- From: Edgar, Gerald <gerald.edgar@boeing.com>
- Date: Mon, 11 Apr 2011 16:39:39 -0700
- To: "'public-xmlsec@w3.org'" <public-xmlsec@w3.org>
- Message-ID: <AA2A6A44CDA6E04FA6C6963A13C5EB90634900B673@XCH-NW-06V.nw.nos.boeing.com>
This is a DRAFT table of what needs to be developed to test version 2. Gerald Edgar, CISSP Supply Chain Cyber Security -----Original Message----- From: Edgar, Gerald Sent: Tuesday, March 29, 2011 6:01 PM To: public-xmlsec@w3.org Subject: Further infomraiton on: ACTION-779 - Review test cases for 1.1 and summarize which are missing Further examination of the 1.1 test page at http://www.w3.org/2008/xmlsec/wiki/Interop and the current 2.0 drafts I found the following items: There is no test for streaming. There is no test for prefix rewriting Therer are no tests for the forms of C14N (inclusive and exclusive) accepted by XML Signature Syntax and Processing Version 2.0 There is no test for "2.0 Mode" Selection Algorithms I found the following items that could be used in groups as interoperability tests for what is in the current drafts, I used the section numbers in the documents. These processing requirements could be grouped to make testing easier. Comments are welcome. Gerald Edgar XML Signature Syntax and Processing Version 2.0 http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/ 3.2.1 XML Signature 2.0 Algorithm Identifiers and Implementation Requirements Canonicalization Required: Canonical XML 2.0 Transform Required: XML Signature 2.0 Transform Selection -- Required: XML Documents or Fragments - http://www.w3.org/2010/xmldsig2#xml Required: External Binary Data - http://www.w3.org/2010/xmldsig2#binaryExternal Required: Selection of Binary Data within XML - http://www.w3.org/2010/xmldsig2#binaryfromBase64 Verification -- Optional:DigestDataLength - http://www.w3.org/2010/xmldsig2#DigestDataLength Optional:PositionAssertion - http://www.w3.org/2010/xmldsig2#PositionAssertion Optional:IDAttributes - http://www.w3.org/2010/xmldsig2#IDAttributes Canonicalization -- Required: Canonical XML 1.0 (omits comments) http://www.w3.org/TR/2001/REC-xml-c14n-20010315 Required: Canonical XML 1.1 (omits comments) http://www.w3.org/2006/12/xml-c14n11 Required: Exclusive XML Canonicalization 1.0 (omits comments) http://www.w3.org/2001/10/xml-exc-c14n# Recommended:Canonical XML 1.0 with Comments http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments Recommended:Canonical XML 1.1 with Comments http://www.w3.org/2006/12/xml-c14n11#WithComments Recommended:Exclusive XML Canonicalization 1.0 with Comments http://www.w3.org/2001/10/xml-exc-c14n#WithComments Transform Required: base64 http://www.w3.org/2000/09/xmldsig#base64 Required: Enveloped Signature http://www.w3.org/2000/09/xmldsig#enveloped-signature Recommended: XPath http://www.w3.org/TR/1999/REC-xpath-19991116 Recommended: XPath Filter 2.0 http://www.w3.org/2002/06/xmldsig-filter2 Optional: XSLT http://www.w3.org/TR/1999/REC-xslt-19991116 3.3.1 Compatibility Mode Algorithms Canonicalization Required Required: Canonical XML 1.0 (omits comments) http://www.w3.org/TR/2001/REC-xml-c14n-20010315 Required: Canonical XML 1.1 (omits comments) http://www.w3.org/2006/12/xml-c14n11 Required: Exclusive XML Canonicalization 1.0 (omits comments) http://www.w3.org/2001/10/xml-exc-c14n# Recommended: Recommended: Canonical XML 1.0 with Comments http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments Recommended: Canonical XML 1.1 with Comments http://www.w3.org/2006/12/xml-c14n11#WithComments Recommended: Exclusive XML Canonicalization 1.0 with Comments http://www.w3.org/2001/10/xml-exc-c14n#WithComments Transform Required: base64 (*note) http://www.w3.org/2000/09/xmldsig#base64 Required: Enveloped Signature (**note) http://www.w3.org/2000/09/xmldsig#enveloped-signature Recommended: XPath http://www.w3.org/TR/1999/REC-xpath-19991116 Recommended: XPath Filter 2.0 http://www.w3.org/2002/06/xmldsig-filter2 Optional: XSLT http://www.w3.org/TR/1999/REC-xslt-19991116 4.1 Signature generation 4.2 Reference Generation 4.3 Core Validation interoperability Verify: 1. capability to check each Reference to to see if the data object matches with the expected data object. 2. The cryptographic signature validation of the signature calculated over SignedInfo. 3. Reference validation, the verification of the digest contained in each Reference in SignedInfo. 4.4 Reference Check 4.5 Reference Validation 4.6 Signature Validation 5. Core Signature Syntax validation 7. The KeyInfo Element 8. The Object Element (optional element) 9. Additional Signature Syntax 10. Algorithms 10.1 Message Digests 10.1.1 SHA-1 10.1.2 SHA-256 10.1.3 SHA-384 10.1.4 SHA-512 10.2 Message Authentication Codes 10.2.1 HMAC 10.3 Signature Algorithms 10.3.1 DSA 10.3.2 RSA (PKCS#1 v1.5) 10.3.3 ECDSA 10.4 Canonicalization Algorithms 10.4.1 Canonical XML 2.0 10.5 Transform Algorithm 10.6 dsig2:Selection Algorithms 10.7 The dsig2:Verification Types 13. Schema 13.1 XSD Schema ------------------------------------------ Streaming XML Signature Streaming Profile of XPath 1.0 http://www.w3.org/2008/xmlsec/Drafts/xmldsig-xpath/ 2. Streamable One pass Streaming ---------------------------------------------- C14N2 1.4.2 Streaming 2.4 Exclusive XML Canonicalization 2.5 Namespace Processing 2.5.3.1 With PrefixRewrite="none" 2.5.3.2 With PrefixRewrite="sequential" _____________________________________________ From: Edgar, Gerald Sent: Monday, March 07, 2011 3:38 PM To: public-xmlsec@w3.org Subject: ACTION-779 - Review test cases for 1.1 and summarize which are missing ACTION-779 - Review test cases for 1.1 and summarize which are missing In my examination, I used the test cases described at the InterOp XML Security Wiki (http://www.w3.org/2008/xmlsec/wiki/Interop) First I compared the test cases with the 2.0 mark-ups in the diff marked version of Canonical XML Version 2.0 http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/Overview-pub-diff.html#sec-SelectionMode-2.0 I found the following items: There is no reference to the combined (inclusive and exclusive) canonicalization implementations (they were separate before) There is no reference to "conformance profiles". Second I compared the test cases to the diff marked XML Signature Syntax and Processing Version 2.0. http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/Overview-pub-diff.html I found the following items There is no reference to dsig2:Verification in the test cases. There is no reference to the streaming XPath profile. There is no reference to "2.0 Mode" Selection Algorithms
Attachments
- text/html attachment: test-table.html
Received on Monday, 11 April 2011 23:40:12 UTC