-SHA*

Identifiers http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512

The Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS-186-2] is the elliptic curve analogue of the DSA (DSS) signature method. For detailed specifications on how to use it with SHA hash functions and XML Digital Signature, please see [X9.62] and [ECDSA].

Since XMLSecurityKey doesn't know about those, it's not surprising that the sig validation fails. This however means that simpleSAMLphp in turn can't work with this kind of crypto.

This is a feature request to add ECDSA signature validation to XMLSecLibs (and maybe it's not only regarding signature validation but also other parts in the code... to be seen).

restena-sw commented 6 years ago

Please disregard. Seems like the IdP chose to send an RSA signature. As soon as I forced it to use its EC key (by deleting the old RSA one), things started to work. And I'm surprised. The code really doesn't look like it would know anything about ECDSA keys... Anyway.