[Mono-bugs] [Bug 79483][Nor] New - SignedXml: Wrong digest value for XML containing CRLF
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Sun Sep 24 12:44:33 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by gert.driesen at pandora.be.
http://bugzilla.ximian.com/show_bug.cgi?id=79483
--- shadow/79483 2006-09-24 12:44:33.000000000 -0400
+++ shadow/79483.tmp.13823 2006-09-24 12:44:33.000000000 -0400
@@ -0,0 +1,87 @@
+Bug#: 79483
+Product: Mono: Class Libraries
+Version: 1.1
+OS: All
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Normal
+Component: System.Security
+AssignedTo: sebastien at ximian.com
+ReportedBy: gert.driesen at pandora.be
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: SignedXml: Wrong digest value for XML containing CRLF
+
+When the XML that needs to be signed contains CRLF's, then the digest
+value is not correctly created.
+
+I've attached a (gzipped) tar containing all necessary files to reproduce
+this issue.
+
+To run the repro you need:
+
+1. NAnt
+2. JDK (1.4.x or higher ?)
+
+In the repro, I create signed XML documents, verify these using Mono
+(which succeeds) and then verify them using IAIK's XML Security Toolkit
+(Java-based) which fails to verify the digest value.
+
+Running the same test on .NET for works fine; meaning, the signed XML
+created by MS.NET validates using IAIK XSECT.
+
+====
+
+I also added two unit tests in the latest unit test patch that I attached
+to bug #79454.
+
+The DigestValue unit test shows the XML Canonicalization appears to work
+just fine. The hash created for the canonicalization output even matches
+the one from MS (test #2).
+
+Calculating the hash twice seems to give a different result though (#4).
+
+But that does not appear to be the root cause of the issue after all:
+
+On MS.NET, the digest value calculated for the Reference appears to be
+different from the digest value created for the canonicalization output.
+
+The MS results are valid though, as it verifies using IAIK XSECT and the
+digest for ther Rference also validates ok with the XMLSEC online XML
+Digital Signature Verifier (the signature itself does not, but this is
+because I don't think it supports the X509Data element).
+
+===
+
+Note:
+
+If you modify the SignXmlFile method to pass \n as linefeed to the
+CreateSomeXml method, then the resulting signed XML documents will be
+perfectly valid.
+
+===
+
+I'm sorry that my repro requires NAnt. If that is a problem, I'll try to
+create a Makefile for it (but this is always a struggle for me).
+
+You actually don't need NAnt to create the signed XML documents. You only
+need it to run the IAIK validation (unless you manually compile and the
+small Java class that I use to validate the signature).
+
+To create the signed XML documents:
+
+1. Compile test.cs
+2. Run it with "sign" argument:
+
+mono test.exe sign
+
+To verify the signed XML documents using Mono:
+
+mono test.exe verify
+
+Verification using Mono does not help here, as it will always consider
+it's own signature valid.
More information about the mono-bugs
mailing list