XML Security September 13, 2006 Robert Richards [email protected].

XML SecurityXML Security

September 13, 2006September 13, 2006

Robert RichardsRobert [email protected]@php.net

Digital Signatures and Digital Signatures and EncryptionEncryption

CanonicalizationCanonicalization A standard form of dataA standard form of data

Digital SignaturesDigital Signatures Provides proof of identity and Provides proof of identity and

authenticity which the sender cannot authenticity which the sender cannot deny.deny.

EncryptionEncryption Protection of data from being accessed Protection of data from being accessed

by unauthorized parties.by unauthorized parties.

Existing Existing Tools/TechnologiesTools/Technologies

Secure Sockets Layer (SSL)Secure Sockets Layer (SSL) Transport Layer Security (TLS)Transport Layer Security (TLS) Pretty Good Privacy (PGP)Pretty Good Privacy (PGP) GNU Privacy Guard (GnuPG)GNU Privacy Guard (GnuPG) OpenPGPOpenPGP S/MIMES/MIME x.509x.509

XML Security StandardsXML Security Standards Canonical XMLCanonical XML

http://www.w3.org/TR/xml-c14n/http://www.w3.org/TR/xml-c14n/

Exclusive XML CanonicalizationExclusive XML Canonicalizationhttp://www.w3.org/TR/xml-exc-c14n/http://www.w3.org/TR/xml-exc-c14n/

XML SignatureXML Signaturehttp://www.w3.org/TR/xmldsig-core/http://www.w3.org/TR/xmldsig-core/

XML EncryptionXML Encryptionhttp://www.w3.org/TR/xmlenc-core/http://www.w3.org/TR/xmlenc-core/

XML Key ManagementXML Key Managementhttp://www.w3.org/TR/xkms2/http://www.w3.org/TR/xkms2/

Transmitting Data Over SSL/TLSTransmitting Data Over SSL/TLS

XML Security in PHPXML Security in PHP A library based on the xmlsec library is A library based on the xmlsec library is

currently in the workscurrently in the works http://www.aleksey.com/xmlsec/http://www.aleksey.com/xmlsec/ Provides granular control for working with XML Provides granular control for working with XML

Digital Signatures and XML EncryptionDigital Signatures and XML Encryption PHP based libraries are availablePHP based libraries are available

Model libraries for designing xmlsec wrapperModel libraries for designing xmlsec wrapper Not officially mainitained and may not be Not officially mainitained and may not be

backwards compatible with xmlsec based extensionbackwards compatible with xmlsec based extension Requires PHP 5.1+ (5.2 is recommended)Requires PHP 5.1+ (5.2 is recommended) Requires DOM, OpenSSL and McryptRequires DOM, OpenSSL and Mcrypt http://www.cdatazone.org/files/xmlseclibs.phpshttp://www.cdatazone.org/files/xmlseclibs.phps http://www.cdatazone.org/files/soap-wsse.phpshttp://www.cdatazone.org/files/soap-wsse.phps http://www.cdatazone.org/files/ws-amazon.phpshttp://www.cdatazone.org/files/ws-amazon.phps http://www.cdatazone.org/infocard/infocard-lib.phpshttp://www.cdatazone.org/infocard/infocard-lib.phps http://www.cdatazone.org/infocard/infocard.phpshttp://www.cdatazone.org/infocard/infocard.phps

Benefits of XML Security Benefits of XML Security StandardsStandards

XML is a structured formatXML is a structured format Allows for secure storage of Allows for secure storage of

documentsdocuments Leverages existing technologiesLeverages existing technologies Provides granularityProvides granularity

XML CanonicalizationXML CanonicalizationA standard serialization of an XML A standard serialization of an XML document or XPath node setdocument or XPath node set

<data a="1" b="2" c="3"/>

<data b="2" c="3" a="1"/>

<data c="3" a="1" b="2"></data>

<data c="3" a="1" b="2"></data>

<data a="1" b="2" c="3"></data>

Canonical XML (C14N)Canonical XML (C14N)

XML declaration and DTD are removedXML declaration and DTD are removed The document is encoded in UTF-8The document is encoded in UTF-8 Line breaks normalized to #xA (linefeed) on input, Line breaks normalized to #xA (linefeed) on input,

before parsingbefore parsing Empty elements are converted to start-end tag Empty elements are converted to start-end tag

pairspairs Whitespace outside of the document element and Whitespace outside of the document element and

within start and end tags is normalizedwithin start and end tags is normalized Attribute value delimiters are set to double quotesAttribute value delimiters are set to double quotes Superfluous namespace declarations are removed Superfluous namespace declarations are removed

from each elementfrom each element Lexicographic order is imposed on the namespace Lexicographic order is imposed on the namespace

declarations and attributes of each elementdeclarations and attributes of each element

http://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments

Canonical XML Canonical XML Example #1Example #1

<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet href="doc.xsl" type="text/xsl" ?><doc> <e1 a:attr='out' b:attr='sorted' attr2='all' attr="I'm" xmlns:b='http://www.ietf.org' xmlns:a="http://www.w3.org" xmlns="http://example.org"/> <e2 xmlns="" xmlns:a="http://www.w3.org"> <e3 xmlns="" xmlns:a="http://www.w3.org"/> </e2></doc>

