diff options
author | Krzysztof Wicher <kwicher@microsoft.com> | 2017-04-21 00:00:17 +0300 |
---|---|---|
committer | Krzysztof Wicher <kwicher@microsoft.com> | 2017-04-21 00:00:17 +0300 |
commit | c70ee2b67879452eb83d140fe55121f392c0e63f (patch) | |
tree | 69be48b367354ec015778319c0c88306197826f1 /src | |
parent | 1db7e65928e73b9848f2e8ca7d6ee9c7eef4bc3e (diff) |
update DigestMethod to SHA256
Diffstat (limited to 'src')
4 files changed, 58 insertions, 7 deletions
diff --git a/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs b/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs index 1b4146202d..3dd70c1f5f 100644 --- a/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs +++ b/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs @@ -38,7 +38,7 @@ namespace System.Security.Cryptography.Xml _refTarget = null; _refTargetType = ReferenceTargetType.UriReference; _cachedXml = null; - _digestMethod = SignedXml.XmlDsigSHA1Url; + _digestMethod = SignedXml.XmlDsigSHA256Url; } public Reference(Stream stream) @@ -47,7 +47,7 @@ namespace System.Security.Cryptography.Xml _refTarget = stream; _refTargetType = ReferenceTargetType.Stream; _cachedXml = null; - _digestMethod = SignedXml.XmlDsigSHA1Url; + _digestMethod = SignedXml.XmlDsigSHA256Url; } public Reference(string uri) @@ -57,7 +57,7 @@ namespace System.Security.Cryptography.Xml _uri = uri; _refTargetType = ReferenceTargetType.UriReference; _cachedXml = null; - _digestMethod = SignedXml.XmlDsigSHA1Url; + _digestMethod = SignedXml.XmlDsigSHA256Url; } internal Reference(XmlElement element) @@ -66,7 +66,7 @@ namespace System.Security.Cryptography.Xml _refTarget = element; _refTargetType = ReferenceTargetType.XmlElement; _cachedXml = null; - _digestMethod = SignedXml.XmlDsigSHA1Url; + _digestMethod = SignedXml.XmlDsigSHA256Url; } // diff --git a/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs b/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs index 9c743bb092..37e5576117 100644 --- a/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs +++ b/src/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs @@ -911,7 +911,7 @@ namespace System.Security.Cryptography.Xml { // If no DigestMethod has yet been set, default it to sha1 if (reference.DigestMethod == null) - reference.DigestMethod = XmlDsigSHA1Url; + reference.DigestMethod = XmlDsigSHA256Url; SignedXmlDebugLog.LogSigningReference(this, reference); diff --git a/src/System.Security.Cryptography.Xml/tests/ReferenceTest.cs b/src/System.Security.Cryptography.Xml/tests/ReferenceTest.cs index e1fafbc5b9..006e4bd3bd 100644 --- a/src/System.Security.Cryptography.Xml/tests/ReferenceTest.cs +++ b/src/System.Security.Cryptography.Xml/tests/ReferenceTest.cs @@ -43,7 +43,7 @@ namespace System.Security.Cryptography.Xml.Tests public void Ctor_Uri(string uri) { Reference reference = new Reference(uri); - Assert.Equal("http://www.w3.org/2000/09/xmldsig#sha1", reference.DigestMethod); + Assert.Equal("http://www.w3.org/2001/04/xmlenc#sha256", reference.DigestMethod); Assert.Null(reference.DigestValue); Assert.Null(reference.Id); Assert.Null(reference.Type); @@ -61,7 +61,7 @@ namespace System.Security.Cryptography.Xml.Tests using (MemoryStream memoryStream = data != null ? new MemoryStream(Encoding.UTF8.GetBytes(data)) : null) { Reference reference = new Reference(memoryStream); - Assert.Equal("http://www.w3.org/2000/09/xmldsig#sha1", reference.DigestMethod); + Assert.Equal("http://www.w3.org/2001/04/xmlenc#sha256", reference.DigestMethod); Assert.Null(reference.DigestValue); Assert.Null(reference.Id); Assert.Null(reference.Type); @@ -187,6 +187,7 @@ namespace System.Security.Cryptography.Xml.Tests Reference reference = new Reference(); // adding an empty hash value byte[] hash = new byte[20]; + reference.DigestMethod = SignedXml.XmlDsigSHA1Url; reference.DigestValue = hash; XmlElement xel = reference.GetXml(); // this is the minimal Reference (DigestValue)! diff --git a/src/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs b/src/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs index d04ad9cdf5..e6b9f5b4b3 100644 --- a/src/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs +++ b/src/System.Security.Cryptography.Xml/tests/SignedXmlTest.cs @@ -15,6 +15,7 @@ using System.IO; using System.Security.Cryptography.X509Certificates; using System.Text; using System.Xml; +using System.Xml.XPath; using Xunit; namespace System.Security.Cryptography.Xml.Tests @@ -660,6 +661,7 @@ namespace System.Security.Cryptography.Xml.Tests signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; Reference reference = new Reference(); + reference.DigestMethod = SignedXml.XmlDsigSHA1Url; reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); @@ -717,6 +719,7 @@ namespace System.Security.Cryptography.Xml.Tests signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; Reference reference = new Reference(); + reference.DigestMethod = SignedXml.XmlDsigSHA1Url; reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); @@ -956,6 +959,7 @@ namespace System.Security.Cryptography.Xml.Tests signedXml.SignedInfo.CanonicalizationMethod = canonicalizationMethod; Reference reference = new Reference(); + reference.DigestMethod = SignedXml.XmlDsigSHA1Url; reference.Uri = ""; XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); @@ -1543,5 +1547,51 @@ namespace System.Security.Cryptography.Xml.Tests SignedXml sign = GetSignedXml(xml); Assert.Throws<FormatException>(() => sign.CheckSignature(new HMACSHA1(Encoding.ASCII.GetBytes("no clue")))); } + + [Fact] + public void SignedXmlUsesSha256ByDefault() + { + const string expectedSignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; + const string expectedDigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256"; + + const string xml = @"<?xml version=""1.0""?> +<example> +<test>some text node</test> +</example>"; + + var doc = new XmlDocument(); + doc.PreserveWhitespace = true; + doc.LoadXml(xml); + + using (RSA key = RSA.Create()) + { + var sxml = new SignedXml(doc) + { + SigningKey = key + }; + + Assert.Null(sxml.SignedInfo.SignatureMethod); + + var reference = new Reference(); + Assert.Equal(expectedDigestMethod, reference.DigestMethod); + + reference.Uri = ""; + reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); + sxml.AddReference(reference); + sxml.ComputeSignature(); + + XmlElement dsig = sxml.GetXml(); + XPathNavigator xp = dsig.CreateNavigator(); + + XmlNamespaceManager nsMgr = new XmlNamespaceManager(xp.NameTable); + nsMgr.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); + + Assert.Equal(expectedSignatureMethod, + xp.SelectSingleNode("/ds:SignedInfo/ds:SignatureMethod/@Algorithm", nsMgr)?.Value); + + Assert.Equal(expectedDigestMethod, + xp.SelectSingleNode("/ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm", nsMgr)?.Value); + } + } } } |