Re: ADFS & SHA256 Signature

[Sebastien B.]

Hello,

In my test environment (PHP 5.3.13) I managed to integrate SimpleSAMLphp and ADFS (as a SP and as an IDP) with SHA256 signatures. 

It seems to me that the version of PHP used is not the blocking factor and that it is rather a certificate generation issue but I might be wrong.

The trick is to make sure the certificate used by SimpleSAMLphp (for signing and encryption) supports the SHA256 algorithm. Is it the case in your setup ? 

Greetings,

Sébastien

On Tuesday, February 26, 2013 10:56:48 PM UTC+1, PeterBu wrote:

Hi All,
I'm connecting a SSPHP SP website to an ADFS IDP (Windows something - not sure of the version).
My client is running 5.2.something PHP, and ADFS defaults to SHA256 signatures.

If the other contractor setting up the ADFS "relying party" doesn't change the signature algorithm to SHA1, I get an error message "Unable to verify signature", and or openssl_verify argument 4 was a string, expected long.

Now that I know that this is the error message that configuration gives, it won't be much of a problem for me when this happens again, but it would be nice to be able to give future victims a little more to go on.

The php.net page suggests that I need php 5.4.8 to get SHA256 sigs working, but on here I've seen people refer to getting things going with php 5.3.x, can anyone explain this disparity?

The patch that I applied that led to me saying "Aahh!" is below, but I'm sure that this won't be the best place to handle things, and definetly isn't the best message.
Ideally I would have liked a message like:
"Signature algorithm SHA256 is not supported by your version of PHP. You either need to upgrade php to 5.x.y, or ask your IDP to change the signature algorithim to SHA1"

Thoughts?

Thanks for SimpleSamlPHP btw, it's awesome
Peter

diff --git a/lib/xmlseclibs.php b/lib/xmlseclibs.php
index 75de0b6..5ca7483 100644
--- a/lib/xmlseclibs.php
+++ b/lib/xmlseclibs.php
@@ -511,6 +511,9 @@ class XMLSecurityKey {
            if (! empty($this->cryptParams['digest'])) {
                $algo = $this->cryptParams['digest'];
            }
+        if (is_string($algo)) {
+          throw new Exception("algo is a string $algo");
+        }
         return openssl_verify ($data, $signature, $this->key, $algo);
     }

[Ian Young]

On 27 Feb 2013, at 15:17, "Sebastien B." <tch...@gmail.com> wrote:

The trick is to make sure the certificate used by SimpleSAMLphp (for signing and encryption) supports the SHA256 algorithm. Is it the case in your setup ? 

Can you explain what you mean here?  Other than a couple of really arcane edge cases[1], I can't think of a way in which a certificate could *not* support the use of SHA-256 in digital signatures.  It's certainly not related to the digest algorithm used in the certifying signature.

The idea that particular versions of PHP, on particular OS versions, might not support SHA-256 seems far more likely.  Which is to say, if the algorithm isn't available on any given platform it could be either the PHP version or the OS version.

-- Ian

[1] RSA modulus of much less than 512 bits, some policy OID thing which I'm sure aren't being looked at, and algorithm descriptions in metadata which I don't know of any current implementations.

[Jaime Pérez Crespo]

Hi,

On Feb 27, 2013, at 16:48 PM, Ian Young <i...@iay.org.uk> wrote:

On 27 Feb 2013, at 15:17, "Sebastien B." <tch...@gmail.com> wrote:

The trick is to make sure the certificate used by SimpleSAMLphp (for signing and encryption) supports the SHA256 algorithm. Is it the case in your setup ? 

Can you explain what you mean here?  Other than a couple of really arcane edge cases[1], I can't think of a way in which a certificate could *not* support the use of SHA-256 in digital signatures.  It's certainly not related to the digest algorithm used in the certifying signature.

You are right Ian, certificates have nothing to do with SHA256, there's no "support" for certain specific signature algorithms embedded in certificates. The certificates are used to sign (encrypt) a hash value, which was previously obtained by one of the digest algorithms supported by SAML standard, in this case, SHA-256.

The idea that particular versions of PHP, on particular OS versions, might not support SHA-256 seems far more likely.  Which is to say, if the algorithm isn't available on any given platform it could be either the PHP version or the OS version.

When I coded support for the SHA2 family of algorithms in SSP I found it particularly painful due to the bad support given by PHP. We are using PHP's openssl interface to compute signatures, and openssl supports the SHA2 family, but the documentation is as crappy as the interface itself, which is not very consistent nor well maintained.

