[xmlsec] Verify SignedInfo but not the references

Thu Sep 24 19:00:29 PDT 2015

Hi Aleksey,

We will check the references separately. For performance reasons, we
only want to check the reference, in a lazy way, just before it gets
used and we are going to check it ourselves manually.
So we don't want the library to do it. We want it to be our
responsibility. But we want the library to do all other checks.

Regards,
Dimitris

On Fri, Sep 25, 2015 at 2:42 AM, Aleksey Sanin <aleksey at aleksey.com> wrote:
> This is a very bad idea to do not check Reference. The validity of
> the signature means nothing w/o checking references.
>
> Aleksey
>
> On 9/24/15 6:35 PM, Dimitrios Siganos wrote:
>> Hi Aleksey,
>>
>> I believe the following patch gives me the ability to do what I want,
>> which is to be able to check the integrity of SignedInfo even if the
>> references are not all available.
>>
>> When XMLSEC_DSIG_FLAGS_SKIP_REFERENCE_ERRORS is set, dsigCtx->status
>> will not be set to invalid due to a reference hash mismatch.
>> This allows xmlsec to carry on and check the integrity of SignedInfo.
>> Of course, the user then has more work to do to check if everything
>> went well. He has to check each dsigRefCtx individually for failure
>> but that is what I want in my case.
>>
>> I appreciate that you may not want this feature in xmlsec library.
>> However, I'd appreciate it if you thought my patch had a problem.
>> If you think this is something that you'd like to have in libxmlsec
>> then I can expand my patch and make it more complete.
>>
>> diff --git a/include/xmlsec/xmldsig.h b/include/xmlsec/xmldsig.h
>> index 3cd311e..623b8b1 100644
>> --- a/include/xmlsec/xmldsig.h
>> +++ b/include/xmlsec/xmldsig.h
>> @@ -95,6 +95,14 @@ typedef enum {
>>  #define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK                       0x00000010
>>
>>  /**
>> + * XMLSEC_DSIG_FLAGS_SKIP_REFERENCE_ERRORS:
>> + *
>> + * If this flag is set then errors thrown by <dsig:Reference/> processing
>> + * do not change the status of the dsig verification.
>> + */
>> +#define XMLSEC_DSIG_FLAGS_SKIP_REFERENCE_ERRORS               0x00000020
>> +
>> +/**
>>   * xmlSecDSigCtx:
>>   * @userData:                   the pointer to user data (xmlsec and
>> xmlsec-crypto libraries
>>   *                              never touches this).
>> diff --git a/src/xmldsig.c b/src/xmldsig.c
>> index 10ba03f..e3e39dd 100644
>> --- a/src/xmldsig.c
>> +++ b/src/xmldsig.c
>> @@ -830,8 +833,10 @@
>> xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx,
>> xmlNodePtr node) {
>>
>>          /* bail out if next Reference processing failed */
>>          if(dsigRefCtx->status != xmlSecDSigStatusSucceeded) {
>> -            dsigCtx->status = xmlSecDSigStatusInvalid;
>> -            return(0);
>> +            if ((dsigCtx->flags &
>> XMLSEC_DSIG_FLAGS_SKIP_REFERENCE_ERRORS) == 0) {
>> +                dsigCtx->status = xmlSecDSigStatusInvalid;
>> +                return(0);
>> +            }
>>          }
>>          cur = xmlSecGetNextElementNode(cur->next);
>>      }
>>
>> Regards,
>> Dimitris
>>
>> On Thu, Sep 24, 2015 at 8:49 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:
>>> You can run the complete signature verification and then look
>>> at xmlDsigCtx to figure out what have happened.
>>>
>>> Aleksey
>>>
>>> On 9/24/15 9:31 AM, Dimitrios Siganos wrote:
>>>> Hi,
>>>>
>>>> Given an xmldsig signature with many extrernal references to large
>>>> files, I'd like to verify the SignedInfo xml element but I don't want
>>>> to verify the references in the same step. In other words, I'd like to
>>>> check that the SignedInfo has not been tampered with but I don't want
>>>> the xmlsec library to read the external references. I'd like to do
>>>> that myself, in lazy way, on a file by file basis, to allow for
>>>> quicker random access to individual files.
>>>>
>>>> Here's an example signature:
>>>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature">
>>>> <SignedInfo>
>>>> <CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
>>>> <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>>>> <Reference URI="a">
>>>>     <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>>>>     <DigestValue>tDyN15x4Nxb1LVVRGRjsiCOhwWNaZ5X5sXtoWSOS0BA=</DigestValue>
>>>> </Reference>
>>>> <Reference URI="b">
>>>>     <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>>>>     <DigestValue>HjuL1imtKF3KPAR+Qbb/Mba470xFsmL4ftwgVOE3c4w=</DigestValue>
>>>> </Reference>
>>>> </SignedInfo>
>>>> <SignatureValue>...data omitted...</SignatureValue>
>>>> <KeyInfo>
>>>> <X509Data> <X509Certificate>...data omitted...</X509Certificate> </X509Data>
>>>> </KeyInfo>
>>>> </Signature>
>>>>
>>>> From this example signature, I would like to make sure that SignedInfo
>>>> is not tamperred but I don't want the library to read the files 'a'
>>>> and 'b' and compare their hashes with the hashes recorded in the
>>>> references.
>>>>
>>>> Do you have any advice on the how best to do that?
>>>>
>>>> Regards,
>>>> Dimitris
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>