[OpenSAML] XML signatures and canonicalization

1,168 views
Skip to first unread message

Mitchell Prentice

unread,
Apr 1, 2009, 6:39:41 PM4/1/09
to mace-open...@internet2.edu
Hello
 
I have a signed SAML 2.0 assertion that includes http://www.w3.org/2001/10/xml-exc-c14n# canonicalization. Apparently the creator of this signed assertion signed the assertion and then formatted the assertion with whitespace characters after signing. I can verify the signature if the whitespace characters are not added but if the whitespace characters are added then the signature verification fails. The creator of the SAML assertion says that canonicalization is supposed to remove the whitespaces and that it's a bug if you cannot verify the signature even if the XML has been modified after signing by the inclusion of whitespaces. My understanding is that this is not the case and that you cannot add whitespace to the XML and still expect the signature to verify. Which is correct?
 
Thanks
Mitch

Anil Saldhana

unread,
Apr 1, 2009, 6:49:18 PM4/1/09
to mace-open...@internet2.edu
Mitch,
  you are correct. Whitespaces/pretty printing etc will fail sig validation.

Cheers.

Mitchell Prentice

unread,
Apr 2, 2009, 9:29:07 AM4/2/09
to mace-open...@internet2.edu
Thanks. It's actually SAML v1.1 not SAML v2.0 but I presume that makes no difference.
 
Just to be absolutely certain, here's what the other party is saying: "It is expected behavior (and SAML compliant) to produce a SAML Assertion with white space and apply a digital signature to the XML without the white space".
 
Can this statement ever be true? 
 
The other party goes on to imply that canonicalization handles the whitespace.
 
Can this statement ever be true?
 
From my experience and from looking at http://www.w3.org/TR/2001/REC-xml-c14n-20010315#Example-WhitespaceInContent I believe adding whitespace to the document content will always break signature validation.
 
Thanks
Mitch

Bob Jacoby

unread,
Apr 2, 2009, 9:53:39 AM4/2/09
to mace-open...@internet2.edu

Mitchell,

 

I think that is a perfectly valid statement. You are correct that adding whitespace to the assertion and performing validation on the assertion with that added whitespace will break the validation of the signature. However, the standard process for validating a signature should include canonicalization of what you are signing as the first step (assuming it was used during the original signature process). Signature blocks contain metadata about what canoncalization algorithm was used before signing specifically so you can repeat it during validation.

 

Bob

Chad La Joie

unread,
Apr 2, 2009, 10:13:31 AM4/2/09
to mace-open...@internet2.edu
I think you two are talking past each other.

You can take some arbitrary bit of XML, add whitespaces, and *then* sign
it and then verify it. So, assuming the person meant exactly what they
said, then they were telling the truth. However, you can not take that
same XML, sign it, then add whitespace and verify it.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch

Anil Saldhana

unread,
Apr 2, 2009, 10:23:52 AM4/2/09
to mace-open...@internet2.edu
The sender is modifying the assertion with white spaces after generating the signature. The receiver (Mitch) has received a signature and a modified assertion with white spaces. 

I think the discussion is about content that is already signed.  We are saying you cannot modify it lest signature failure. :)

Xavier Drudis Ferran

unread,
Apr 2, 2009, 10:33:38 AM4/2/09
to mace-open...@internet2.edu
On Thu, Apr 02, 2009 at 09:23:52AM -0500, Anil Saldhana wrote:
> The sender is modifying the assertion with white spaces after generating the
> signature. The receiver (Mitch) has received a signature and a modified
> assertion with white spaces.
>
> I think the discussion is about content that is already signed. We are
> saying you cannot modify it lest signature failure. :)
>

Yes, I understand it so.

Saying that you can add whitespace before signing is tautological
and irrelevant. You can do any sort of transformation before signing,
not just adding whitespace, you could duplicate every other XML
element with a name starting by F if you wanted, and then sign .

The only relevant discussion is what modifications are allowed
between signature and verification, and this (I'm not an expert)
is what canonicalization methods (or their equivalence classes)
define. You can do any modification between signing and
verification as long and the canonicalization result stays
the same as before your modification.

So it all boils down to : Is there a canonicalization that
ignores whitespace and/or pretty printing ? Not that I know.
You could define one but it wouldn't be standard, AFAIK.

But let someone knowledgeable answer.

--
Xavi Drudis Ferran
xdr...@ambarinformatica.com

Mitchell Prentice

unread,
Apr 2, 2009, 10:41:03 AM4/2/09
to mace-open...@internet2.edu
Yes, the sender is adding whitespace after signing. In their log file they log the signed SAML assertion. They then add whitespace and newlines (pretty print) after signing, log this also, and then send me the formatted signed assertion. I cannot verify this received assertion. However, if I take the entry from their log prior to their adding whitespace I can verify the signature. The signature looks fairly standard to me and uses http://www.w3.org/2001/10/xml-exc-c14n canonicalization.
 
The sender is quite adamant that I should be able to verify the signature even though the XML has been subsequently modified with whitespace/new line characters and that canonicalization handles this.
 
Unless I'm misunderstanding something I believe this is wrong and that's what everyone is confirming.
Thanks
Mitch

edward....@wachovia.com

unread,
Apr 2, 2009, 10:46:52 AM4/2/09
to mace-open...@internet2.edu, mace-open...@internet2.edu

Ask him if HE can validate the post white space signature.

Edward Thompson

(704) 383-9933
401 South Tryon Street
Three Wachovia Center, Sixth floor
Charlotte, NC 28202

Authentication & Entitlements



Mitchell Prentice <mitchell...@gmail.com>

04/02/2009 10:41 AM

Please respond to
mace-open...@internet2.edu
To
mace-open...@internet2.edu
cc

Subject
Re: [OpenSAML] XML signatures and canonicalization

Jim Fox

unread,
Apr 2, 2009, 12:16:51 PM4/2/09
to mace-open...@internet2.edu

As someone pointed out, it depends on what you call whitespace. You
can, for instance, with your c14n canonicalization, break lines between
attributes of an element without affecting the signature. So you could
reformat

<ele a1="text.." a2="mote text..">

as

<ele a1="text.."
a2="more text...">

and the signature would still be good. You could even reformat it as

<ele a2="more text..." a1="text..." >

without invalidating the signature. You cannot, however, add important
white space. Doing something like

<ele1 ...><ele2 ...>

reformatted to

<ele1 ...>
<ele2 ...>

would invalidate the signature, because the new white space becomes part
of the document.

Jim

Mitchell Prentice

unread,
Apr 2, 2009, 5:51:35 PM4/2/09
to mace-open...@internet2.edu
Thanks for the clarification. It's <ele1 ...><ele2 ...> changed to
 
 <ele1 ...>
 <ele2 ...>
Thanks
Mitch
Reply all
Reply to author
Forward
0 new messages