[simplesamlphp] r3134 committed - SAML2_Utils: Fix for attack against PKCS#1 v1.5 described in a new pap...

Wed, 01 Aug 2012 23:25:32 -0700 

Revision: 3134
Author:   olavmrk
Date:     Wed Aug  1 23:25:23 2012
Log: SAML2_Utils: Fix for attack against PKCS#1 v1.5 described in a new paper. 


See:  
http://www.nds.rub.de/research/publications/breaking-xml-encryption-pkcs15/


This fix avoids the problems described in that paper by taking two
measures:
- Require that decrypted contents is at least 4 bytes, since that is the
  shortest length of an XML element.
- Generate a (invalid) symmetric key that is deterministic for a given
  encrypted key and private key.

Merged into 1.9-branch from r3132.
http://code.google.com/p/simplesamlphp/source/detail?r=3134

Modified:
 /branches/simplesamlphp-1.9/lib/SAML2/Utils.php

=======================================
--- /branches/simplesamlphp-1.9/lib/SAML2/Utils.php     Fri Mar 30 04:12:48 2012
+++ /branches/simplesamlphp-1.9/lib/SAML2/Utils.php     Wed Aug  1 23:25:23 2012
@@ -398,9 +398,13 @@

 				SimpleSAML_Logger::error('Failed to decrypt symmetric key: ' .  
$e->getMessage());
 				/* Create a replacement key, so that it looks like we fail in the same  
way as if the key was correctly padded. */



-				/* We base the symmetric key on the encrypted key, so that we always  
behave the same way for a given input key. */
+				/* We base the symmetric key on the encrypted key and private key, so  
that we always behave the

+                                * same way for a given input key.
+                                */
                                $encryptedKey = $encKey->getCipherValue();
-                               $key = md5($encryptedKey, TRUE);
+                               $pkey = 
openssl_pkey_get_details($symmetricKeyInfo->key);
+                               $pkey = sha1(serialize($pkey), TRUE);
+                               $key = sha1($encryptedKey . $pkey, TRUE);

                                /* Make sure that the key has the correct 
length. */
                                if (strlen($key) > $keySize) {
@@ -431,7 +435,7 @@
                 */

 		$xml = '<root xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>'.$decrypted.'</root>';

                $newDoc = new DOMDocument();
-               if (!$newDoc->loadXML($xml)) {
+               if (!@$newDoc->loadXML($xml)) {

 			throw new Exception('Failed to parse decrypted XML. Maybe the wrong  
sharedkey was used?');

                }
                $decryptedElement = $newDoc->firstChild->firstChild;

--
You received this message because you are subscribed to the Google Groups 
"simpleSAMLphp commits" group.
To post to this group, send email to simplesamlphp-commits@googlegroups.com.
To unsubscribe from this group, send email to 
simplesamlphp-commits+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/simplesamlphp-commits?hl=en.















    











					Reply via email to