From 09c5a23fce38022bc7ba1450902236383aaa90d7 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Thu, 5 Nov 2015 15:35:45 +0000
Subject: [PATCH] Make SHA-256 the default signature algorithm.

SHA-1 is still supported but needs to be configured explicitly if you need it.
---
 config-templates/authsources.php            | 20 --------------------
 docs/simplesamlphp-reference-idp-hosted.txt |  3 ++-
 docs/simplesamlphp-reference-idp-remote.txt |  3 ++-
 docs/simplesamlphp-reference-sp-remote.txt  |  3 ++-
 metadata-templates/saml20-idp-hosted.php    | 20 --------------------
 modules/adfs/lib/IdP/ADFS.php               |  1 +
 modules/saml/docs/sp.txt                    |  3 ++-
 modules/saml/lib/Message.php                | 12 +-----------
 8 files changed, 10 insertions(+), 55 deletions(-)

diff --git a/config-templates/authsources.php b/config-templates/authsources.php
index 2865d3453..ae3d53f56 100644
--- a/config-templates/authsources.php
+++ b/config-templates/authsources.php
@@ -28,26 +28,6 @@ $config = array(
         // Can be NULL/unset, in which case a builtin discovery service will be used.
         'discoURL' => null,
 
-        /*
-         * WARNING: SHA-1 is disallowed starting January the 1st, 2014.
-         *
-         * Uncomment the following option to start using SHA-256 for your signatures.
-         * Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
-         * 2011, and will be disallowed by NIST as of 2014. Please refer to the following
-         * document for more information:
-         *
-         * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
-         *
-         * If you are uncertain about identity providers supporting SHA-256 or other
-         * algorithms of the SHA-2 family, you can configure it individually in the
-         * IdP-remote metadata set for those that support it. Once you are certain that
-         * all your configured IdPs support SHA-2, you can safely remove the configuration
-         * options in the IdP-remote metadata set and uncomment the following option.
-         *
-         * Please refer to the hosted SP configuration reference for more information.
-          */
-        //'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
-
         /*
          * The attributes parameter must contain an array of desired attributes by the SP.
          * The attributes can be expressed as an array of names or as an associative array
diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt
index e82cebab8..bff8d633f 100644
--- a/docs/simplesamlphp-reference-idp-hosted.txt
+++ b/docs/simplesamlphp-reference-idp-hosted.txt
@@ -294,12 +294,13 @@ The following SAML 2.0 options are available:
 	the default one.
 
 `signature.algorithm`
-:   The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA1.
+:   The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA256.
 :   Possible values:
 
     * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
        *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+       The default.
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
 
diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt
index 078b3ce51..390ed5af5 100644
--- a/docs/simplesamlphp-reference-idp-remote.txt
+++ b/docs/simplesamlphp-reference-idp-remote.txt
@@ -143,7 +143,7 @@ The following SAML 2.0 options are available:
 :   Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses.
 
 `signature.algorithm`
-:   The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA1.
+:   The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA256.
 :   Note that this option also exists in the SP configuration.
     This value in the IdP remote metadata overrides the value in the SP configuration.
 :   Possible values:
@@ -151,6 +151,7 @@ The following SAML 2.0 options are available:
     * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
        *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+      The default.
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
 
diff --git a/docs/simplesamlphp-reference-sp-remote.txt b/docs/simplesamlphp-reference-sp-remote.txt
index 7b6429446..6ad584448 100644
--- a/docs/simplesamlphp-reference-sp-remote.txt
+++ b/docs/simplesamlphp-reference-sp-remote.txt
@@ -238,7 +238,7 @@ The following SAML 2.0 options are available:
     The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
 
 `signature.algorithm`
-:   The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA1.
+:   The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA256.
 :   Note that this option also exists in the IdP-hosted metadata.
     The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
 :   Possible values:
@@ -246,6 +246,7 @@ The following SAML 2.0 options are available:
     * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
        *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+       The default.
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
 
diff --git a/metadata-templates/saml20-idp-hosted.php b/metadata-templates/saml20-idp-hosted.php
index 87c03f6be..a1ac53767 100644
--- a/metadata-templates/saml20-idp-hosted.php
+++ b/metadata-templates/saml20-idp-hosted.php
@@ -23,26 +23,6 @@ $metadata['__DYNAMIC:1__'] = array(
 	 */
 	'auth' => 'example-userpass',
 
-	/*
-	 * WARNING: SHA-1 is disallowed starting January the 1st, 2014.
-	 *
-	 * Uncomment the following option to start using SHA-256 for your signatures.
-	 * Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
-	 * 2011, and will be disallowed by NIST as of 2014. Please refer to the following
-	 * document for more information:
-	 * 
-	 * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
-	 *
-	 * If you are uncertain about service providers supporting SHA-256 or other
-	 * algorithms of the SHA-2 family, you can configure it individually in the
-	 * SP-remote metadata set for those that support it. Once you are certain that
-	 * all your configured SPs support SHA-2, you can safely remove the configuration
-	 * options in the SP-remote metadata set and uncomment the following option.
-	 *
-	 * Please refer to the IdP hosted reference for more information.
-	 */
-	//'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
-
 	/* Uncomment the following to use the uri NameFormat on attributes. */
 	/*
 	'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 8fd9699e8..3db1cddb6 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -96,6 +96,7 @@ class sspmod_adfs_IdP_ADFS {
 		$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);	
 		$responsedom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
 		$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
+		/* TODO: this hardcodes SHA-1. Can we upgrade to something better? */
 		$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
 			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
 			array('id_name' => 'AssertionID'));
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index c3a24c8f1..7833ebdce 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -333,12 +333,13 @@ Options
 :   *Note*: SAML 2 specific.
 
 `signature.algorithm`
-:   The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA1.
+:   The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA256.
 :   Possible values:
 
     * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
        *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+       The default.
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
     * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
 
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index da841b5bb..eb926394a 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -30,17 +30,7 @@ class sspmod_saml_Message {
 
 		$algo = $dstMetadata->getString('signature.algorithm', NULL);
 		if ($algo === NULL) {
-			/*
-			 * In the NIST Special Publication 800-131A, SHA-1 became deprecated for generating
-			 * new digital signatures in 2011, and will be explicitly disallowed starting the 1st
-			 * of January, 2014. We'll keep this as a default for the next release and mark it
-			 * as deprecated, as part of the transition to SHA-256.
-			 *
-			 * See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf for more info.
-			 *
-			 * TODO: change default to XMLSecurityKey::RSA_SHA256.
-			 */
-			$algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA1);
+			$algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA256);
 		}
 
 		$privateKey = new XMLSecurityKey($algo, array('type' => 'private'));
-- 
GitLab