<?xml-stylesheet href="doc.xsl" type="text/xsl" ?><doc> <e1 xmlns="http://example.org" xmlns:a="http://www.w3.org" xmlns:b="http://www.ietf.org" attr="I'm" attr2="all" b:attr="sorted" a:attr="out"></e1> <e2 xmlns:a="http://www.w3.org"> <e3></e3> </e2></doc>

Canonical Form of Document (uncommented)

Canonical XML Canonical XML Example #2Example #2

<?xml version="1.0" encoding="UTF-8"?><doc xmlns:d="http://www.example.org/d" xmlns:c="http://www.example.org/c"> <e1 a:attr="out" b:attr="sorted" attr2="all" attr="I'm" xmlns:b="http://www.ietf.org" xmlns:a="http://www.w3.org" xmlns="http://example.org"/> <d:e2 xmlns="" xmlns:a="http://www.w3.org"> <e3 xmlns="" xmlns:a="http://www.w3.org"/></d:e2></doc>

<d:e2 xmlns:a="http://www.w3.org" xmlns:c="http://www.example.org/c" xmlns:d="http://www.example.org/d"> <e3></e3></d:e2>

Canonical Form of Nodeset (uncommented)(//. | //@* | //namespace::*)[ancestor-or-self::d:e2]

Problem with Re-Problem with Re-EnvelopingEnveloping

<d:e2 xmlns:d="http://www.example.org/d">content</d:e2><d:e2 xmlns:d="http://www.example.org/d">content</d:e2>

<ns0:e1 xmlns:ns0="www.example.org/ns0"><ns0:e1 xmlns:ns0="www.example.org/ns0"> <d:e2 xmlns:d="http://www.example.org/d">content</d:e2><d:e2 xmlns:d="http://www.example.org/d">content</d:e2></ns0:e1></ns0:e1>

<d:e2 xmlns:d="http://www.example.org/d"<d:e2 xmlns:d="http://www.example.org/d" xmlns:ns0="www.example.org/ns0">content</d:e2>xmlns:ns0="www.example.org/ns0">content</d:e2>

<ns1:e1 xmlns:ns0="www.example.org/ns1"><ns1:e1 xmlns:ns0="www.example.org/ns1"> <d:e2 xmlns:d="http://www.example.org/d">content</d:e2><d:e2 xmlns:d="http://www.example.org/d">content</d:e2></ns1:e1></ns1:e1>

<d:e2 xmlns:d="http://www.example.org/d"<d:e2 xmlns:d="http://www.example.org/d" xmlns:ns1="www.example.org/ns1">content</d:e2>xmlns:ns1="www.example.org/ns1">content</d:e2>

Exclusive XML Exclusive XML CanonicalizationCanonicalization

Follows the same rules as Canonical Follows the same rules as Canonical XML, except…XML, except…

Attributes in the xml namespace are Attributes in the xml namespace are not imported into orphan nodesnot imported into orphan nodes

Namespaces not specially told to be Namespaces not specially told to be added are only added on the starting added are only added on the starting element for which they are visible element for which they are visible and not currently in scope within the and not currently in scope within the output.output.

http://www.w3.org/2001/10/xml-exc-c14n#http://www.w3.org/2001/10/xml-exc-c14n#WithComments

Re-Enveloping using Re-Enveloping using ExclusiveExclusive

<d:e2 <d:e2 xmlns:d="http://www.example.org/d">content</d:e2>xmlns:d="http://www.example.org/d">content</d:e2>

<ns0:e1 xmlns:ns0="www.example.org/ns0"><ns0:e1 xmlns:ns0="www.example.org/ns0"> <d:e2 <d:e2

xmlns:d="http://www.example.org/d">content</d:e2>xmlns:d="http://www.example.org/d">content</d:e2></ns0:e1></ns0:e1>

<d:e2 <d:e2

xmlns:d="http://www.example.org/d">content</d:e2>xmlns:d="http://www.example.org/d">content</d:e2>

<ns1:e1 xmlns:ns0="www.example.org/ns1"><ns1:e1 xmlns:ns0="www.example.org/ns1"> <d:e2 <d:e2

xmlns:d="http://www.example.org/d">content</d:e2>xmlns:d="http://www.example.org/d">content</d:e2></ns1:e1></ns1:e1>

<d:e2 <d:e2

xmlns:d="http://www.example.org/d">content</d:e2>xmlns:d="http://www.example.org/d">content</d:e2>

Exclusive Canonical XML Exclusive Canonical XML ExampleExample

<?xml version="1.0" encoding="UTF-8"?><doc xmlns:d="http://www.example.org/d" xmlns:c="http://www.example.org/c"> <e1 a:attr="out" b:attr="sorted" attr2="all" attr="I'm" xmlns:b="http://www.ietf.org" xmlns:a="http://www.w3.org" xmlns="http://example.org"/> <d:e2 xmlns="" xmlns:a="http://www.w3.org"> <e3 xmlns="" xmlns:a="http://www.w3.org"/></d:e2></doc>

