[xmlsec] XMLsec-openssl signature verification failure

Frédéric HEULIN fheulin at influe.com
Mon Aug 27 09:08:32 PDT 2007 

In the most simple case, I have generated a signature with no indentation except on
first line :
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>not(ancestor-or-self::node()[@soap:actor="urn:oasis:names:tc:ebxml-msg:service:nextMSH"]
|
ancestor-or-self::node()[@soap:actor="http://schemas.xmlsoap.org/soap/actor/next"])</XPath>
</Transform>
<Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>pzvZyUAVB0wkAZBYlyEAZoSuODU=</DigestValue>
</Reference>
<Reference URI="cid:payload-1-contid000069d446d2c55f00023bd2">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>/mBI15W23WOx3Lw0hcLzIMzPvsk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>OC6b9MfFAd1gVYfl4eRIlCyWQI6Abb1NQutKr8TaX+6gzHOAx2Z13mvZap775A3O
xUy6JKUR1ATl3a0QCRkH9qVmSRf89R3Yw0PGLffgSeAjNFpgR3e+39Zthz7Cnt+g
LtbphcQMzHdCEnbalWwRPPAzotH8h5L8GErTKvqzLQY=</SignatureValue>
<KeyInfo></KeyInfo>
</Signature>

Btw, I use "//*[local-name()='Signature']" Xpath to find signature node and take
first node in the found nodeset.

I tried with both KeyInfo and without, only digest differs.

P.S.: btw how can I say to xmlsec to generate a indented xml signature with <../> where possible ?

On Mon, Aug 27, 2007 at 08:52:00AM -0700, Aleksey Sanin wrote:
> Could you please make sure that you do not modify the "SignedInfo"
> element content in any way? Even removing a single space matters.
>
> Aleksey
>
> Frederic HEULIN wrote:
>> Hi,
>> i've compiled xmlsec (1.2.10) against :
>>  - libiconv 1.11
>>  - libxml2  2.6.28
>>  - libxslt  1.1.20
>>  - openssl  9_7_c
>> on :
>>  - Linux (GLibc 2.3.2, GCC 3.2.2-5, Red Hat, 2.4.20)  - HPUX  (HP-UX 
>> B.11.00 U 9000/800, aCC: HP ANSI C++ B3910B A.03.25)
>> I'm using xmlsec as in the verify1 test case,
>> cause i need to ignore the KeyInfo part of the signature.
>> (I have not tested the Adopt way atm.)
>> The only difference I have with verify1 test case is that i need to 
>> Register
>> Input Callbacks to handle "cid:" references.
>> All references seems OK.
>> Certificate loading seems OK. (All certifcates I have tested are 
>> self-signed btw)
>> Keyinfo skipping seems OK.
>> But Whatever the message I give as input to my application :
>>  - if i put the wrong certificate, openssl complains of a padding problem,
>>  - if i give the right certificate :
>>    - xmlsec complains that "data do not match:signature do not match"
>>    - which gives at openssl level : "rsa routines:RSA_verify:bad 
>> signature"
>> If I understand well the second case :
>>  - my references are good, so my message (parts pointed by reference) has 
>> (have) not been modified
>>  - my certificate is good (differences in results between good and bad 
>> certificate)
>>  - but my signature is invalid so only the signedinfo part or signature 
>> value
>>  have been modified thus invalidating the whole signature !
>> The latter is wrong cause I have tried with certified/verified messages in 
>> entry
>> and I have the same errors.
>> Here's the debug output of the DSigCtx :
>> = VERIFICATION CONTEXT
>> == Status: invalid
>> == flags: 0x00000000
>> == flags2: 0x00000000
>> == Key Info Read Ctx:
>> = KEY INFO READ CONTEXT
>> == flags: 0x00000000
>> == flags2: 0x00000000
>> == enabled key data: all
>> == RetrievalMethod level (cur/max): 0/1
>> == TRANSFORMS CTX (status=0)
>> == flags: 0x00000000
>> == flags2: 0x00000000
>> == enabled transforms: all
>> === uri: NULL
>> === uri xpointer expr: NULL
>> == EncryptedKey level (cur/max): 0/1
>> === KeyReq:
>> ==== keyId: rsa
>> ==== keyType: 0x00000001
>> ==== keyUsage: 0x00000002
>> ==== keyBitsSize: 0
>> === list size: 0
>> == Key Info Write Ctx:
>> = KEY INFO WRITE CONTEXT
>> == flags: 0x00000000
>> == flags2: 0x00000000
>> == enabled key data: all
>> == RetrievalMethod level (cur/max): 0/1
>> == TRANSFORMS CTX (status=0)
>> == flags: 0x00000000
>> == flags2: 0x00000000
>> == enabled transforms: all
>> === uri: NULL
>> === uri xpointer expr: NULL
>> == EncryptedKey level (cur/max): 0/1
>> === KeyReq:
>> ==== keyId: NULL
>> ==== keyType: 0x00000001
>> ==== keyUsage: 0xffffffff
>> ==== keyBitsSize: 0
>> === list size: 0
>> == Signature Transform Ctx:
>> == TRANSFORMS CTX (status=2)
>> == flags: 0x00000000
>> == flags2: 0x00000000
>> == enabled transforms: all
>> === uri: NULL
>> === uri xpointer expr: NULL
>> === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
>> === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
>> === Transform: membuf-transform (href=NULL)
>> == Signature Method:
>> === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
>> == Signature Key:
>> == KEY
>> === method: RSAKeyValue
>> === key type: Public
>> === key name:
>> /home/fredd/DEVEL/CURRENT/ssl/certs/partner1.cer
>> === key usage: -1
>> === rsa key: size = 1024
>> === list size: 1
>> === X509 Data:
>> ==== Certificate:
>> ==== Subject Name: /C=.../CN=partner1
>> ==== Issuer Name: /C=...
>> ==== Issuer Serial: 0
>> == SignedInfo References List:
>> === list size: 2
>> = REFERENCE VERIFICATION CONTEXT
>> == Status: succeeded
>> == URI: ""
>> == Reference Transform Ctx:
>> == TRANSFORMS CTX (status=2)
>> == flags: 0x00000000
>> == flags2: 0x00000000
>> == enabled transforms: all
>> === uri: NULL
>> === uri xpointer expr: NULL
>> === Transform: enveloped-signature
>> (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
>> === Transform: xpath (href=http://www.w3.org/TR/1999/REC-xpath-19991116)
>> === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
>> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>> === Transform: membuf-transform (href=NULL)
>> == Digest Method:
>> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>> = REFERENCE VERIFICATION CONTEXT
>> == Status: succeeded
>> == URI: "cid:payload-1-contid000069d446d2c55f00023bd2"
>> == Reference Transform Ctx:
>> == TRANSFORMS CTX (status=2)
>> == flags: 0x00000000
>> == flags2: 0x00000000
>> == enabled transforms: all
>> === uri: cid:payload-1-contid000069d446d2c55f00023bd2
>> === uri xpointer expr: NULL
>> === Transform: input-uri (href=NULL)
>> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>> === Transform: membuf-transform (href=NULL)
>> == Digest Method:
>> === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>> == Manifest References List:
>> === list size: 0
>> Any ideas on where am I wrong ?
>> Shall I give you more details ? Which ones ?
>> Thanks in advances for any help,
>> Frederic HEULIN
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list