EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XML sign incorrect xml

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#27755
Posted: 12/23/2013 15:07:16
by marco hagen (Standard support level)
Joined: 11/09/2013
Posts: 33

Reading some post about this subject (like #22691) but not finding the right answer.

We create an enveloping xml signature just nicely but when someone (a tester) uploads an incorrect xml the TELXMLDom read fails. So what we are now looking for is a way to just XML enveloping sign anything that is thrown at it.

What would be the right way of doing that? Detachted + URIData and adding an object looks like the proper way but when we then send an XML it will add all the < and > signs as
Code
&lt; and &gt
. Using Enveloping and creating a textnode, an element is needed or the singing will fail. In short please give us some hints or code snippets preferably in vb.net or c#

Thanks,
Marco
#27756
Posted: 12/23/2013 16:25:13
by Ken Ivanov (EldoS Corp.)

Hello Marco,

Thank you for getting in touch with us.

I am afraid your task is not entirely achievable (at least in the form that you intend to solve it), and let me explain why.

When preparing a hash of the reference to be signed, the components perform so-called canonicalization of its contents - in other words, they format the XML contents of the reference to make the hash computable unambiguously by both signing and verifying parties. If the contents of the reference is not a well-formed XML document, the canonicalization (and, consequently, signing) will fail.

This means that you can only store and sign corrupted XML documents (meaning 'non-XML documents') in form of uninterpreted contents of some document node (this is the only method that preserves the outer XML document valid). Yet, in this case such contents will be encoded according to XML rules, in particular by encoding special characters ('<' and '>') with relevant escape sequences.
#27757
Posted: 12/23/2013 16:53:21
by marco hagen (Standard support level)
Joined: 11/09/2013
Posts: 33

Hi Ken,

Amazed by the quick reply !!!

So should we implement a split between well formatted XML and incorrect? (try a load, If load fails go for URIData mode) then sign what is send? But what about non-xml data with < etc which will be escaped, can't we change that somehow whith OnBeforeSign event?

Our objective is to just sign and forward anything, the receiving server will (need to) do the rest.

Thanks,
Marco
#27758
Posted: 12/23/2013 17:43:42
by Ken Ivanov (EldoS Corp.)

Hello Marco,

Correct and incorrect documents definitely require separate processing. Not only processing of bad documents as if they were correct results in unpredictable outcome; it may pose a real security risk. Just imagine that an attacker crafts a document that closes all your open tags and appends some malicious content at the end of the data - in this case you will unknowingly sign the forged content, and the processing party will have no possibility to tell it's forged.

This way, it is important that incorrect documents are signed in a special way. One of possible solutions is to place the body of such documents into a dedicated node (e.g. <NonXMLSource>) and sign that node. Note that the document contents (together with all the special XML characters) will be encoded in this case and will require decoding on the server side. It makes no sense to unescape the encoded characters on the document preparation stage, as it will result in broken document structure and in invalid XML document on output.
#27762
Posted: 12/24/2013 05:11:33
by marco hagen (Standard support level)
Joined: 11/09/2013
Posts: 33

Hi Ken,

Appreciate your long answer..

So we go for the split, we now try to load the file as xml:

Code
FXMLDocument.LoadFromFile(tbInputFile1.Text)
obj.datalist.add(FXMLDocument.DocumentElement.CloneNode(True))

if that fails we read the file as string (sData) and add it as a textnode:

Code
obj.datalist.add(FXMLDocument.CreateTextNode(sData))


Do you see any error in that approach? note: we cannot change anything on receiving server side.

Thanks,
Marco
#27770
Posted: 12/24/2013 09:45:57
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Quote
if that fails we read the file as string (sData) and add it as a textnode:

Code

obj.datalist.add(FXMLDocument.CreateTextNode(sData))


I'd suggest to create document element (like NonXMLSource) and then set its content using TextContent property, because by using text node directly you would need to encode xml by yourself.
For example:
Code
TElXMLDOMElement Root = FXMLDocument.CreateElement("NonXMLSource");
FXMLDocument.AppendChild(Root);
Root.TextContent = sData;

Also, it is better to encode data using Base64 encoding, if it could contain binary data.
#27774
Posted: 12/24/2013 16:03:16
by marco hagen (Standard support level)
Joined: 11/09/2013
Posts: 33

Thank you both,

All sorted now.

Marco
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 2319 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!