Interop - XML Security WG Wiki (original) (raw)
Interop Test Reports (include test cases and interop test results)
Draft XML Signature 1.1 interop test report
Draft XML Encryption 1.1 interop test report
Back to Working Group Home Page
The following is older wiki material. Please refer to the interop test reports.
Contents
- 1 XML Signature 1.1 Core: New required SHA algorithms
- 2 XML Signature 1.1 Core: Elliptic Curve algorithms
- 3 XML Signature 1.1 HMACOutputLength
- 4 XML Security 1.1 Core: Elliptic Curve key values
- 5 XML Security 1.1 Core: Elliptic Curve for Encryption
- 6 XML Security 1.1 Core: Other items
- 7 XML Encryption 1.1 Key Derivation using ConcatKDF and PBKDF2
- 8 Signature Properties
- 9 Suite B Interop information
XML Signature 1.1 Core: New required SHA algorithms
Various combinations of the following
- Digest algorithm - SHA1/256/384/512
- Signature algorithm - DSA-SHA1, RSA 1024/2048-SHA256/384/512, HMAC-SHA256/384/512
- Canonicalization algorithm - C14N 1.0, C14N 1.1, Exc C14N 1.0
Sun's test vectors - 18 files
- 3 files: Digest = SHA1, Signature = HMAC-SHA256 / HMAC-SHA384 / HMAC-SHA512, Canonicalization = C14N 1.1
- 3 files: Digest = SHA1, Signature = RSA-SHA256 / RSA-SHA384 / RSA-SHA512, Canonicalization = C14N 1.1
- 3 files: Digest = SHA-256/ SHA-384 / SHA-512, Signature = RSA-SHA256, Canonicalization = C14N 1.1
- 9 files: All of the above repeated for C14n 1.0
Oracle's test vectors - 9 files (same as sun's, C14n 1.0 only)
- 3 files: Digest = SHA1, Signature = HMAC-SHA256 / HMAC-SHA384 / HMAC-SHA512, Canonicalization = C14N 1.0
- 3 files: Digest = SHA1, Signature = RSA-SHA256 / RSA-SHA384 / RSA-SHA512, Canonicalization = C14N 1.0
- 3 files: Digest = SHA-256/ SHA-384 / SHA-512, Signature = RSA-SHA256, CCanonicalization = C14N 1.0
Microsoft's test vectors - 14 files
- 2 files: Digest = SHA1, Signature = DSA-SHA1, Canonicalization = C14N1.0 / Exc C14N 1.0
- 4 files: Digest = SHA1, Signature = HMAC-SHA1/HMAC-SHA256/HMAC-SHA384/HMAC-SHA512, Canonicalization = Exc C14N 1.0
- 8 files: Digest = SHA1/SHA256/SHA384/SHA512, Signature = RSA2048-SHA1/RSA2048-SHA256/RSA2048-SHA384/RSA2048-SHA512, Canonicalization = C14n 1.0 / Exc C14N 1.0
HMAC key
- All of Sun signatures are use "secret"
- All of Oracle's signature use "testkey"
- Microsoft's signatures use keys that are stored in the files secret-sha1.hmac, secret-sha256.hmac, secret-sha384.hmac, secret-sha512.hmac
Interop status
- Partipants: Oracle, Microsoft, Sun
- Each participant has verified all of these files. (except Microsoft not verifying C14N 1.1)
See test file directory .
The following are the SHA-224 tests:
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha224.xml https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-rsa-sha224.xml https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-sha224-rsa_sha256.xml
XML Signature 1.1 Core: Elliptic Curve algorithms
Various combinations of the following
- Digest algorithm - SHA1/256/384/512
- Signature algorithm - ECDSA (P256/P384/P521 with SHA1/SHA256/SHA384/SHA512)
- Canonicalization algorithm - C14N 1.0, Exc C14N 1.0
- KeyInfo format - RFC 4050 style ECDSA KeyValue, XML signature 1.1 style ECKeyValue
Microsoft's test vectors - 48 files
- 12 files: Digest = SHA1/SHA256/SHA384/SHA512, Signature = ECDSA (P256/P384/P521 with SHA1/SHA256/SHA384/SHA512), RFC4050 ECDSAKeyValue
- 12 files: All of the above but with Exclusive C14N 1.0
- 12 files: Digest = SHA1/SHA256/SHA384/SHA512, Signature = ECDSA (P256/P384/P521 with SHA1/SHA256/SHA384/SHA512), XML Signature 1.1 ECKeyValue
- 12 files: All of the above but with Exclusive C14N 1.0
Oracle's test vectors - 18 files
- 12 files: Digest = SHA1/SHA256/SHA384/SHA512, Signature = ECDSA (P256/P384/P521 with SHA1/SHA256/SHA384/SHA512), RFC4050 ECDSAKeyValue
- 12 files: all of the above XML Signature 1.1 ECKeyValue
Interop status
- Partipants: Oracle, Microsoft
- Each participant has verified all of these files.
See test file directory .
The following are the SHA-224 tests:
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p256_sha224.xml https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p384_sha224.xml https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p521_sha224.xml
XML Signature 1.1 HMACOutputLength
The following are test vectors for HMACOutputLength verification:
https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha1-truncated40.xml https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha1-truncated160.xml
The first one is truncated to 40 bytes, so it should be rejected. The second one is not truncated at all, so it should be accepted.
XML Security 1.1 Core: Elliptic Curve key values
- ECKeyValue
- ECDH KeyValues (XML Encryption)
XML Security 1.1 Core: Elliptic Curve for Encryption
- ECDH-ES (XML Encryption) - Oracle
XML Security 1.1 Core: Other items
- AES Keywrap with padding (XML Encryption) RFC 5649
- OCSP - add and read OCSP information successfully (Sun?)
- DEREncodedKeyValue (Sun?)
- RFC4050 compatibility (4.4.2.3.2) ? DONE
- Required Exclusive C14N - note that implemented or interop? DONE
- XPath 2.0
XML Encryption 1.1 Key Derivation using ConcatKDF and PBKDF2
Test case 1: EncryptedData with content encryption key derived from shared secret. Key derivation method: ConcatKDF (http://www.w3.org/2009/xmlenc11#ConcatKDF).
Test case 2: EncryptedData with content encryption key derived from shared secret password. Key derivation method: PBKDF2 (http://www.w3.org/2009/xmlenc11#pbkdf2).
Interop status
- Partipants: IBM, Microsoft
- Each participant has verified all of these files.
Signature Properties
- Interop signature properties
Suite B Interop information
See http://www.w3.org/2008/xmlsec/Drafts/testing/suiteb-interoperability.html