W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2012

RE: XML Signature 1.1 items at risk (removal)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Sun, 12 Aug 2012 00:37:42 -0700 (PDT)
Message-ID: <2d35fe32-7563-42c3-9592-7ff9157013a1@default>
To: "Cantor, Scott" <cantor.2@osu.edu>, Frederick.Hirsch@nokia.com, public-xmlsec@w3.org
I have uploaded test vectors for SHA224  and HMACOutputLength

For SHA224
==========
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha224.xml
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p256_sha224.xml
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p384_sha224.xml
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p521_sha224.xml
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-rsa-sha224.xml
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-sha224-rsa_sha256.xml

I noticed that the latest Dsig 1.1 spec does not have the SHA224 digest algorithm, i.e it doesn't have this one:
  <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224" />

Are we going to add this algorithm? Three of the above test cases uses SHA224 digest algorithm.


For HMACOutputLength
====================
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha1-truncated40.xml
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha1-truncated160.xml

The first one is truncated to 40 bytes, so it should be rejected.  The second one is not truncated at all, so it should be accepted.

Pratik

-----Original Message-----
From: Cantor, Scott [mailto:cantor.2@osu.edu] 
Sent: Monday, August 06, 2012 6:43 PM
To: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org
Subject: Re: XML Signature 1.1 items at risk (removal)

On 8/6/12 9:33 PM, "Frederick.Hirsch@nokia.com"
<Frederick.Hirsch@nokia.com> wrote:
>
>(1) SHA-224 related algorithms: ECDSA-SHA224, HMAC-SHA224, 
>RSAwithSHA224

By end of month I can produce a vector for these, or at least the public key ones, or verify somebody else's if they have one.

>(2) KeyInfo X509Data items: OCSPResponse, X509Digest (1 implementation 
>Apache Santuario)
>
>(3) KeyInfo items: DEREncodedKeyValue (1 implementation Apache 
>Santuario), KeyInfoReference (1 implementation Apache Santuario)

The KeyInfoReference implementation is OpenSAML from the Shibboleth project, rather than Santuario. It doesn't fit into the Santuario code base as a useful feature.

You can add OpenSAML to the DEREncodedKeyValue set also.

As we discussed last call, I'm the author in both projects.

Note that if you pull X509Digest, we're back to having a broken X509IssuerSerial as the alternative because people objected to fixing the schema.

>(4) HMACOutputLength

If there's an existing vector for this that used to be allowed but should now fail, can somebody identify it?

-- Scott
Received on Sunday, 12 August 2012 07:38:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 12 August 2012 07:38:22 GMT