System.Security.Cryptography.Xml.EncryptedXml issue with .NET Fx WS-Fed replies

[mjyeaney]

Description

[EDIT: Not sure if this is runtime or SDK. If SDK I can close]

Consider the following Encrypted XML. This fragment is an encrypted SAML 1.1 assertion emitted from the .NET Fx 4.8 System.IdentityModel WS-Fed implementation, and is the inner content of the <trust:RequestedSecurityToken> element:

<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
            <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            </e:EncryptionMethod>
            <KeyInfo>
                <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <X509Data>
                        <X509IssuerSerial>
                            <X509IssuerName>CN=REDACTED</X509IssuerName>
                            <X509SerialNumber>0123REDACTED3210</X509SerialNumber>
                        </X509IssuerSerial>
                    </X509Data>
                </o:SecurityTokenReference>
            </KeyInfo>
            <e:CipherData>
                <e:CipherValue>++REDACTED==</e:CipherValue>
            </e:CipherData>
        </e:EncryptedKey>
    </KeyInfo>
    <xenc:CipherData>
        <xenc:CipherValue>++REDACTED==</xenc:CipherValue>
    </xenc:CipherData>
</xenc:EncryptedData>

We are trying to parse/decrypt this XML using the System.Security.Cryptography.Xml.EncryptedXml class. However, it seems the structure of this <EncryptedData> fragement is incompatible with what the EncryptedXml class expects and it throws an exception when attempting to decrypt.

Reproduction Steps

With the cert on-hand and using a full WS-Fed reply (containing the fragment above), and are using the basic following psuedo-code:

// Load the cert
var cert = new X509Certificate2(
    "some-cert.pfx",
    "!@#some password!@#",
    X509KeyStorageFlags.DefaultKeySet);

// Add the cert
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
store.Close();

// Read our test WSFed reply (contains fragment above)
var doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load("test.xml");

// Decrypt encoded sections of document
var encXml = new EncryptedXml(doc);
encXml.DecryptDocument();

Expected behavior

EncryptedXml should be able to decrypt a standard piece of XML generated from the BCL.

Actual behavior

Running the sample code above results in

Unhandled exception. System.Security.Cryptography.CryptographicException: Unable to retrieve the decryption key.
   at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri)
   at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument()
   at Program.Main(String[] argv) in /home/user/path/to/project/main.cs:line 40

After some experimentation, it seems that the <o:SecurityTokenReference> element inside the inner <KeyInfo> is
unexpected. After removing that commenting the <o:SecurityTokenReference> elements out (thereby making the x509Data element a direct child of the KeyInfo), we get a proper decryption, and can select the embedded assertion and read its' contents:

<saml:Assertion MajorVersion="1" MinorVersion="1"...

Not sure if we're missing something to make EncryptedXml understand the embedded <o:SecurityTokenReference>, or if
this is a known issue.

Note that this fragment is able to be decrypted directly via NodeJS using the wsfed NPM package. After some inspection of its' source, it appears to be directly looking for KeyInfo/X509 data, so it isn't tripped up by the <o:SecurityTokenReference> elements.

Regression?

No response

Known Workarounds

2 workarounds we were able to identity:

• Preprocess the incoming XML and remove the SecurityTokenReference tags that surround the X509 data (brittle)
• Use another lang (e.g., Node) to handle.

Configuration

Environment

.NET SDK (reflecting any global.json):
 Version:   5.0.400
 Commit:    d61950f9bf

Runtime Environment:
 OS Name:     ubuntu
 OS Version:  18.04
 OS Platform: Linux
 RID:         ubuntu.18.04-x64
 Base Path:   /usr/share/dotnet/sdk/5.0.400/

Host (useful for support):
  Version: 5.0.9
  Commit:  208e377a53

.NET SDKs installed:
  5.0.400 [/usr/share/dotnet/sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.App 5.0.9 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 5.0.9 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

Other information

No response