Project

General

Profile

Development #56023

lasso_node_encrypt / hard coded PKCS#1

Added by Stephan Schmidtmer 3 months ago. Updated about 1 month ago.

Status:
Résolu (à déployer)
Priority:
Normal
Category:
Binding python
Target version:
-
Start date:
06 Aug 2021
Due date:
% Done:

0%

Estimated time:
Patch proposed:
Yes
Planning:
No

Description

I ran into a problem with LemonLDAP (as SAML IdP) when I tried to encrypt the assertion.
The SAML SP (SimpleSAMLphp in this case) wasn't able to decrypt it.

Cause is that SimpleSAMLphp blocks PKCS#1 by default:
https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-remote#section_2 (encryption.blacklisted-algorithms)
Reason is probably the same as described here: http://shibboleth.net/pipermail/dev/2012-July/000858.html

I discovered that PKCS#1 for key encryption is hard coded in the function lasso_node_encrypt (lasso/xml/xml.c line 623/624):

    encrypted_key_node = xmlSecTmplKeyInfoAddEncryptedKey(key_info_node,
            xmlSecTransformRsaPkcs1Id, NULL, NULL, (xmlChar*)recipient);

If I change xmlSecTransformRsaPkcs1Id to xmlSecTransformRsaOaepId, SimpleSAMLphp happily decrypts it.

So maybe is there a change to get is configurable by a parameter?
Or some sort of logic that uses PKCS#1 for DES keys and RSA-OAEP for AES keys?

We might face this issue again in the near future when we need to add Auth0 as another SP. They probably want AES256 & RSA-OAEP:
https://auth0.com/docs/protocols/saml-protocol/saml-configuration-options/sign-and-encrypt-saml-requests#send-encrypted-saml-authentication-assertions


Files

Associated revisions

Revision 1e718bd3 (diff)
Added by Benjamin Dauvergne about 1 month ago

Python: fix formatting (#56023)

Revision 53b0bd35 (diff)
Added by Benjamin Dauvergne about 1 month ago

Change default key encryption padding algorithm to RSA-OAEP (#56023)

The key encryption padding algorithm is now configurable, the default
being changed to OAEP. It's possible to set the default through
./configure with:

--with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]

at initialization time with an environment variable:

LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep]

or at runtime for a service provider:

lasso_provider_set_key_encryption_method(LassoProvider *provider,
LassoKeyEncryptionMethod key_encryption_method)

The setting is global for all encrypted nodes (Assertion or NameID).

History

#1

Updated by Benjamin Dauvergne about 2 months ago

  • Assignee set to Benjamin Dauvergne

It seems mandated by the specification so I will add an abstraction named "encryption_key_encryption_type" and I will change the default to OAEP..

# in https://www.oasis-open.org/committees/download.php/35393/sstc-saml-conformance-errata-2.0-wd-04-diff.pdf

4.2 XML Encryption Algorithms

XML Encryption mandates use of the following algorithms in Sections 5.2.1 and 5.2.2; therefore they MUST be implemented by compliant SAML V2.0 implementations:
* Block Encryption: TRIPLE DES, AES-128, AES-256
* Key Transport: RSA-v1.5, RSA-OAEP
#2

Updated by Benjamin Dauvergne about 2 months ago

#3

Updated by Benjamin Dauvergne about 2 months ago

  • Assignee changed from Benjamin Dauvergne to Stephan Schmidtmer
  • Category set to Binding python

Could you test the given patch on your use case ?

#4

Updated by Stephan Schmidtmer about 2 months ago

Sure, I have tested it. Looks good so far!

I applied it to 2.6.0 Debian (buster) source package, just had to manually do 3 tiny hunks.
And while the changed default to OAEP already does the trick in my case, I also verified that influencing it by the environment variable or by lasso_provider_set_key_encryption_method() is working.

Will this get into the Debian stable release package (or maybe into a backports package)?

#5

Updated by Benjamin Dauvergne about 2 months ago

Stephan Schmidtmer a écrit :

Will this get into the Debian stable release package (or maybe into a backports package)?

I'm not sure, there is a policy of bugfixes only I'm not sure I could backport a bugfix from this commit; there is not really a bug, but it will to testing and integrate the backports repository easily.

#6

Updated by Stephan Schmidtmer about 2 months ago

Yes, while it can cause trouble here and there, I agree that it probably doesn’t count as a bug.
But if I can get a “fixed” version as a package from the backports repository in the near future, that would be great!

#7

Updated by Benjamin Dauvergne about 1 month ago

  • Assignee changed from Stephan Schmidtmer to Benjamin Dauvergne
#8

Updated by Benjamin Dauvergne about 1 month ago

  • Status changed from Solution proposée to Résolu (à déployer)
commit 53b0bd356982eb970581aa360d750c8a0e7132a0
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Fri Sep 3 07:48:35 2021 +0200

    Change default key encryption padding algorithm to RSA-OAEP (#56023)

    The key encryption padding algorithm is now configurable, the default
    being changed to OAEP. It's possible to set the default through
    ./configure with:

        --with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]

    at initialization time with an environment variable:

        LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep]

    or at runtime for a service provider:

        lasso_provider_set_key_encryption_method(LassoProvider *provider,
            LassoKeyEncryptionMethod key_encryption_method)

    The setting is global for all encrypted nodes (Assertion or NameID).

commit 1e718bd3aaa4bc203c6418d3cce0e0bc1f0d19b3
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Fri Sep 3 11:13:49 2021 +0200

    Python: fix formatting (#56023)

Also available in: Atom PDF