To be honest I have no idea of which was the first version of PHP supporting SHA2 set of algorithms. It is even likely that there's not such a version, since it depends more on the support by the underlying low level openssl library. I recall it working perfectly with PHP 5.3, but I also recall having a lot of problems finding the appropriate parameters, as there's no constants defined in the interface. That's why we had to use strings to select the algorithm instead of the OPENSSL_ALGO_* constants you would expect. It could be possible that it also works in PHP 5.2, but that's out of my knowledge.

Anyway, my suggestions:

- Make sure that you are using the latest versions available of PHP and openssl. Moreover, make sure that your version of openssl supports SHA2 set of algorithms for calculating digests.

- Try to get some verbose logs. You won't find a detailed explanation of the error at the error page itself for security reasons, but there should be more information in either the SSP log or the web server error log.

- Check the signatures manually (it's not very hard with a bunch of lines of PHP code).

Regards,

--

Jaime Pérez

UNINETT / Feide

mail: jaime...@uninett.no

xmpp: ja...@jabber.uninett.no

"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost

[Ian Young]

On 27 Feb 2013, at 20:04, Jaime Pérez Crespo <jaime...@uninett.no> wrote:

We are using PHP's openssl interface to compute signatures, and openssl supports the SHA2 family,

I've been trying to track this recently for other purposes, at least in the RHEL/CentOS context.  You can find my results for this, amongst other things, here:

https://wiki.shibboleth.net/confluence/x/DACt

Bottom line is that it looks like the OpenSSL shipped in RHEL 5 onwards has support for the SHA-2 family, at least judging by the results of the "openssl dgst -h" command.  RHEL 4, which is now past EOL, included an OpenSSL which did not support SHA-2.

If anyone has data points for support or not of the SHA-2 family on other platforms, I'd be quite interested to hear of them.  I'd be particularly interested to hear of any currently supported enterprise grade platform that doesn't include it.

-- Ian

[PeterBu]

openssl dgst -h throws an error "unknown option '-h'"

But the help that follows anyway includes describing several sha options including:

-sha256         to use the sha256 message digest algorithm

Is sha256 in the "Sha2 family"?

Ubuntu Lucid.  The problem I describe has seemingly been encountered on Ubuntu Lucid, and Debian Squeeze.

Thanks,

Pete

[Sebastien B.]

Hello,

I mentioned this point because the tool I use to generate test certificates allows me to select the signing algorithm for a particular certificate. I also had to make some slight modifications to some PHP files to add the support for SHA-256.

Sorry if my remark was not as relevant as i thought.

Have a nice day,

Sébastien

[Ian Young]

On 28 Feb 2013, at 04:10, PeterBu <peter....@gmail.com> wrote:

> openssl dgst -h throws an error "unknown option '-h'"
>
> But the help that follows anyway includes describing several sha options including:
> -sha256 to use the sha256 message digest algorithm

Yep. Openssl is funny that way, if you don't put something in there it tried to do a digest from stdin.

> Is sha256 in the "Sha2 family"?

Yes. The SHA-2 family is SHA-224, SHA-256, SHA-384 and SHA-512.

> Ubuntu Lucid. The problem I describe has seemingly been encountered on Ubuntu Lucid, and Debian Squeeze.

So that tells you that SHA-256 is supported by OpenSSL. If it isn't supported by simpleSAMLphp on such a system, it sounds like it would have to be a problem with the version of PHP in use, or perhaps the way it was built.

-- Ian

[Jaime Pérez Crespo]

Hi Sébastien,

On Feb 28, 2013, at 07:31 AM, Sebastien B. <tch...@gmail.com> wrote:

I mentioned this point because the tool I use to generate test certificates allows me to select the signing algorithm for a particular certificate.

My guess is that it refers to the algorithm you want to use to sign the certificate itself, probably.

I also had to make some slight modifications to some PHP files to add the support for SHA-256.

Just curious, what modifications did you have to do? SHA-256 should work out of the box now, so if you found problems with it, please do not hesitate to tell us so we can fix it :-)

[Sebastien B.]

Hi Jaime,

I think i had made the modifications prior to when it was supported by simpleSAMLphp.

I just checked SSP's latest version and in short, I did the same thing :-)

Sébastien

[Jaime Pérez Crespo]

On Feb 28, 2013, at 20:39 PM, Sebastien B. <tch...@gmail.com> wrote:

Hi Jaime,

I think i had made the modifications prior to when it was supported by simpleSAMLphp.

I just checked SSP's latest version and in short, I did the same thing :-)

Good, thanks for checking it out!