[xmlsec] XML Sig verification and missing SignedInfo Reference elment

Aleksey Sanin aleksey at aleksey.com
Mon Sep 16 13:38:14 PDT 2013


No idea what was signed - an empty Signature element? Makes no sense
to me

Aleksey

On 9/16/13 1:30 PM, Tom Wood wrote:
> Aleksey,
>   Thanks for the swift reply. The section 4.3, the "one or more references"
> statement would appear definitive.
> Also, I just found section 2.0, Signature Overview and Examples.
> It shows:
> 
> XML Signatures are applied to arbitrary digital content (data objects)
> <http://www.w3.org/TR/xmldsig-core/#def-DataObject> via an indirection.
> Data objects are digested,
> the resulting value is placed in an element (with other information) and
> that element is then digested and
> cryptographically signed. XML digital signatures are represented by the
> |Signature| element which has
> the following structure
> (where "?" denotes zero or one occurrence; "+" denotes one or more
> occurrences; and "*" denotes zero or more occurrences):
> 
>   <Signature ID?> 
>      <SignedInfo>
>        <CanonicalizationMethod/>
>        <SignatureMethod/>
>        (<Reference URI? >
>          (<Transforms>)?
>          <DigestMethod>
>          <DigestValue>
>        </Reference>)+
>      </SignedInfo>
>      <SignatureValue> 
>     (<KeyInfo>)?
>     (<Object ID?>)*
>    </Signature>
> 
> And again the References block is shown as one or more occurences.
> So I now think the creator or a downstream processor of this XML has
> a bug. I do wonder how they would have created the Signature in the
> first place.
> Perhaps from the minimalistic <SignedInfo>block.
> 
> The XML in question has a <Signature> block, with a <SignatureValue> and
> a complete <KeyInfo> block, as well as an embedded <SignedInfo> block.
> But the <SignedInfo> block is missing the <Reference> block.
> 
> Here are the relevant parts from the XML in question:
> 
> <container_element>
> ...
> ...
> <ds:Signature>
>     <ds:SignedInfo>
>         <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>         <ds:SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>     </ds:SignedInfo>
>     <ds:SignatureValue>
> InRNg5C851vA1mSOD1cUqHXzqGOB6/kmOqB9a/86/42cNcDuHKjP8m1IHLmY/YMlpCt2vemGNDbNiTr9DbMuRuSP5Mj2TQ2SJSXp+0kgNngjm6eupDrS5I1GcrtyLWk+i5UTGa6TuQfN/wDoSIUA0tPvb06P4uvSMhuDF6NUmGSIAPGiyc+7MlV75WX+m9X4+6U3K5D5wlf1Fwsajyho9ynFvw
> j+AFiJYRkFXc4wBBKs1rhZKSnGTn++VL7R2wqr4RWyukO1ts238JVFfSiQ6Pm4kMUnfE8DPTdviAcEmw
> A8SUrpnxz0n2HBBcaCqcc75L3iAj+9hO9tV9/rzaQAag==
>     </ds:SignatureValue>
>     <ds:KeyInfo>
>         <ds:X509Data>
>             <ds:X509SubjectName>
>              [subjectinfo data]
>             </ds:X509SubjectName>           
>             <ds:X509Certificate>
>             [x509 certdata]
>             </ds:X509Certificate>
>         </ds:X509Data>
>     </ds:KeyInfo>
> </ds:Signature>
> </container_element>
> 
> Any other comments?
> 
> Regards,
> Tom
> 
> On 09/16/2013 01:02 PM, Aleksey Sanin wrote:
>> Section 4.3
>>
>> "The structure of SignedInfo includes the canonicalization algorithm, a
>> signature algorithm, and one or more references."
>>
>> And the schema:
>>
>>   Schema Definition:
>>
>>    <element name="SignedInfo" type="ds:SignedInfoType"/>
>>    <complexType name="SignedInfoType">
>>      <sequence>
>>        <element ref="ds:CanonicalizationMethod"/>
>>        <element ref="ds:SignatureMethod"/>
>>        <element ref="ds:Reference" maxOccurs="unbounded"/>
>>      </sequence>
>>      <attribute name="Id" type="ID" use="optional"/>
>>    </complexType>
>>
>> make me think that Reference element is required.
>>
>> As a side note, I don't understand what signature are we talking about
>> if there are no Reference elements.
>>
>>
>> Aleksey
>>
>> On 9/16/13 11:59 AM, Tom Wood wrote:
>>> Aleksey,
>>>   I last wrote to you in 2012 about XML Signature failure do to
>>> incompatibility between Windows .NET c14n code and libxml2 c14n.
>>> You were very helpful.
>>>
>>> I am hoping you can clear up another technical issue with XML signatures.
>>>
>>> The system I am working on is encountering an XML message that has a
>>> signature but
>>> does not include a <SignedInfo><Reference> block (and by extension, no
>>> <DigestValue>).
>>> It does have a <SignedInfo> block.
>>>
>>> The *xmlsec* application fails verification without a Reference element:
>>>
>>> *func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=830:obj=unknown:subj=unknown:error=81:Reference
>>> nodes are not found:
>>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=551:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
>>> library function failed:
>>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
>>> library function failed:
>>> Error: signature failed
>>> ERROR
>>> SignedInfo References (ok/all): 0/0
>>> Manifests References (ok/all): 0/0
>>> Error: failed to verify file "weird_sig.xml"
>>> *
>>>
>>> I have been reading the w3c,org spec for XML Signature (
>>> http://www.w3.org/TR/xmldsig-core/)
>>> and it does not explicitly state that <Reference> is a required element:
>>> /|Reference| is an element that *may* occur one or more times./
>>>
>>> Other element references in the doc specifically state if the element is
>>> required
>>> (eg
>>> /||SignatureMethod| is a required element that..
>>> CanonicalizationMethod|//is a required element that/.. )
>>>
>>> But the same document also states in section 3.1 and 3.2
>>> /3.1 Core generation
>>> The REQUIRED steps include the generation of |Reference| elements and
>>> the |SignatureValue| over |SignedInfo|.
>>> /
>>> and  3.2:
>>> /The REQUIRED steps of core validation
>>> <http://www.w3.org/TR/xmldsig-core/#def-ValidationCore> include (1)
>>> reference validation
>>> <http://www.w3.org/TR/xmldsig-core/#def-ValidationReference>, the
>>> verification of the
>>> digest contained in each |Reference| in |SignedInfo|,
>>> and (2) the cryptographic signature validation
>>> <http://www.w3.org/TR/xmldsig-core/#def-ValidationSignature> of the
>>> signature calculated over |SignedInfo|.
>>> /
>>> This appears contradictory to the notion that <Reference> is optional in
>>> a signature.
>>>
>>> Now why anyone would want to sign a document without including a
>>> Reference and DigestValue is certainly curious, but I am not yet in a
>>> position to
>>> criticize this choice if it is technically allowed.
>>>
>>> So is <Reference> optional or not?
>>> I am hoping the answer is simply that XML signatures MUST include a
>>> <reference> block.
>>>
>>> The main thing for me is that if it is optional but ***xmlsec* refuses
>>> to process the signature without <Reference>,
>>> is there some parameter I must use to skip reference validation?
>>>
>>>  Thanks,
>>> Tom Wood
>>> wood at xmission.com
> 


More information about the xmlsec mailing list