toshok
commented
5 years ago speaking of the spec language, I see:
3.2.1 Reference Validation Canonicalize the SignedInfo element based on the CanonicalizationMethod in SignedInfo. For each Reference in SignedInfo:
- Obtain the data object to be digested. (For example, the signature application may dereference the URI and execute Transforms provided by the signer in the Reference element, or it may obtain the content through other means such as a local cache.)
- Digest the resulting data object using the DigestMethod specified in its Reference specification.
- Compare the generated digest value against DigestValue in the SignedInfo Reference; if there is any mismatch, validation fails.
and then:
Note, After a Signature element has been created in Signature Generation for a signature with a same document reference, an implementation can serialize the XML content with variations in that serialization. This means that Reference Validation needs to canonicalize the XML document before digesting in step 1 to avoid issues related to variations in serialization.
This seems to imply that we should assume a canonicalizer (and possibly default to one if there isn't one listed in the <Transforms> element?)
sredxny
I'm hitting the
Expected Enveloped and C14N transformserror when validating signatures. The relevant<Transforms>element has only a single child:The signature verifies if I hardcode pretty much any canonicalizer in the case where one isn't specified, but my reading of the spec doesn't seem to support this fallback canonicalizer. Any ideas?
Totally willing to spend some cycles investigating and bringing Reference transforms more inline with the spec if this is indeed some invalid behavior in goxmldsig.