260 likes | 479 Views
How to Use XML Security Standards in Real World Aleksey Sanin <aleksey@aleksey.Com> O’Reilly Open Source Convention July 7 - 11, 2003. Agenda. W3C XML Security specifications XML Security Library Practical XML Security. W3C XML Security Standards.
E N D
How to Use XML Security Standards in Real WorldAleksey Sanin <aleksey@aleksey.Com> O’Reilly Open Source ConventionJuly 7 - 11, 2003
Agenda • W3C XML Security specifications • XML Security Library • Practical XML Security
W3C XML Security Standards • XML Canonicalization and Exclusive XML Canonicalization (W3C recommendations)http://www.w3.org/TR/xml-c14n/http://www.w3.org/TR/xml-exc-c14n/ • XML Signature (W3C recommendation)http://www.w3.org/TR/xmldsig-core/ • XML Encryption (W3C recommendation)http://www.w3.org/TR/xmlenc-core/ • XML Key Management (W3C working draft)http://www.w3.org/TR/xkms2/
Why Do We Need New Specifications? • SSL/TLS provides transport level security when Web services need messages level security • Store message for later use • Session keys in SSL/TLS • Fine grained security for XML documents
XML Canonicalization • <Test a="aa" b="bb"/> • <Test b="bb" a="aa"></Test> • <Test a="aa" b="bb"></Test>
XML Canonicalization (Continue) • C14N is a serialization of XML document or XPath node set to a binary string. • There are many C14N algorithms (W3C: C14N, Exclusive C14N). • Same input data (XML document or XPath node set) and same C14N algorithm produce the same binary string. • Use Exclusive C14N.
XML Digital Signature Structure <dsig:Signature ID?> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm /> <dsig:SignatureMethod Algorithm /> <dsig:Reference URI? >+ </dsig:SignedInfo> <dsig:SignatureValue> <dsig:KeyInfo>? (<dsig:Object ID?>)* </dsig:Signature>
XML Digital Signature Structure: Reference element <dsig:Reference URI? > (<dsig:Transforms> (<dsig:Transform Algorithm />)+ </dsig:Transforms>)? <dsig:DigestMethod Algorithm > <dsig:DigestValue> </dsig:Reference>
XML Digital Signature Structure: KeyInfo element <dsig:KeyInfo> <dsig:KeyName>? <dsig:KeyValue>? <dsig:RetrievalMethod>? <dsig:X509Data>? <dsig:PGPData>? <enc:EncryptedKey>? <enc:AgreementMethod>? <dsig:KeyName>? <dsig:RetrievalMethod>? <*>? </dsig:KeyInfo>
XML Digital Signature Generation • Calculate digests other signed data from <dsig:Reference/> element. • Compose <dsig:SignedInfo/> element. • Calculate signature other <dsig:SignedInfo/> element and place result in <dsig:SignatureValue/> element.
