6858484: If an invalid HMAC XML Signature is validated, all subsequent valid HMAC signatures are invalid

Reviewed-by: asaha
2009-07-08 16:57:40 -04:00 · 2009-07-08 16:57:40 -04:00 · e4502f3b6f
commit e4502f3b6f
parent 25a00f88d0
3 changed files with 35 additions and 8 deletions
--- a/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
+++ b/jdk/src/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/IntegrityHmac.java
@ -106,7 +106,9 @@ public abstract class IntegrityHmac extends SignatureAlgorithmSpi {
   }

   public void reset() {
-           _HMACOutputLength=0;
+       _HMACOutputLength=0;
+       _HMACOutputLengthSet = false;
+       _macAlgorithm.reset();
   }

   /**
--- a/jdk/test/com/sun/org/apache/xml/internal/security/TruncateHMAC.java
+++ b/jdk/test/com/sun/org/apache/xml/internal/security/TruncateHMAC.java
@ -23,7 +23,7 @@

 /**
 * @test %I% %E%
- * @bug 6824440
+ * @bug 6824440 6858484
 * @summary Check that Apache XMLSec APIs will not accept HMAC truncation
 *    lengths less than minimum bound
 * @compile -XDignore.symbol.file TruncateHMAC.java
@ -56,8 +56,10 @@ public class TruncateHMAC {
        dbf = DocumentBuilderFactory.newInstance();
        dbf.setNamespaceAware(true);
        dbf.setValidating(false);
-        validate("signature-enveloping-hmac-sha1-trunclen-0-attack.xml");
-        validate("signature-enveloping-hmac-sha1-trunclen-8-attack.xml");
+        validate("signature-enveloping-hmac-sha1-trunclen-0-attack.xml", false);
+        validate("signature-enveloping-hmac-sha1-trunclen-8-attack.xml", false);
+        // this one should pass
+        validate("signature-enveloping-hmac-sha1.xml", true);
        generate_hmac_sha1_40();

        if (atLeastOneFailed) {
@ -66,7 +68,7 @@ public class TruncateHMAC {
        }
    }

-    private static void validate(String data) throws Exception {
+    private static void validate(String data, boolean pass) throws Exception {
        System.out.println("Validating " + data);
        File file = new File(DIR, data);

@ -83,11 +85,19 @@ public class TruncateHMAC {
        try {
            System.out.println
                ("Validation status: " + signature.checkSignatureValue(sk));
-            System.out.println("FAILED");
-            atLeastOneFailed = true;
+            if (!pass) {
+                System.out.println("FAILED");
+                atLeastOneFailed = true;
+            } else {
+                System.out.println("PASSED");
+            }
        } catch (XMLSignatureException xse) {
            System.out.println(xse.getMessage());
-            System.out.println("PASSED");
+            if (!pass) {
+                System.out.println("PASSED");
+            } else {
+                System.out.println("FAILED");
+            }
        }
    }

--- a/jdk/test/com/sun/org/apache/xml/internal/security/signature-enveloping-hmac-sha1.xml
+++ b/jdk/test/com/sun/org/apache/xml/internal/security/signature-enveloping-hmac-sha1.xml
@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+    <Reference URI="#object">
+      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+      <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue>
+    JElPttIT4Am7Q+MNoMyv+WDfAZw=
+  </SignatureValue>
+  <Object Id="object">some text</Object>
+</Signature>