[xmlsec] XMLSEC Question: "signature does not verify" always

Aleksey Sanin aleksey at aleksey.com
Mon Nov 30 08:36:41 PST 2020


Please read the spec:

https://www.w3.org/TR/xmldsig-core1/#sec-CoreGeneration

As I said, debugging this w/o being able to look into the signature
generator is hard if not impossible. If this is not c14n issue then
it might be an incorrectly generated PKCS1 for the RSA signature

https://www.w3.org/TR/xmldsig-core1/#sec-PKCS1

though I highly doubt that. In this case, set breakpoints in the openssl
code and see if the generated PKCS1 is valid.

However, I would bet it is c14n -- it's a tricky standard and many
implementations don't get it right.

Aleksey

On 11/29/20 2:57 PM, Márk BARTOS wrote:
> Hello,
> 
> Thank you for your answer.
> Unfortunately the signer is 3rdparty (government) thing, I can't access it.	
> 
> If I change all the CanonicalizationMethod Algorithm strings to 
> something randomly different, i got:
> func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=274:obj=sha256:subj=unknown:error=12:invalid 
> data:data and digest do not match [0]
> and since otherwise i get:
> func=xmlSecOpenSSLEvpSignatureVerify:file=evp_signatures.c:line=364:obj=rsa-sha256:subj=unknown:error=18:data 
> do not match:details=EVP_VerifyFinal: signature does not verify [1]
> the canonicalization algorithm is applied correctly, and the digests match.
> 
> (I also get error [0] if I add a random no-op xml element like 
> "<elem></elem>" just before "</SignedProperties>".)
> 
> Thus I do not think this error is related to canonicalization.
> (SignatureValue is generated from digest and not an xml elem thus has no 
> c14n pass?)
> 
> So to recap:
> * xmlsec successfully verifies all the digests
> * xmlsec successfully verifies the embedded cert with the one i give as 
> argument
>      * eg. there is no 
> "func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=341:obj=x509-store:subj=unknown:error=71:certificate 
> verification failed:X509_verify_cert:..<cert>...err=20; msg=unable to 
> get local issuer certificate" error
> * yet i get error [1]
>      * the generated signature value does not match the value in the 
> SignatureValue element?
>          * but that is generated via the embedded cert over the embedded 
> digest value(known good), nothing from outside the signature xml
> 
> I am really not sure if i do something incorrectly or if this is a bug.
> May I ask for further pointers?
> 
> Thank you.
> 
> Best regards,
> 
> Márk
> 
> On Thu, Nov 26, 2020 at 3:40 AM Aleksey Sanin <aleksey at aleksey.com 
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     It is not possible to debug it w/o having the signer along. I would
>     check how c14n is performed on both sides.
> 
>     Aleksey
> 
>     On 11/24/20 2:58 PM, Márk BARTOS wrote:
>      > Hello,
>      >
>      > I apologize if this is not the right place to ask.
>      >
>      > I'd like to ask for pointers why signature verification always
>     fails.
>      > (xmlsec/xmlsec-openssl 1.2.31)
>      > With this error:
>      >
>     func=xmlSecOpenSSLEvpSignatureVerify:file=evp_signatures.c:line=368:obj=rsa-sha256:subj=unknown:error=18:data
> 
>      > do not match:details=EVP_VerifyFinal: signature does not verify
>      >
>      > Since my data (from 3rdparty, known to be good) is detached I use
>     xmlsec
>      > io callbacks to read the data.
>      > I know here there is no error, since if I intentionally leave the
>     last
>      > byte, the digests do not match, and the verification exits sooner
>     with
>      > that error.
>      >
>      > I also know the CA cert I use verifies the embedded cert because
>     if I
>      > set a known bad cert the verification again exits very soon with the
>      > "unable to verify known issuer" error.
>      >
>      > Thus I do not understand what I am missing. Could you provide
>     some pointers?
>      >
>      > Thank you.
>      >
>      > Signatures.xml:
>      > <?xml version="1.0"encoding="UTF-8"?>
>      > <asic:XAdESSignatures
>     xmlns:asic="http://uri.etsi.org/02918/v1.2.1#
>     <http://uri.etsi.org/02918/v1.2.1#>
>      > <http://uri.etsi.org/02918/v1.2.1#
>     <http://uri.etsi.org/02918/v1.2.1#>>">
>      > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>
>      > <http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>>"Id="Signature-1">
>      > <SignedInfo Id="Signature-1__SignedInfo-1">
>      > <CanonicalizationMethod
>      > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
>     <http://www.w3.org/2001/10/xml-exc-c14n#>
>      > <http://www.w3.org/2001/10/xml-exc-c14n#
>     <http://www.w3.org/2001/10/xml-exc-c14n#>>"></CanonicalizationMethod>
>      > <SignatureMethod
>      > Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
>     <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>
>      > <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
>     <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>>"></SignatureMethod>
>      > <Reference
>      >
>     Id="Signature-1__Reference-1"Type="http://uri.etsi.org/01903#SignedProperties
>     <http://uri.etsi.org/01903#SignedProperties>
>      > <http://uri.etsi.org/01903#SignedProperties
>     <http://uri.etsi.org/01903#SignedProperties>>"URI="#Signature-1__SignedProperties-1">
>      > <Transforms>
>      > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
>     <http://www.w3.org/2001/10/xml-exc-c14n#>
>      > <http://www.w3.org/2001/10/xml-exc-c14n#
>     <http://www.w3.org/2001/10/xml-exc-c14n#>>"></Transform>
>      > </Transforms>
>      > <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>
>      > <http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>>"></DigestMethod>
>      >
>     <DigestValue>qIYr8zG/J0LWT8H3/WzaX+kMBkWdlOIgVOezVmyRzm8=</DigestValue>
>      > </Reference>
>      > <Reference Id="Signature-1__Reference-2"URI="pack_other_1.csv">
>      > <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>
>      > <http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>>"></DigestMethod>
>      >
>     <DigestValue>XyV+GBMP3La9CPNW9Cze75tKFIfymZKujciJmXTmMUk=</DigestValue>
>      > </Reference>
>      > <Reference Id="Signature-1__Reference-3"URI="pack_mobile_1.csv">
>      > <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>
>      > <http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>>"></DigestMethod>
>      >
>     <DigestValue>lVFUCp2gUnfLagRujP5ZsT9uvm7gmAZzppnvuqo6vp0=</DigestValue>
>      > </Reference>
>      > <Reference Id="Signature-1__Reference-4"URI="pack_fix_1.csv">
>      > <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>
>      > <http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>>"></DigestMethod>
>      >
>     <DigestValue>c/GS40xgZnkj//07+uC7wPPBa7a7xvvXlgcTJekuqGI=</DigestValue>
>      > </Reference>
>      > <Reference Id="Signature-1__Reference-5"URI="pack_location_1.csv">
>      > <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>
>      > <http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>>"></DigestMethod>
>      >
>     <DigestValue>uupcGpfOSSNFpZKiqr7jGYKr8gds422ZNLCMw+9YNWY=</DigestValue>
>      > </Reference>
>      > <Reference Id="Signature-1__Reference-6"URI="pack_fix_2.csv">
>      > <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>
>      > <http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>>"></DigestMethod>
>      >
>     <DigestValue>C27xuWDL+IpkQHo1A7mKNGBQEDnYwsWmnohgPu+Oib0=</DigestValue>
>      > </Reference>
>      > <Reference Id="Signature-1__Reference-7"URI="pack_mobile_2.csv">
>      > <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>
>      > <http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>>"></DigestMethod>
>      >
>     <DigestValue>1QyKiZ8V5bNszzMMJm38cQ3LvZ96zW8++U3+5a7zui0=</DigestValue>
>      > </Reference>
>      > </SignedInfo>
>      > <SignatureValue Id="Signature-1__SignatureValue-1">
>      > omitted
>      > </SignatureValue>
>      > <KeyInfo Id="Signature-1__KeyInfo-1">
>      > <X509Data>
>      > <X509Certificate>
>      > omitted
>      > </X509Certificate>
>      > </X509Data>
>      > </KeyInfo>
>      >
>      > <Object Id="Signature-1__Object-1">
>      > <QualifyingProperties xmlns="http://uri.etsi.org/01903/v1.3.2#
>     <http://uri.etsi.org/01903/v1.3.2#>
>      > <http://uri.etsi.org/01903/v1.3.2#
>     <http://uri.etsi.org/01903/v1.3.2#>>"Id="Signature-1__QualifyingProperties-1"Target="#Signature-1">
>      > <SignedProperties Id="Signature-1__SignedProperties-1">
>      > <SignedSignatureProperties>
>      > <SigningTime>2020-11-11T11:17:35Z</SigningTime>
>      > <SigningCertificate>
>      > <Cert>
>      > <CertDigest>
>      > <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>
>      > <http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>>"Algorithm="http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>
>      > <http://www.w3.org/2001/04/xmlenc#sha256
>     <http://www.w3.org/2001/04/xmlenc#sha256>>"></DigestMethod>
>      > <DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>
>      > <http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>>">omitted</DigestValue>
>      > </CertDigest>
>      > <IssuerSerial>
>      > <X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>
>      > <http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>>">omitted</X509IssuerName>
>      > <X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>
>      > <http://www.w3.org/2000/09/xmldsig#
>     <http://www.w3.org/2000/09/xmldsig#>>">omitted</X509SerialNumber>
>      > </IssuerSerial>
>      > </Cert>
>      > </SigningCertificate>
>      > <SignaturePolicyIdentifier>
>      > <SignaturePolicyImplied></SignaturePolicyImplied>
>      > </SignaturePolicyIdentifier>
>      > </SignedSignatureProperties>
>      > <SignedDataObjectProperties>
>      > <DataObjectFormat ObjectReference="#Signature-1__Reference-2">
>      > <MimeType>text/csv</MimeType>
>      > </DataObjectFormat>
>      > <DataObjectFormat ObjectReference="#Signature-1__Reference-3">
>      > <MimeType>text/csv</MimeType>
>      > </DataObjectFormat>
>      > <DataObjectFormat ObjectReference="#Signature-1__Reference-4">
>      > <MimeType>text/csv</MimeType>
>      > </DataObjectFormat>
>      > <DataObjectFormat ObjectReference="#Signature-1__Reference-5">
>      > <MimeType>text/csv</MimeType>
>      > </DataObjectFormat>
>      > <DataObjectFormat ObjectReference="#Signature-1__Reference-6">
>      > <MimeType>text/csv</MimeType>
>      > </DataObjectFormat>
>      > <DataObjectFormat ObjectReference="#Signature-1__Reference-7">
>      > <MimeType>text/csv</MimeType>
>      > </DataObjectFormat>
>      > </SignedDataObjectProperties>
>      > </SignedProperties>
>      > </QualifyingProperties>
>      > </Object>
>      > </Signature>
>      > </asic:XAdESSignatures>
>      >
>      > Best regards,
>      >
>      > Márk
>      >
>      > /This e-mail and any attachments is intended solely for the
>     addressee.
>      > If you are not the addressee please do not read, print, re-transmit,
>      > store or act in reliance on it or any attachments. Instead,
>     please email
>      > it back to the sender and then immediately permanently delete it.
>     Any
>      > disclosure, reproduction, distribution or other use of this
>     message or
>      > any attachments by an individual or entity other than the intended
>      > recipient is prohibited./
> 
> 
> /This e-mail and any attachments is intended solely for the addressee. 
> If you are not the addressee please do not read, print, re-transmit, 
> store or act in reliance on it or any attachments. Instead, please email 
> it back to the sender and then immediately permanently delete it. Any 
> disclosure, reproduction, distribution or other use of this message or 
> any attachments by an individual or entity other than the intended 
> recipient is prohibited./


More information about the xmlsec mailing list