From 3d9db712e6232c765cd2ad6bd2902b88a0d22100 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Mon, 5 Oct 2020 10:28:47 -0600 Subject: [PATCH] [SECURITY] Disable HMAC sig methods by default due to key confusion Both HMAC and public key digital signature methods use the same variable to provide the key, and the choice of algorithm is provided by user input. This can result in a security vulnerability. Since HMAC-SHA1 is less commonly use, disable it by default to prevent this issue. If you use it, you can re-enable it by calling SignedXml.enableHMAC(). Since this is a breaking change to the API, update major version number to 2.0.0 --- README.md | 10 ++++++++++ lib/signed-xml.js | 14 +++++++++++++- package.json | 2 +- test/hmac-tests.js | 4 +++- 4 files changed, 27 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6e32fa4e..efa9e07e 100644 --- a/README.md +++ b/README.md @@ -34,8 +34,18 @@ A pre requisite it to have [openssl](http://www.openssl.org/) installed and its * RSA-SHA1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 * RSA-SHA256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 * RSA-SHA512 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + +HMAC-SHA1 is also available but it is disabled by default * HMAC-SHA1 http://www.w3.org/2000/09/xmldsig#hmac-sha1 +to enable HMAC-SHA1, do: +```javascript +require( 'xml-crypto' ).SignedXml.enableHMAC(); +``` +This will enable HMAC and disable digital signature algorithms. Due to key +confusion issues, it is risky to have both HMAC-based and public key digital +signature algorithms enabled at same time. + by default the following algorithms are used: *Canonicalization/Transformation Algorithm:* Exclusive Canonicalization http://www.w3.org/2001/10/xml-exc-c14n# diff --git a/lib/signed-xml.js b/lib/signed-xml.js index 8db07f21..ef357cb0 100644 --- a/lib/signed-xml.js +++ b/lib/signed-xml.js @@ -330,7 +330,19 @@ SignedXml.SignatureAlgorithms = { 'http://www.w3.org/2000/09/xmldsig#rsa-sha1': RSASHA1, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': RSASHA256, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512': RSASHA512, - 'http://www.w3.org/2000/09/xmldsig#hmac-sha1': HMACSHA1 + // Disabled by default due to key confusion concerns. + // 'http://www.w3.org/2000/09/xmldsig#hmac-sha1': HMACSHA1 +} + +/** + * Due to key-confusion issues, its risky to have both hmac + * and digital signature algos enabled at the same time. + * This enables HMAC and disables other signing algos. + */ +SignedXml.enableHMAC = function () { + SignedXml.SignatureAlgorithms = { + 'http://www.w3.org/2000/09/xmldsig#hmac-sha1': HMACSHA1 + } } SignedXml.defaultNsForPrefix = { diff --git a/package.json b/package.json index ab1bf9f3..19512999 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "xml-crypto", - "version": "1.5.3", + "version": "2.0.0", "description": "Xml digital signature and encryption library for Node.js", "engines": { "node": ">=0.4.0" diff --git a/test/hmac-tests.js b/test/hmac-tests.js index 17149afa..a530aa60 100644 --- a/test/hmac-tests.js +++ b/test/hmac-tests.js @@ -3,6 +3,8 @@ var xpath = require('xpath'); var xmldom = require('xmldom'); var fs = require('fs'); +crypto.SignedXml.enableHMAC() + exports['test validating HMAC signature'] = function (test) { var xml = fs.readFileSync('./test/static/hmac_signature.xml', 'utf-8'); var doc = new xmldom.DOMParser().parseFromString(xml); @@ -49,4 +51,4 @@ exports['test create and validate HMAC signature'] = function (test) { test.equal(result, true); test.done(); -}; \ No newline at end of file +};