Skip to content
Snippets Groups Projects
Commit 54e93fd1 authored by Jaime Perez Crespo's avatar Jaime Perez Crespo
Browse files

Revert "Make SHA-256 the default signature algorithm."

This reverts commit 09c5a23f.
parent 7a801334
No related branches found
No related tags found
No related merge requests found
...@@ -28,6 +28,26 @@ $config = array( ...@@ -28,6 +28,26 @@ $config = array(
// Can be NULL/unset, in which case a builtin discovery service will be used. // Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null, 'discoURL' => null,
/*
* WARNING: SHA-1 is disallowed starting January the 1st, 2014.
*
* Uncomment the following option to start using SHA-256 for your signatures.
* Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
* 2011, and will be disallowed by NIST as of 2014. Please refer to the following
* document for more information:
*
* http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
*
* If you are uncertain about identity providers supporting SHA-256 or other
* algorithms of the SHA-2 family, you can configure it individually in the
* IdP-remote metadata set for those that support it. Once you are certain that
* all your configured IdPs support SHA-2, you can safely remove the configuration
* options in the IdP-remote metadata set and uncomment the following option.
*
* Please refer to the hosted SP configuration reference for more information.
*/
//'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
/* /*
* The attributes parameter must contain an array of desired attributes by the SP. * The attributes parameter must contain an array of desired attributes by the SP.
* The attributes can be expressed as an array of names or as an associative array * The attributes can be expressed as an array of names or as an associative array
......
...@@ -294,13 +294,12 @@ The following SAML 2.0 options are available: ...@@ -294,13 +294,12 @@ The following SAML 2.0 options are available:
the default one. the default one.
`signature.algorithm` `signature.algorithm`
: The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA256. : The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA1.
: Possible values: : Possible values:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1` * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
......
...@@ -143,7 +143,7 @@ The following SAML 2.0 options are available: ...@@ -143,7 +143,7 @@ The following SAML 2.0 options are available:
: Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses. : Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses.
`signature.algorithm` `signature.algorithm`
: The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA256. : The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA1.
: Note that this option also exists in the SP configuration. : Note that this option also exists in the SP configuration.
This value in the IdP remote metadata overrides the value in the SP configuration. This value in the IdP remote metadata overrides the value in the SP configuration.
: Possible values: : Possible values:
...@@ -151,7 +151,6 @@ The following SAML 2.0 options are available: ...@@ -151,7 +151,6 @@ The following SAML 2.0 options are available:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1` * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
......
...@@ -238,7 +238,7 @@ The following SAML 2.0 options are available: ...@@ -238,7 +238,7 @@ The following SAML 2.0 options are available:
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata. The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
`signature.algorithm` `signature.algorithm`
: The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA256. : The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA1.
: Note that this option also exists in the IdP-hosted metadata. : Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata. The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
: Possible values: : Possible values:
...@@ -246,7 +246,6 @@ The following SAML 2.0 options are available: ...@@ -246,7 +246,6 @@ The following SAML 2.0 options are available:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1` * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
......
...@@ -23,6 +23,26 @@ $metadata['__DYNAMIC:1__'] = array( ...@@ -23,6 +23,26 @@ $metadata['__DYNAMIC:1__'] = array(
*/ */
'auth' => 'example-userpass', 'auth' => 'example-userpass',
/*
* WARNING: SHA-1 is disallowed starting January the 1st, 2014.
*
* Uncomment the following option to start using SHA-256 for your signatures.
* Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
* 2011, and will be disallowed by NIST as of 2014. Please refer to the following
* document for more information:
*
* http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
*
* If you are uncertain about service providers supporting SHA-256 or other
* algorithms of the SHA-2 family, you can configure it individually in the
* SP-remote metadata set for those that support it. Once you are certain that
* all your configured SPs support SHA-2, you can safely remove the configuration
* options in the SP-remote metadata set and uncomment the following option.
*
* Please refer to the IdP hosted reference for more information.
*/
//'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
/* Uncomment the following to use the uri NameFormat on attributes. */ /* Uncomment the following to use the uri NameFormat on attributes. */
/* /*
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
......
...@@ -96,7 +96,6 @@ class sspmod_adfs_IdP_ADFS { ...@@ -96,7 +96,6 @@ class sspmod_adfs_IdP_ADFS {
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
$responsedom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $response)); $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
/* TODO: this hardcodes SHA-1. Can we upgrade to something better? */
$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
array('id_name' => 'AssertionID')); array('id_name' => 'AssertionID'));
......
...@@ -333,13 +333,12 @@ Options ...@@ -333,13 +333,12 @@ Options
: *Note*: SAML 2 specific. : *Note*: SAML 2 specific.
`signature.algorithm` `signature.algorithm`
: The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA256. : The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA1.
: Possible values: : Possible values:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1` * `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
......
...@@ -30,7 +30,17 @@ class sspmod_saml_Message { ...@@ -30,7 +30,17 @@ class sspmod_saml_Message {
$algo = $dstMetadata->getString('signature.algorithm', NULL); $algo = $dstMetadata->getString('signature.algorithm', NULL);
if ($algo === NULL) { if ($algo === NULL) {
$algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA256); /*
* In the NIST Special Publication 800-131A, SHA-1 became deprecated for generating
* new digital signatures in 2011, and will be explicitly disallowed starting the 1st
* of January, 2014. We'll keep this as a default for the next release and mark it
* as deprecated, as part of the transition to SHA-256.
*
* See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf for more info.
*
* TODO: change default to XMLSecurityKey::RSA_SHA256.
*/
$algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA1);
} }
$privateKey = new XMLSecurityKey($algo, array('type' => 'private')); $privateKey = new XMLSecurityKey($algo, array('type' => 'private'));
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment