-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support for RSASSA_PSS (sha256-rsa-MGF1) #262
base: master
Are you sure you want to change the base?
Conversation
Doesn't openssl support this? I don't think it makes sense to pull in the entire phpseclib as a dependency just for this. |
This seems to work without the added dependency on phpseclibs. |
Thanks for looking into it @tvdijen. Unfortunately your code does not create a valid signature for me. The reason I think is that it is missing the mask. openssl is only doing what my code is doing with
It is however missing those two methods:
But if that is implementable with openssl, then I of course would favor this version without the added dependency. But I am not deep enough into the matter to know if that works with openssl as well. |
Can you share an example of the expected signature xml? I am away for a couple of days, but I can try next weekend |
I created the keys using these commands from https://crypto.stackexchange.com/q/110953:
This is then the XML signed with those keys (using my solution):
Checking the signature on https://tools.chilkat.io/xmlDsigVerify.cshtml it says that it is valid. Using your code the XML is:
And checking that on https://tools.chilkat.io/xmlDsigVerify.cshtml it says that it is invalid. |
Ah right, so if I compare the two, the only difference is that my code produces an empty |
I think the issue still exists.. From what I understand, PSS is just not supported in openssl.. |
SignatureValue is now no longer empty. But still it is invalid. This is the XML with your new code:
According to https://www.openssl.org/docs/man3.3/man7/RSA-PSS.html : How do we set this padding mode? From the docs of openssl_public_encrypt():
None of those are working. But they all do not seem to be PSS, right? However openssl on the command line seems to support it:
See: https://stackoverflow.com/a/44430091/351893 So how can the PSS padding mode be used in openssl_public_encrypt() ? |
Try passing the number 6 as the padding type. This should correspond to
the PSS padding type
…On 5/15/24 7:13 AM, Jochen wrote:
SignatureValue is now no longer empty. But still it is invalid.
This is the XML with your new code:
|<?xml version="1.0" encoding="UTF-8"?> <ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"/>
<ds:Reference
URI="#pfxddb7c393-9632-d3e0-0605-9e03d7f8c11a"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>F5ERIUROtwhr+Nqj2QHLfYxpjg/yzQgOu+d8mKi3qXI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>FG2PGFY65IjerhVhFygssIpYZVpjzEcgtB3A65UHyG6P9Qt7xjK+UIt4+KavLRrMJQhy53oliLuJQlYRB+TaF13KxPZ9ulXCA/iOFOl+aENCG2lIQNT0I+ZDMwihvy5KJ+KYIjAAS2FSjlDoDo6y8bowml54kxMTkC6RV2hG+1OtYD5/gXVNAucYAwhs/gwb0Mqw4bwo16gencY4ogFoY0aoW8m2B1NcFOp1ZCdftUrYQd6h5A1FKeVn29a1So/129b7qHjDFv9DOY7WsnZs27C6INTf7KToSqUs0ZKzggfim0rBFZ/Sn4/SfZTVTjieADv7pRdp6T/6DAoypUDjhqSIFuCm/CTmjwa3CgnI85YzZoe3jsoAatgb/fl/JkoDnH8AafCkraoJmZ4OcOHZlSl+nWTCWIRri49AYnW3EzSEPdPkoBrLtT9waZbGIta2prxIWinahwOR7IS0OHXcWeHDXHsdxrcIg+ml3jxwOufD7jeNfFrdurUykeM0ksLrvLq3eNbyZEZofNmu1IlZWeTjH1xyM3E515TgRmqu2bETzAQbUhgwzjogwQTaxgCtjPJ6oe2yiMVagNLHWyciR1LOcxGDHHQpnaiNaPqRiwY2inUXChgFkY7cbXgBklteueHNHv11N3LiFgjyFM8uPG6qukjKaYmxz0xAoxLiqDo=</ds:SignatureValue>\n
<ds:KeyInfo><ds:X509Data><ds:X509SubjectName>O=Internet Widgits Pty