<d:e2 xmlns:d="http://www.example.org/d"> <e3></e3></d:e2>

Exclusive Canonical Form of Nodeset (uncommented)(//. | //@* | //namespace::*)[ancestor-or-self::d:e2]

XML Digital Signature XML Digital Signature (XMLDSIG)(XMLDSIG)

Insure that a message has not been Insure that a message has not been altered or tampered with. (integrity)altered or tampered with. (integrity)

Protection against attacks that alter Protection against attacks that alter a message but maintain integrity. a message but maintain integrity. (message authentication)(message authentication)

Provide a means for message Provide a means for message auditing so that messages may not auditing so that messages may not be repudiated. (signer authenticity)be repudiated. (signer authenticity)

XML Signature StructureXML Signature Structure

<Signature> <Signature> <SignedInfo><SignedInfo> <CanonicalizationMethod/><CanonicalizationMethod/> <SignatureMethod/><SignatureMethod/> (<Reference URI? >(<Reference URI? > (<Transforms>)?(<Transforms>)? <DigestMethod><DigestMethod> <DigestValue><DigestValue> </Reference>)+</Reference>)+ </SignedInfo></SignedInfo> <SignatureValue> <SignatureValue> (<KeyInfo>)?(<KeyInfo>)? (<Object Id?>)*(<Object Id?>)*</Signature></Signature>

xmlns="http://www.w3.org/2000/09/xmldsig#"

XML Signature: Types of XML Signature: Types of SignaturesSignatures

Enveloping SignatureEnveloping Signature Data lives within the XML Signature structureData lives within the XML Signature structure Good for signing data being packaged within an Good for signing data being packaged within an

XML payloadXML payload

Enveloped SignatureEnveloped Signature Data lives outside of and contains the XML Data lives outside of and contains the XML

Signature structureSignature structure Good for signing portions or all of an XML documentGood for signing portions or all of an XML document

Detached SignatureDetached Signature Data lives outside and DOES NOT contain the XML Data lives outside and DOES NOT contain the XML

Signature structureSignature structure Data may reside at a remote location addressable by Data may reside at a remote location addressable by

URIURI

Enveloping SignatureEnveloping Signature<?xml version="1.0"?><?xml version="1.0"?><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo><SignedInfo> <CanonicalizationMethod<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-

20010315"/>20010315"/> <SignatureMethod <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-

sha1"/>sha1"/> <Reference URI="#myobj"><Reference URI="#myobj"> <DigestMethod <DigestMethod

Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>C2g9BLcGyGPCVKuF2byR1Ym+6pE=</DigestV<DigestValue>C2g9BLcGyGPCVKuF2byR1Ym+6pE=</DigestValue>alue>

</Reference></Reference> </SignedInfo></SignedInfo>

<SignatureValue>+R/XEOHDvR/jbmmpiuH4ZcRqC6c=</Signat<SignatureValue>+R/XEOHDvR/jbmmpiuH4ZcRqC6c=</SignatureValue>ureValue>

<Object Id="myobj">Hello World!</Object><Object Id="myobj">Hello World!</Object></Signature></Signature>

Enveloped SignatureEnveloped Signature<?xml version="1.0"?><?xml version="1.0"?><Envelope><Envelope> <Data>content</Data><Data>content</Data><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo><SignedInfo> <CanonicalizationMethod <CanonicalizationMethod

Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod <SignatureMethod

Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <Reference><Reference> <Transforms><Transforms> <Transform<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-

signature"/>signature"/> </Transforms></Transforms> <DigestMethod <DigestMethod


<DigestValue>MMMkB0ZPp82XrUvJMFqDIEuXy0o=</DigestValue<DigestValue>MMMkB0ZPp82XrUvJMFqDIEuXy0o=</DigestValue>>

</Reference></Reference> </SignedInfo></SignedInfo>

<SignatureValue>mVPvfcVSXi9elKL+IcSCAzD4Jbk=</SignatureVal<SignatureValue>mVPvfcVSXi9elKL+IcSCAzD4Jbk=</SignatureValue>ue>

</Signature></Signature></Envelope></Envelope>

Detached SignatureDetached Signature<?xml version="1.0"?><?xml version="1.0"?><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo><SignedInfo> <CanonicalizationMethod<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-Algorithm="http://www.w3.org/2001/10/xml-exc-

c14n#"/>c14n#"/> <SignatureMethod <SignatureMethod

Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <Reference URI="http://www.ctindustries.net/text.txt"><Reference URI="http://www.ctindustries.net/text.txt"> <DigestMethod <DigestMethod


<DigestValue>oLZZOWcLwsAQ9NXWoLPk5FkPuSs=</DigestVal<DigestValue>oLZZOWcLwsAQ9NXWoLPk5FkPuSs=</DigestValue>ue>

</Reference></Reference> </SignedInfo></SignedInfo><SignatureValue>O9ykpFMXmkddzJ3CySrpzHBUW/Q=</<SignatureValue>O9ykpFMXmkddzJ3CySrpzHBUW/Q=</

SignatureValue>SignatureValue></Signature></Signature>

XML Signature XML Signature GenerationGeneration

1.1. Apply any transforms to the dataApply any transforms to the data2.2. Calculate the digest valueCalculate the digest value3.3. Create the Reference ElementCreate the Reference Element4.4. Repeat steps 1 – 3 for each piece of data to Repeat steps 1 – 3 for each piece of data to

be includedbe included5.5. Create SignedInfo element with Create SignedInfo element with

SignatureMethod, CanonicalizationMethod SignatureMethod, CanonicalizationMethod and Reference elementsand Reference elements

6.6. Canonicalize the SignedInfo elementCanonicalize the SignedInfo element7.7. Calculate the SignatureValue over the Calculate the SignatureValue over the

canonicalized SignedInfo based the canonicalized SignedInfo based the SignatureMethodSignatureMethod

8.8. Assemble the Signature elementAssemble the Signature element

SOAP RequestSOAP Request<SOAP-ENV:Envelope <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:ns1="http://www.csapi.org/schema/parlayx/terminal_location/v2_0/xmlns:ns1="http://www.csapi.org/schema/parlayx/terminal_location/v2_0/local"local"

xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SOAP-ENV:Body><SOAP-ENV:Body> <ns1:getLocation><ns1:getLocation> <address>tel:1234567890</address><address>tel:1234567890</address> <requestedAccuracy <requestedAccuracy

xsi:type="xsd:int">xx</requestedAccuracy>xsi:type="xsd:int">xx</requestedAccuracy> <acceptableAccuracy <acceptableAccuracy

xsi:type="xsd:int">yy</acceptableAccuracy>xsi:type="xsd:int">yy</acceptableAccuracy> </ns1:getLocation></ns1:getLocation> </SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope></SOAP-ENV:Envelope>

SOAP Request: WS-Security SOAP Request: WS-Security (Signature)(Signature)

<soapenv:Envelope ...><soapenv:Envelope ...> <soapenv:Header><soapenv:Header> <wsse:Security xmlns:wsse="<wsse:Security xmlns:wsse="http://docs.oasis-open.org/. . .http://docs.oasis-open.org/. . ." soapenv:mustunderstand="1">" soapenv:mustunderstand="1"> <<wsse:BinarySecurityTokenwsse:BinarySecurityToken . . .>MIIE3zCCBEigAwIBAg . . . . .>MIIE3zCCBEigAwIBAg . .

.</wsse:BinarySecurityToken>.</wsse:BinarySecurityToken> <<ds:Signatureds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo><ds:SignedInfo> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:CanonicalizationMethod Algorithm="<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#http://www.w3.org/2001/10/xml-exc-c14n#"/>"/> <<ds:Referenceds:Reference URI="#9b6c55bc-558f-e61a-e99a-ee2084f22000">. . URI="#9b6c55bc-558f-e61a-e99a-ee2084f22000">. .

.</ds:Reference>.</ds:Reference> <<ds:Referenceds:Reference URI="#c359df59-9262-d587-18af-add2c0dc1ddb">. . URI="#c359df59-9262-d587-18af-add2c0dc1ddb">. .

.</ds:Reference>.</ds:Reference> </ds:SignedInfo></ds:SignedInfo> <ds:SignatureValue>Yd1TGIjOb3q4UcQkUBuM3Q6Zs3G...</ds:SignatureValue><ds:SignatureValue>Yd1TGIjOb3q4UcQkUBuM3Q6Zs3G...</ds:SignatureValue> <ds:KeyInfo>. . .</ds:KeyInfo><ds:KeyInfo>. . .</ds:KeyInfo> </ds:Signature></ds:Signature> <<wsu:Timestampwsu:Timestamp xmlns:wsu="http:// ." xmlns:wsu="http:// ." wsu:Id="9b6c55bc-558f-e61a-e99a-wsu:Id="9b6c55bc-558f-e61a-e99a-

ee2084f22000"ee2084f22000">> </wsse:Security></wsse:Security> </soapenv:Header></soapenv:Header> <soapenv:Body xmlns:wsu="<soapenv:Body xmlns:wsu="http://. . .http://. . ." " wsu:Id="c359df59-9262-d587-18af-wsu:Id="c359df59-9262-d587-18af-

add2c0dc1ddb"add2c0dc1ddb">>

SOAP Request: WS-Security SOAP Request: WS-Security GenerationGeneration

require('soap-wsse.php');

define('PRIVATE_KEY', 'private_key.pem');define('CERT_FILE', 'cert.pem');

class mySoap extends SoapClient {

public function __doRequest($request, $location, $saction, $version) {$doc = new DOMDocument('1.0');$doc->loadXML($request);

/* WS-Security Specific code here */

return parent::__doRequest($wsseRequest, $location, $saction, $version);

}}

SOAP Request: WS-Security SOAP Request: WS-Security GenerationGeneration

$objWSSE = new WSSESoap($doc->loadXML($request));

