'Symmetric algorithm is not specified' Exception thrown when Response using aes128-gcm

Question

'Symmetric algorithm is not specified' Exception thrown when Response using aes128-gcm

kertzi opened this issue 2 years ago · 7 comments

Hello,
Our Identity provider is changing algorithm to https://www.w3.org/2008/xmlsec/namespaces.html#aes128-gcm which they use in encryption of saml2 responses.

Currently I get following exception when reading response saml with: binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);

Exception:
System.Security.Cryptography.CryptographicException: 'Symmetric algorithm is not specified.'
Stack trace:

   at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
   at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
   at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.DecryptMessage()
   at ITfoxtec.Identity.Saml2.Saml2Request.Read(String xml, Boolean validateXmlSignature, Boolean detectReplayedTokens)
   at ITfoxtec.Identity.Saml2.Saml2Response.Read(String xml, Boolean validateXmlSignature, Boolean detectReplayedTokens)
   at ITfoxtec.Identity.Saml2.Saml2AuthnResponse.Read(String xml, Boolean validateXmlSignature, Boolean detectReplayedTokens)
   at ITfoxtec.Identity.Saml2.Saml2PostBinding.Read(HttpRequest request, Saml2Request saml2RequestResponse, String messageName, Boolean validateXmlSignature, Boolean detectReplayedTokens)
   at ITfoxtec.Identity.Saml2.Saml2Binding`1.ReadSamlResponse(HttpRequest request, Saml2Response saml2Response)
   at DaisyRestApiCore.Controllers.EsuomiController.AssertionConsumerService() in E:\repos\Daisy2\DaisyRestApiCore\Controllers\EsuomiController.cs:line 137
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeActionMethodAsync()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeNextActionFilterAsync()

What would be reason for this? I have understood that .Net 5 have support for this.
I'm using latest 4.8.2 of ItFoxtect.Identity.Saml2 package

Thanks!

Answer 1 · 2022-11-11T11:13:51.000Z

There is similiar problem in another Saml library: Sustainsys/Saml2#1238

So it looks like .Net have support for AES-GCM but EncryptedXml (which I think this library also uses for decryption) doesn't use it.

Answer 2 · 2022-11-22T09:50:35.000Z

You can specify the default encryption methods supported by .NET in
the metadata

entityDescriptor.SPSsoDescriptor.SetDefaultEncryptionMethods();

Looks like this in your metadata

<m:KeyDescriptor use="encryption">
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <X509Data>
      <X509Certificate>MIIGOjC...56xDA=</X509Certificate>
    </X509Data>
  </KeyInfo>
  <m:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
  <m:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
</m:KeyDescriptor>

Do it work if you ask your IdP to load your metadata?

Answer 3 · 2022-11-23T11:21:36.000Z

Yes they have loaded my metadata but the thing is that they require SPs to start supporting GCM because they will force switch at some point. So basically we need to be able to support that. Defining CBC in metadata is not a really solution.

Answer 4 · 2022-11-24T15:02:40.000Z

Okay understood.
You are welcome to do a pull request if you like. You can probably get inspiration from the code you linked to in the Sustainsys liberty.

Answer 5 · 2023-06-15T13:56:25.000Z

I ran into the same issue; as you suggested I went with the inspiration from Sustainsys, works just fine. However. I'm now usure on what to include in a pull request:
The trick they use is to provide a special-case wrapper derived from SymmetricAlgorithm around AesGcm and register that using CryptoConfig.AddAlgorithm. This works completely outside of Systainsys / ITfoxtec.Identity.Saml2 and sidesteps the compatibility issues of AesGcm for all targetet platforms. The only change actually required in ITfoxtec.Identity.Saml2 is in Saml2EncryptedXml to set the length of the IV used.
So, the safe way would be to just add the support for determining the IV/nonce size and possibly add a sample for the wrapped aesgcm algorithm.
Alternatively, add the wrapper to ITfoxtec.Identity.Saml2 and ensure they're excluded on non-supported targets (4.6.2 and possibly .net core 3.1)

Answer 6 · 2023-06-16T08:21:33.000Z

Added Pull request #144; on .net framework, only add the IV/nonce stuff and on .net core targets also include and register SymmetricAlgorithms for aes128gcm and aes256gcm

Answer 7 · 2023-07-20T11:32:44.000Z

Closed, continued in the pull request.