Ltd,ST=Some-State,C=AU</ds:X509SubjectName><ds:X509Certificate>MIIF0zCCA4egAwIBAgIUAT4xgNPYSFFlwlKzPodugR0Tle0wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMjQwNTE1MTEwNDM1WhcNMzQwNTEzMTEwNDM1WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnfy9BZKj9nTHAoapXCtsv/6KTNu43pV8PV8HxSvmldpVMytV4XudqdQvuve1pYH9L1zKezs0GQ5o/hpgfftc2B3p2kNAaKYRyhoKjZVKomwrjRcVkB96C+aB6QjoNXFNZFYWKOMS+kYTF+kic55jL8yJtVeTpz3hGNmm1Np1vqa6jptgc8dSDC5ig1WsWSrX6AgWTseSQwggp44bBG90lciiC0v/W8wBo1LDuUEBK5DE71ByQL4rtiw8UF4OFBsWs8Ge13PG4n2umSM0fu5CcD0Dld9ec/sLHUyP5zMd8i4FDYMVGJRwBVpBUv0fQ2/1LjrHT5Plgcw5OA6yG6RfFh/+cBQbRCT+U8TNftp893L5/fuVSH/n+c5TCWkzueMww/9awgM90hX1wukNSczKcQxvgF4am6Sv6y9XtO3+wQN9GMkKbChLkcD6yhHUatisnJcr8QT+MtG0Vx3sT1OEtnJuqraNlB7VcE8QUrRrV00iEQ1XeJK9ASJdB44sGjfcceDc4byFSbevz3s0qN6qQ9s4uJO0Rf0KniODgiEBQ/lHwRMFX8g2a8lE2Ms6XJOfMT5xw6MHvnXu/woz2T+lGWA4o/ugcc3ln6tzYgqhD7NJT1pOWPW3aUeEia59DHHpcX1AYoXwCa8892cEeC/KYsOuN55jX+lp74fcbGc6vCsCAwEAAaNTMFEwHQYDVR0OBBYEFAAvdHS4yMWYEB0ANJW8KELjd1c+MB8GA1UdIwQYMBaAFAAvdHS4yMWYEB0ANJW8KELjd1c+MA8GA1UdEwEB/wQFMAMBAf8wQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4ICAQANXSXIDUThJIxkwyNuLIdt12TFf5K+WoZ0dX8WOosVwt9AwsklM12AjcVecsEo5UUPSoMEK/jJCjooSz2T6IBQE89a9FEeiQRdIunfZlrUJdmMwRXJml4sVn/+qMmNSyyzHBG4ivcJJRWCGW/iV91jAx+/jf+qACTvH4fwfovs868uRBpSON6AKyWuoaTiCnmSop0PdlNc5HEUfoMfoRfTZxyaiEgbXXOgHZ8CXAqvelaSCSWxhPsrF7KHBgi/G9rloucuS6sewQ46GxKx0ozrsGmnHoTFCp87QKcXpAb468kuOwIreb9jTzZjeEMloJ+W9H73WYnGD9/gAjCsLgCH2cvq635zaWa9d/+oH7PXJXArmxlhkxfXUK49lXkBMzEFSA1M2PMpjNVGU1HfbKUhXiWDqABMzLOSCcFkPLpmoSpmPQAb0XT2WbjTBETwe0tT2M9Pzs2MZxMgtdy1Q1+uWlD92S9X5/Km3G+JGAGqbNe+Vl/yyOvWAUJqwbgADIwhEawbcCfUiNH/LVjHhbTW8feolST/aeYKrpnLDuHXIajE/9CSpSfZjJ2u+Sh6/gGDlDCnXMI8INBbuiODbbbWYbTXZLzM0uUo4cyfqi9fU5GJ2xmSMwH9KwZBC7JrDGQP3Ilqz4OvrGMJ0MZnqskMuKWFEHJfCWKVNwxu6Eo9mg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object
Id="pfxddb7c393-9632-d3e0-0605-9e03d7f8c11a"></ds:Object></ds:Signature> |
According to https://www.openssl.org/docs/man3.3/man7/RSA-PSS.html :
"Signing and verification is similar to the RSA algorithm except the
padding mode is always PSS"
How do we set this padding mode?
From the docs of openssl_public_encrypt():
|* @param int $padding [optional] <p> * <i>padding</i> can be one of *
<b>OPENSSL_PKCS1_PADDING</b>, * <b>OPENSSL_SSLV23_PADDING</b>, *
<b>OPENSSL_PKCS1_OAEP_PADDING</b>, * <b>OPENSSL_NO_PADDING</b>. |
None of those are working. But they all do not seem to be PSS, right?
However openssl on the command line seems to support it:
|-pkeyopt rsa_padding_mode:pss |
See: https://stackoverflow.com/a/44430091/351893
So how can the PSS padding mode be used in openssl_public_encrypt() ?
—
Reply to this email directly, view it on GitHub
<#262 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABTNRMCXGFOCH4QJKLF3UTZCM7NNAVCNFSM6AAAAABHVW3R62VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJSGIZTSMBRGE>.
You are receiving this because you are subscribed to this
thread.Message ID:
***@***.***>
|
I can pass 6 as the padding type. But it is still invalid. The I guess in addition we need, what this code is doing:
|
@robrichards I don't think the padding-option is used at all for signing.. We only pass it to the encryption/decryption methods. ext-openssl doesn't seem to support padding for signatures. |
How were you able to create such an XML file structure? Where the object has an Id that is linked to the Reference and passes the Digest verification? And as far as I can see, the certificate is currently failing the verification.
|
It's just not possible with |
Yes, that's why I'm using the phpseclib library and jochen-jung code. I've already realized that ext-openssl doesn't support this. |
Generating an enveloping signature seems to be possible by using the return value of addObject() as argument for addReference() instead of the document itself: https://github.com/robrichards/xmlseclibs/pull/262/files#diff-62c1d7e3f1633d58ab714af8e670493193a42f3f302cb5e662881dbe794eee92R374 |
In my project I needed to sign with the http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 algorithm.
To support this, I added phpseclib/phpseclib which has the possibility to create RSA keys in this format.