/* add Timestamp with default expiration timestamp */ $objWSSE->addTimestamp();

/* $objWSSE->addUserToken('username', 'password', TRUE); */

/* create new XMLSec Key using RSA SHA-1 and type is private key */$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));

/* load private key from file - last arg is bool if key in file (TRUE) or is string (FALSE) */$objKey->loadKey(PRIVATE_KEY, TRUE);

/* Sign the message - also signs appropraite WS-Security items */$objWSSE->signSoapDoc($objKey);

/* Add certificate (BinarySecurityToken) to the message and attach pointer to Signature */$token = $objWSSE->addBinaryToken(file_get_contents(CERT_FILE));$objWSSE->attachTokentoSig($token);

$wsseRequest = $objWSSE->saveXML();

SOAP Request: SOAP Request: signSoapDoc()signSoapDoc()$objDSig = new XMLSecurityDSig();$objDSig = new XMLSecurityDSig();

$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);

$arNodes = array();$arNodes = array();/* $this->secNode refers to wsse:Security node within tree *//* $this->secNode refers to wsse:Security node within tree */foreach ($this->secNode->childNodes AS $node) {foreach ($this->secNode->childNodes AS $node) {

if ($node->nodeType == XML_ELEMENT_NODE) if ($node->nodeType == XML_ELEMENT_NODE) $arNodes[] = $node;$arNodes[] = $node;

}}

foreach ($this->envelope->childNodes AS $node) {foreach ($this->envelope->childNodes AS $node) {if ($node->namespaceURI == $this->soapNS && $node->localName == 'Body') if ($node->namespaceURI == $this->soapNS && $node->localName == 'Body') {{

$arNodes[] = $node;$arNodes[] = $node;break;break;

}}}}

$arOptions = array('prefix'=>WSSESoap::WSUPFX, $arOptions = array('prefix'=>WSSESoap::WSUPFX, 'prefix_ns'=>WSSESoap::WSUNS);'prefix_ns'=>WSSESoap::WSUNS);

$objDSig->addReferenceList($arNodes, XMLSecurityDSig::SHA1, NULL, $objDSig->addReferenceList($arNodes, XMLSecurityDSig::SHA1, NULL, $arOptions);$arOptions);

$objDSig->sign($objKey);$objDSig->sign($objKey);

$objDSig->appendSignature($this->secNode, TRUE);$objDSig->appendSignature($this->secNode, TRUE);

XML Signature XML Signature ValidationValidation

1.1. Obtain the verification keying Obtain the verification keying informationinformation

2.2. Apply the CanonicalizationMethod to Apply the CanonicalizationMethod to the SignedInfo elementthe SignedInfo element

3.3. Verify the SignatureValue using the Verify the SignatureValue using the canonical form of the canonical form of the SignatureMethodSignatureMethod

4.4. For each Reference element within For each Reference element within SignedInfo:SignedInfo:

Obtain the data to be digestedObtain the data to be digested Digest the data using the DigestMethod Digest the data using the DigestMethod

within its Referece elementwithin its Referece element Compare the computed value to that of the Compare the computed value to that of the

un-encoded value from the DigestValue un-encoded value from the DigestValue elementelement

XML Encryption XML Encryption (XMLENC)(XMLENC)

Encrypted data is maintained.Encrypted data is maintained. All information needed to decrypt a All information needed to decrypt a

document is contained within the document is contained within the document.document.

Session can be secured on the Session can be secured on the document level and shared between document level and shared between multiple parties.multiple parties.

Sensitive data is easily interchanged Sensitive data is easily interchanged between applications.between applications.

XML Encryption XML Encryption StructureStructure

<enc:EncryptedData Id? Type? MimeType?><enc:EncryptedData Id? Type? MimeType?> <enc:EncryptionMethod Algorithm />?<enc:EncryptionMethod Algorithm />? <dsig:KeyInfo>?<dsig:KeyInfo>? <enc:CipherData><enc:CipherData>

<enc:CipherValue>?<enc:CipherValue>? <enc:CipherReference URI?>?<enc:CipherReference URI?>?

</enc:CipherData></enc:CipherData> <enc:EncryptionProperties>?<enc:EncryptionProperties>?</enc:EncryptedData></enc:EncryptedData>

xmlns:enc="http://www.w3.org/2001/04/xmlenc#"

XML Encryption: XML Encryption: EncryptingEncrypting

1.1. Select the algorithm (and parameters) Select the algorithm (and parameters) to use in encrypting the item.to use in encrypting the item.

2.2. Obtain the key and create ds:KeyInfo Obtain the key and create ds:KeyInfo if necessaryif necessary

3.3. Encrypt the data and prepend any Encrypt the data and prepend any appropriate initialization vector (IV).appropriate initialization vector (IV).

4.4. Build CipherData elementBuild CipherData element If to be stored within CipherValue If to be stored within CipherValue

element, then encrypted data is base64 element, then encrypted data is base64 encoded.encoded.

