[Mono-bugs] [Bug 79483][Nor] Changed - SignedXml: Wrong digest value for XML containing CRLF
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Mon Sep 25 18:31:20 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by gert.driesen at pandora.be.
http://bugzilla.ximian.com/show_bug.cgi?id=79483
--- shadow/79483 2006-09-25 10:07:41.000000000 -0400
+++ shadow/79483.tmp.7096 2006-09-25 18:31:20.000000000 -0400
@@ -112,6 +112,30 @@
document and we fail then a test case can be made.
In this case if Mono sign and IAIK fails to verify then MS should fail
the verification too. Just make a test case with the XML signed by
Mono, assert the signature is invalid (because it works on MS) and
mark the test as NotWorking (because it doesn't work on Mono).
+
+------- Additional Comments From gert.driesen at pandora.be 2006-09-25 18:31 -------
+I've commit a few unit tests for this issue in SignedXmlTest.
+
+The MS (and IAIK) signature for an XML with CRLF matches that of one
+with LF. See SignedXML_CRLF_Valid and SignedXML_LF_Valid for tests
+that demonstrate this. The SignedXML_LF_Valid test pass on Mono
+while the SignedXML_CRLF_Valid test does not.
+
+The SignedXML_CRLF_Invalid test verifies a Mono signed XML (with
+CRLF). The signature is considered valid by Mono, but invalid by
+both MS.NET and IAIK.
+
+Finally, I've added DigestValue_CRLF and DigestValue_LF tests. These
+tests clearly show that:
+
+- Mono's XML canonicalization works fine (#1 passes)
+- the SHA1 hash of the canonicalized XML matches that of MS (#2
+passes)
+- The digest value in the signature is calculated after replacing
+
\n with \n
+
+This last "claim" is backed by the fact that the MS/IAIK digest for
+the CRLF XML matches the digest value of the LF XML.
More information about the mono-bugs
mailing list