XML Digital Signature: Enveloped Signature Example <?xml version="1.0" encoding="UTF-8"?> <Envelope> <SignedData>Hello, World!</SignedData> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/…"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>9H/rQr...</DigestValue> </Reference> </SignedInfo> <SignatureValue>Mx4psI...</SignatureValue> <KeyInfo><KeyName>My-RSA-Key</KeyName></KeyInfo> </Signature> </Envelope>
XML Digital Signature: Enveloped Signature Example (Continue) Digested data: <Envelope> <SignedData>Hello, World!</SignedData> </Envelope> Signed data: <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/…"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>9H/rQr...</DigestValue> </Reference> </SignedInfo>
XML Encryption Structure <enc:EncryptedData Id? Type? MimeType?> <enc:EncryptionMethod Algorithm />? <dsig:KeyInfo>? <enc:CipherData> <enc:CipherValue>? <enc:CipherReference URI?>? </enc:CipherData> <enc:EncryptionProperties>? </enc:EncryptedData>
XML Encryption: Example <?xml version="1.0" encoding="UTF-8"?> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>My-DES-Key</KeyName> </KeyInfo> <CipherData> <CipherValue>WXlDy...</CipherValue> </CipherData> </EncryptedData>
XML Security Toolkits • XML Security Library (C/C++)http://www.aleksey.com/xmlsec • Microsoft .NET (C#)http://msdn.microsoft.com/netframework/ • DataPower (Hardware)http://www.datapower.com/products/xs40.html • Apache XML Security (Java)http://xml.apache.org/security/index.html • Baltimore Technologies (Java)http://www.baltimore.com/keytools/xml/ • IBM XML Security Suite (Java)http://www.alphaworks.ibm.com/tech/xmlsecuritysuite • Phaos Technology Corporation (Java)http://phaos.com/products/category/xml.html
XML Security Library • Open Source (MIT license) • Based on LibXML2/LibXSLT and your favorite cryptographic library • Strong standards support • Very fast • Can use practically any cryptographic library (OpenSSL, GnuTLS, NSS, …) • Portable (Linux, OpenBSD, FreeBSD, Solaris, Windows, Mac OS X, …)
XML Security Library: Objects • Transforms • Keys • Keys Manager • Operation Contexts • Signature • Encryption • Transforms • Key selection • Templates
XML Security Library: Templates <?xml version="1.0" encoding="UTF-8"?> <Envelope> <SignedData>Hello, World!</SignedData> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/…"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue></SignatureValue> <KeyInfo> <KeyName></KeyName> </KeyInfo> </Signature> </Envelope>
XML Security Library: Signing or Encrypting XML Document • Prepare keys manager (the same keys manager can be shared by multiple operations) • Create or load "template" and select the start node (<dsig:Signature/> or <enc:EncryptedData/>) • Create signature (xmlSecDSigCtx) or encryption (xmlSecEncCtx) context object • Specify signature or encryption key in the template (by name, for example) or in the context object • Sign or encrypt data and consume the result • Destroy context object
XML Security Library: Signature Example int sign_template(xmlDocPtr tmpl, xmlNodePtr startNode, xmlSecKeyPtr key) { xmlSecDSigCtxPtr dsigCtx; /* create signature context w/o keys manager */ dsigCtx = xmlSecDSigCtxCreate(NULL); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create context.\n"); return(-1); } /* set signature key in the context */ dsigCtx->signKey = xmlSecKeyDuplicate(key); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to duplicate key.\n"); xmlSecDSigCtxDestroy(dsigCtx); return(-1); }
XML Security Library: Signature Example (Continue) /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, startNode) < 0) { fprintf(stderr,"Error: signature failed.\n"); xmlSecDSigCtxDestroy(dsigCtx); return(-1); } /* destroy context object */ xmlSecDSigCtxDestroy(dsigCtx); return(0); }
XML Security Library: Verifying Signature • Prepare keys manager (the same keys manager can be shared by multiple operations) • Load signed document and select the start node (<dsig:Signature/> or <enc:EncryptedData/>) • Create signature (xmlSecDSigCtx) or encryption (xmlSecEncCtx) context object • Verify signature or decrypt the data, consume the result • Destroy context object
XML Security Library: Signature Verification Example int verify_document(xmlDocPtr doc, xmlNodePtr startNode, xmlSecKeysMngrPtr keysMngr) { xmlSecDSigCtxPtr dsigCtx; int res; /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(keysMngr); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create context.\n"); return(-1); } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, startNode) < 0) { fprintf(stderr,"Error: verification failed.\n"); xmlSecDSigCtxDestroy(dsigCtx); return(-1); }
XML Security Library: Signature Verification Example (Continue) /* check verification result */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { /* signature is valid */ res = 1; } else { /* signature is invalid */ res = 0; } /* destroy signature context */ xmlSecDSigCtxDestroy(dsigCtx); return(res); }
Practical XML Security • Check what was actually signed • Use pre-digested data • Analyze used transforms • Limit allowed digest, signature, encryption and transform algorithms • Limit allowed key sources • Check that data or key source matches expectation