If encrypted data is external, then create If encrypted data is external, then create CipherReference with URI and any CipherReference with URI and any transforms.transforms.

5.5. Build EncryptedData or EncryptedKey Build EncryptedData or EncryptedKey structurestructure

XML Encryption ExampleXML Encryption Example

<payment> <order_number>1001</order_number> <customer>Joe Smith</customer> <creditcard> <number>4111 1111 1111 1111</number> <expiration_month>01</expiration_month> <expiration_year>2007</expiration_year> <ccv2>123</ccv2> </creditcard></payment>

XML Encryption XML Encryption ExampleExample

Element / Shared Secret KeyElement / Shared Secret Key<?xml version="1.0"?><payment> <order_number>1001</order_number> <customer>Joe Smith</customer> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <CipherData> <CipherValue>C5X1I65RCX…</CipherValue> </CipherData> </EncryptedData></payment>

XML Encryption XML Encryption Example: CodeExample: Code

require('xmlseclibs.php');require('xmlseclibs.php');/* Using a shared secret key for encryption *//* Using a shared secret key for encryption */$key = 'secret';$key = 'secret';

$doc = new DOMDocument();$doc = new DOMDocument();$xpath = new DOMXPath($doc ->load('payment.xml'));$xpath = new DOMXPath($doc ->load('payment.xml'));$creditcard = $xpath->query("//creditcard")->item(0);$creditcard = $xpath->query("//creditcard")->item(0);

$enc = new XMLSecEnc();$enc = new XMLSecEnc();$enc->setNode($creditcard);$enc->setNode($creditcard);$enc->type = XMLSecEnc::Element;$enc->type = XMLSecEnc::Element;

/* Use the libraries to encrypt the credit card element within the /* Use the libraries to encrypt the credit card element within the document */document */

$objKey = new $objKey = new XMLSecurityKey(XMLSecurityKey::TRIPLEDES_CBC);XMLSecurityKey(XMLSecurityKey::TRIPLEDES_CBC);

$objKey->loadKey($key);$objKey->loadKey($key);

$encNode = $enc->encryptNode($objKey);$encNode = $enc->encryptNode($objKey);

print $encNode->ownerDocument->saveXML();print $encNode->ownerDocument->saveXML();


Element Content / Shared Element Content / Shared Secret KeySecret Key

<?xml version="1.0"?><payment> <order_number>1001</order_number> <customer>Joe Smith</customer> <creditcard><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <CipherData> <CipherValue>C5X1I65RCX…</CipherValue> </CipherData> </EncryptedData></creditcard></payment>


Arbitrary Data with Shared Arbitrary Data with Shared Secret KeySecret Key

<?xml version='1.0'?><EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#' MimeType='text/xml'> <CipherData> <CipherValue>...C5X1I65RCX...</CipherValue> </CipherData></EncryptedData>

XML Encryption: XML Encryption: DecryptingDecrypting

1.1. Determine encryption algorithm and Determine encryption algorithm and parameters.parameters.

2.2. Obtain the decryption key information.Obtain the decryption key information.3.3. Obtain the data to decrypt.Obtain the data to decrypt.

If CipherData has a CipherValue child If CipherData has a CipherValue child then base-64 decode its contents.then base-64 decode its contents.

If CipherData has a CipherReference If CipherData has a CipherReference child, retrieve the data and apply any child, retrieve the data and apply any Transforms.Transforms.

4.4. Depending upon algorithm and Depending upon algorithm and parameters, strip any IV from the data parameters, strip any IV from the data to use for decryption.to use for decryption.

5.5. Decrypt the cipher data with the Decrypt the cipher data with the encryption algorithm, parameters, and encryption algorithm, parameters, and keying material.keying material.

XML Encryption: Decrypting Example XML Encryption: Decrypting Example (Infocard)(Infocard)

<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">Type="http://www.w3.org/2001/04/xmlenc#Element"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbcaes256-cbc"/>"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-="http://www.w3.org/2001/04/xmlenc#rsa-oaep-

mgf1p"mgf1p">> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </e:EncryptionMethod></e:EncryptionMethod> <KeyInfo><KeyInfo> <o:SecurityTokenReference xmlns:o="<o:SecurityTokenReference xmlns:o="…/oasis-200401-wss-wssecurity-secext-…/oasis-200401-wss-wssecurity-secext-

1.0.xsd1.0.xsd">"> . . .</o:SecurityTokenReference>. . .</o:SecurityTokenReference> </KeyInfo></KeyInfo> <e:CipherData><e:CipherData> <e:CipherValue>kXja26CSDKssMeqJcsJttLg…</e:CipherValue><e:CipherValue>kXja26CSDKssMeqJcsJttLg…</e:CipherValue> </e:CipherData></e:CipherData> </e:EncryptedKey></e:EncryptedKey>

</KeyInfo></KeyInfo> <CipherData><CipherValue>eIreM+S35Q+=…</CipherValue></CipherData><CipherData><CipherValue>eIreM+S35Q+=…</CipherValue></CipherData></EncryptedData></EncryptedData>

