W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2002

Re: C14N-Hash implementations???

From: Rich Salz <rsalz@datapower.com>
Date: Fri, 26 Jul 2002 12:37:15 -0400
Message-ID: <3D417ABB.6070201@datapower.com>
To: Carl Ellison <cme@jf.intel.com>
CC: "XML Signature (W3C/IETF)" <w3c-ietf-xmldsig@w3.org>

 > If instead of building a single canonical
> XML string you walk a DOM and only send substrings to a hash
> accumulator, in the C14N order, you should be able to produce the
> C14N hash of a DOM structure in almost the time it takes to walk that
> structure for printing without canonicalization.
> 
> So, has anyone done that experiment?  If so, how did it perform?

I just tried it in the Python implementation of C14N.  I took a small 
message that was mostly canonical (1369 before; 1364 after).  First I 
just called canon, which returns a string, and then hashed that.  Then I 
called canon, passing in an output object whose "write" method 
accumulated into a SHA object.  Repeating each loop 10 times showed .21 
seconds for return-string-then-hash, and .20 seconds for hash-as-you-go.

This is on a mostly-idle Linux box with 768Meg of memory.

So I think you're right, it's a silly waste to collect the string then 
hash it.  (I thought this before, in fact.  The C++ C14N/hash code that 
I wrote for our product does some small memory buffering, but *never* 
collects the entire canonical document in memory.)
	/r$
Received on Friday, 26 July 2002 12:37:19 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT