From 09c5a23fce38022bc7ba1450902236383aaa90d7 Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst <thijs@kinkhorst.com> Date: Thu, 5 Nov 2015 15:35:45 +0000 Subject: [PATCH] Make SHA-256 the default signature algorithm. SHA-1 is still supported but needs to be configured explicitly if you need it. --- config-templates/authsources.php | 20 -------------------- docs/simplesamlphp-reference-idp-hosted.txt | 3 ++- docs/simplesamlphp-reference-idp-remote.txt | 3 ++- docs/simplesamlphp-reference-sp-remote.txt | 3 ++- metadata-templates/saml20-idp-hosted.php | 20 -------------------- modules/adfs/lib/IdP/ADFS.php | 1 + modules/saml/docs/sp.txt | 3 ++- modules/saml/lib/Message.php | 12 +----------- 8 files changed, 10 insertions(+), 55 deletions(-) diff --git a/config-templates/authsources.php b/config-templates/authsources.php index 2865d3453..ae3d53f56 100644 --- a/config-templates/authsources.php +++ b/config-templates/authsources.php @@ -28,26 +28,6 @@ $config = array( // Can be NULL/unset, in which case a builtin discovery service will be used. 'discoURL' => null, - /* - * WARNING: SHA-1 is disallowed starting January the 1st, 2014. - * - * Uncomment the following option to start using SHA-256 for your signatures. - * Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since - * 2011, and will be disallowed by NIST as of 2014. Please refer to the following - * document for more information: - * - * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf - * - * If you are uncertain about identity providers supporting SHA-256 or other - * algorithms of the SHA-2 family, you can configure it individually in the - * IdP-remote metadata set for those that support it. Once you are certain that - * all your configured IdPs support SHA-2, you can safely remove the configuration - * options in the IdP-remote metadata set and uncomment the following option. - * - * Please refer to the hosted SP configuration reference for more information. - */ - //'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', - /* * The attributes parameter must contain an array of desired attributes by the SP. * The attributes can be expressed as an array of names or as an associative array diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt index e82cebab8..bff8d633f 100644 --- a/docs/simplesamlphp-reference-idp-hosted.txt +++ b/docs/simplesamlphp-reference-idp-hosted.txt @@ -294,12 +294,13 @@ The following SAML 2.0 options are available: the default one. `signature.algorithm` -: The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA1. +: The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA256. : Possible values: * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + The default. * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt index 078b3ce51..390ed5af5 100644 --- a/docs/simplesamlphp-reference-idp-remote.txt +++ b/docs/simplesamlphp-reference-idp-remote.txt @@ -143,7 +143,7 @@ The following SAML 2.0 options are available: : Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses. `signature.algorithm` -: The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA1. +: The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA256. : Note that this option also exists in the SP configuration. This value in the IdP remote metadata overrides the value in the SP configuration. : Possible values: @@ -151,6 +151,7 @@ The following SAML 2.0 options are available: * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + The default. * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` diff --git a/docs/simplesamlphp-reference-sp-remote.txt b/docs/simplesamlphp-reference-sp-remote.txt index 7b6429446..6ad584448 100644 --- a/docs/simplesamlphp-reference-sp-remote.txt +++ b/docs/simplesamlphp-reference-sp-remote.txt @@ -238,7 +238,7 @@ The following SAML 2.0 options are available: The value in the SP-remote metadata overrides the value in the IdP-hosted metadata. `signature.algorithm` -: The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA1. +: The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA256. : Note that this option also exists in the IdP-hosted metadata. The value in the SP-remote metadata overrides the value in the IdP-hosted metadata. : Possible values: @@ -246,6 +246,7 @@ The following SAML 2.0 options are available: * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + The default. * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` diff --git a/metadata-templates/saml20-idp-hosted.php b/metadata-templates/saml20-idp-hosted.php index 87c03f6be..a1ac53767 100644 --- a/metadata-templates/saml20-idp-hosted.php +++ b/metadata-templates/saml20-idp-hosted.php @@ -23,26 +23,6 @@ $metadata['__DYNAMIC:1__'] = array( */ 'auth' => 'example-userpass', - /* - * WARNING: SHA-1 is disallowed starting January the 1st, 2014. - * - * Uncomment the following option to start using SHA-256 for your signatures. - * Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since - * 2011, and will be disallowed by NIST as of 2014. Please refer to the following - * document for more information: - * - * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf - * - * If you are uncertain about service providers supporting SHA-256 or other - * algorithms of the SHA-2 family, you can configure it individually in the - * SP-remote metadata set for those that support it. Once you are certain that - * all your configured SPs support SHA-2, you can safely remove the configuration - * options in the SP-remote metadata set and uncomment the following option. - * - * Please refer to the IdP hosted reference for more information. - */ - //'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', - /* Uncomment the following to use the uri NameFormat on attributes. */ /* 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php index 8fd9699e8..3db1cddb6 100644 --- a/modules/adfs/lib/IdP/ADFS.php +++ b/modules/adfs/lib/IdP/ADFS.php @@ -96,6 +96,7 @@ class sspmod_adfs_IdP_ADFS { $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $response)); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); + /* TODO: this hardcodes SHA-1. Can we upgrade to something better? */ $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'AssertionID')); diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt index c3a24c8f1..7833ebdce 100644 --- a/modules/saml/docs/sp.txt +++ b/modules/saml/docs/sp.txt @@ -333,12 +333,13 @@ Options : *Note*: SAML 2 specific. `signature.algorithm` -: The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA1. +: The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA256. : Possible values: * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + The default. * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php index da841b5bb..eb926394a 100644 --- a/modules/saml/lib/Message.php +++ b/modules/saml/lib/Message.php @@ -30,17 +30,7 @@ class sspmod_saml_Message { $algo = $dstMetadata->getString('signature.algorithm', NULL); if ($algo === NULL) { - /* - * In the NIST Special Publication 800-131A, SHA-1 became deprecated for generating - * new digital signatures in 2011, and will be explicitly disallowed starting the 1st - * of January, 2014. We'll keep this as a default for the next release and mark it - * as deprecated, as part of the transition to SHA-256. - * - * See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf for more info. - * - * TODO: change default to XMLSecurityKey::RSA_SHA256. - */ - $algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA1); + $algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA256); } $privateKey = new XMLSecurityKey($algo, array('type' => 'private')); -- GitLab