XML Encryption: Code XML Encryption: Code (Infocard)(Infocard)

require('xmlseclibs.php');require('xmlseclibs.php');

define('PRIVATE_KEY', 'site_sslprivate.key');define('PRIVATE_KEY', 'site_sslprivate.key');define('SAML_ASSERT_NS', define('SAML_ASSERT_NS',

'urn:oasis:names:tc:SAML:1.0:assertion');'urn:oasis:names:tc:SAML:1.0:assertion');

$encdom = new DOMDocument();$encdom = new DOMDocument();$encdom->loadXML($xmlToken);$encdom->loadXML($xmlToken);

$objenc = new XMLSecEnc();$objenc = new XMLSecEnc();$encData = $objenc->locateEncryptedData($encdom);$encData = $objenc->locateEncryptedData($encdom);if (! $encData) {if (! $encData) {

throw new Exception("Cannot locate Encrypted Data");throw new Exception("Cannot locate Encrypted Data");}}$objenc->setNode($encData);$objenc->setNode($encData);$objenc->type = $encData->getAttribute("Type");$objenc->type = $encData->getAttribute("Type");

XML Encryption: Code XML Encryption: Code (Infocard)(Infocard)$key = NULL;$key = NULL;

$objKey = $objenc->locateKey();$objKey = $objenc->locateKey();if ($objKey)if ($objKey)

if ($objKeyInfo = $objenc->locateKeyInfo($objKey))if ($objKeyInfo = $objenc->locateKeyInfo($objKey))if ($objKeyInfo->isEncrypted) {if ($objKeyInfo->isEncrypted) {

$objencKey = $objKeyInfo->encryptedCtx;$objencKey = $objKeyInfo->encryptedCtx;$objKeyInfo->loadKey(PRIVATE_KEY, TRUE);$objKeyInfo->loadKey(PRIVATE_KEY, TRUE);$key = $objencKey->decryptKey($objKeyInfo);$key = $objencKey->decryptKey($objKeyInfo);

}}if (empty($objKey) || empty($key))if (empty($objKey) || empty($key))

throw new Exception("Error loading key to handle Decryption");throw new Exception("Error loading key to handle Decryption");

$objKey->loadKey($key);$objKey->loadKey($key);

$token = NULL;$token = NULL;if ($decrypt = $objenc->decryptNode($objKey, FALSE)) {if ($decrypt = $objenc->decryptNode($objKey, FALSE)) {

$token = new DOMDocument();$token = new DOMDocument();$token->loadXML($decrypt);$token->loadXML($decrypt);

}}

XML Encryption: Code XML Encryption: Code (Infocard)(Infocard)<saml:Assertion ... AssertionID="uuid:17818733-c534-42d9-a6f6-<saml:Assertion ... AssertionID="uuid:17818733-c534-42d9-a6f6-

4bb1c32d0de7">4bb1c32d0de7">  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo><SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-

c14n#"/>c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-

sha1"/>sha1"/> <Reference URI="#uuid:17818733-c534-42d9-a6f6-4bb1c32d0de7"><Reference URI="#uuid:17818733-c534-42d9-a6f6-4bb1c32d0de7"> <Transforms> . . . </Transforms><Transforms> . . . </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>eHLrK4QSEkrDhHXZYHgGJMkPAU4=</DigestValue><DigestValue>eHLrK4QSEkrDhHXZYHgGJMkPAU4=</DigestValue> </Reference></Reference> </SignedInfo></SignedInfo> <SignatureValue>0uDR9pr/TusV...</SignatureValue><SignatureValue>0uDR9pr/TusV...</SignatureValue> <KeyInfo><KeyValue><KeyInfo><KeyValue> <RSAKeyValue><RSAKeyValue> <Modulus>8llAGAvlPuG...</Modulus><Modulus>8llAGAvlPuG...</Modulus> <Exponent>AQAB</Exponent><Exponent>AQAB</Exponent> </RSAKeyValue></RSAKeyValue> </KeyValue></KeyInfo></KeyValue></KeyInfo> </Signature></Signature>

XML Encryption: Code XML Encryption: Code (Infocard)(Infocard)/* Validate the SAML token *//* Validate the SAML token */

$objXMLSecDSig = new XMLSecurityDSig();$objXMLSecDSig = new XMLSecurityDSig();$objXMLSecDSig->idKeys[] = 'AssertionID';$objXMLSecDSig->idKeys[] = 'AssertionID';$objDSig = $objXMLSecDSig->locateSignature($token);$objDSig = $objXMLSecDSig->locateSignature($token);

/* Canonicalize the signed info *//* Canonicalize the signed info */$objXMLSecDSig->canonicalizeSignedInfo();$objXMLSecDSig->canonicalizeSignedInfo();

$retVal = NULL;$retVal = NULL;if ($objDSig) { $retVal = $objXMLSecDSig->validateReference(); }if ($objDSig) { $retVal = $objXMLSecDSig->validateReference(); }

if (! $retVal) { throw new Exception("SAML Validation Failed"); }if (! $retVal) { throw new Exception("SAML Validation Failed"); }

