Encryption method rsa-1.5 must be block-listed

[peppelinux]

Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" must be blacklisted.
At this time it's instead the default one.

Code Version

master branch and previous releases

Expected Behavior

IdP should encrypt the Assertions in the Response using one of the available Encryption Algorithm in the Service Provider Metadata. For example, Shibboleth SP 3 exposes as default these:

      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>

Current Behavior

Digging in pysaml2 I found:

• saml2.sigver
• saml2./xml_template/template.xml (used in saml2.sigver.SecurityContext)

In sigver.py we have a default value here:

In saml2./xml_template/template.xml something more hardcoded:

Possible Solution

We should:

• set this parameter taking the value from the SP Information available in MetadataStore.
• be able to configure in our settings something stronger than rsa-1_5 (http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p ?)
• be able to configure in our settings the xml template to be used in the pre-encryption part.
• saml2.sigver.pre_encryption_part should format enc method, and other arguments passed in the function, in the default xml template
• Generally be able to blacklist the weak algorithms, following:
  • Limit available DigestMethods and SigningMethods #421
  • [WiP] Disable weak xmlsec algorithms #628 (this PR would also add the default algs for encryption)
  • [Authn request/response] Added configurable signing and digest algorithm to SP and IDP #597 (this PR would also add the default algs for encryption)
  • Allow to choose algorithms when creating new metadata #645

Steps to Reproduce

pySAML2 IdP encrypts or not the assertion depending by the arguments passed in the method saml2.server.Server.create_authn_response. We should be able to dynamically put encryption if SP have enc cert in its metadata (handled in uniAuth: https://github.com/UniversitaDellaCalabria/uniAuth/blob/7f514798f903ce212c680915f6dbdb22ffd100d8/uniauth/views.py#L472)

[c00kiemon5ter]

Thanks @peppelinux for the report. I've noted all those things and this is what I'll be focusing on starting tomorrow.

None of the algos are configurable at this point. Some of them exist as variables (pointers to defaults), but others are hardcoded (ie, the transport). We need to create new configuration options for all of them along with block/allow-lists.

As you noted, we do have related issues and PRs about this. But, probably this will end up being bigger, as in a revamp on how we use and invoke xmlsec1 and consideration of moving away from it and towards something like python-xmlsec.

[c00kiemon5ter]

The goal is to do this in steps (where each step is a release):

• change defaults to stronger ones (breaking)
• introduce configuration options
• introduce block/allow-lists
• change defaults to meet saml2int (breaking)

[peppelinux]

We could introduce configuration options as first step, then taking them OR default values.
once we defined the configuration option then we'll found the correct semantic to handle them, this way we'll just add f{option}_blacklist to have the blacklisted ones.

Regarding sha256 as default, please consider #597 in a way that

      for algorithm in ('signing_algorithm', 'digest_algorithm'):
            setattr(self, algorithm, self.config.getattr(algorithm, "sp", DEFAULT_ONE))

[peppelinux]

This PR cover part of this issue as a temporary remediation
#754