$objKey = $objXMLSecDSig->locateKey();$objKey = $objXMLSecDSig->locateKey();/* Additional Key handling here *//* Additional Key handling here */

if (empty($objKey)) throw new Exception("Error loading key to handle if (empty($objKey)) throw new Exception("Error loading key to handle Signature");Signature");

if (! $objXMLSecDSig->verify($objKey))if (! $objXMLSecDSig->verify($objKey))throw new Exception("Unable to validate Signature");throw new Exception("Unable to validate Signature");

Signing and EncryptingSigning and Encrypting Sign and then EncryptSign and then Encrypt

Provides signature protectionProvides signature protection Allows for encryption algorithm to be changed Allows for encryption algorithm to be changed

without affecting signaturewithout affecting signature Incurs additional overhead as you must Incurs additional overhead as you must

decrypt before you can verifydecrypt before you can verify Encrypt and then SignEncrypt and then Sign

Immediately know if data has been tampered Immediately know if data has been tampered withwith

Document can no longer be shared with other Document can no longer be shared with other parties without revealing decryption keyparties without revealing decryption key

Sender identity is revealedSender identity is revealed

Questions?Questions?

XML Encryption in WS-XML Encryption in WS-SecuritySecurity

<env:Envelope<env:Envelope xmlns:env="http://www.w3.org/2001/12/soap-envelope" xmlns:env="http://www.w3.org/2001/12/soap-envelope" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <env:Header><env:Header> <wsse:Security<wsse:Security

xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/sexmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">cext">

<xenc:ReferenceList><xenc:ReferenceList> <xenc:DataReference URI="#encryptedID"/><xenc:DataReference URI="#encryptedID"/> </xenc:ReferenceList></xenc:ReferenceList> </wsse:Security></wsse:Security> </env:Header></env:Header> <env:Body><env:Body> <xenc:EncryptedData Id="encryptedID"> <xenc:EncryptedData Id="encryptedID"> <xenc:CipherData><xenc:CipherData> <xenc:CipherValue>...</xenc:CipherValue><xenc:CipherValue>...</xenc:CipherValue> </xenc:CipherData></xenc:CipherData> </xenc:EncryptedData></xenc:EncryptedData> </env:Body></env:Body></env:Envelope></env:Envelope>

XML Signature using Digital XML Signature using Digital CertificateCertificate

<Envelope xmlns="urn:envelope"><Envelope xmlns="urn:envelope"> <Data><Data>Hello, World!Hello, World! </Data></Data><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-

exc-c14n#"/>exc-c14n#"/><SignatureMethod <SignatureMethod

Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference><Reference><Transforms><Transforms><Transform <Transform

Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>signature"/>

</Transforms></Transforms><DigestMethod <DigestMethod

Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>HjY8ilZAIEM2tBbPn5mYO1ieIX4=</<DigestValue>HjY8ilZAIEM2tBbPn5mYO1ieIX4=</

DigestValue>DigestValue></Reference></Reference></SignedInfo></SignedInfo><SignatureValue>SIaj/6KY3C . . .</SignatureValue><SignatureValue>SIaj/6KY3C . . .</SignatureValue><KeyInfo><KeyInfo> <X509Data><X509Data> <X509Certificate>MIIE3zCCBEjAUB9 . . <X509Certificate>MIIE3zCCBEjAUB9 . .

.</X509Certificate>.</X509Certificate> </X509Data></X509Data></KeyInfo></KeyInfo></Signature></Envelope></Signature></Envelope>

XML Encryption w/ Digital XML Encryption w/ Digital CertificateCertificate

<EncryptedData xmlns="<EncryptedData xmlns="http://www.w3.org/2001/04/http://www.w3.org/2001/04/xmlencxmlenc#"#"

Type="http://www.w3.org/2001/04/xmlenc#Element">Type="http://www.w3.org/2001/04/xmlenc#Element">

<EncryptionMethod <EncryptionMethod

Algorithm="http://www.w3.org/2001/04/xmlenc#tripleAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>des-cbc"/>

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey <EncryptedKey

xmlns="http://www.w3.org/2001/04/xmlenc#">xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod <EncryptionMethod

Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>oaep-mgf1p"/>

<KeyInfo <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">xmlns="http://www.w3.org/2000/09/xmldsig#">

<KeyName>rsakey.pem</KeyName><KeyName>rsakey.pem</KeyName> </KeyInfo></KeyInfo> <CipherData><CipherData> <CipherValue>IPiEu9Nv+EsGyvV . . .</CipherValue><CipherValue>IPiEu9Nv+EsGyvV . . .</CipherValue> </CipherData></CipherData> </EncryptedKey></EncryptedKey></KeyInfo></KeyInfo><CipherData><CipherData> <CipherValue>xrfPSA+BEI+8 . . .</CipherValue><CipherValue>xrfPSA+BEI+8 . . .</CipherValue></CipherData></CipherData></EncryptedData></EncryptedData>

XML Security September 13, 2006 Robert Richards [email protected].

Documents

Transcript of XML Security September 13, 2006 Robert Richards [email protected].