Bug 7716 - Cannot validate signed XML generated on Windows in Linux, and vice versa
Summary: Cannot validate signed XML generated on Windows in Linux, and vice versa
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Security ()
Version: 2.10.x
Hardware: PC All
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
Depends on:
Reported: 2012-10-08 00:34 UTC by transistor1
Modified: 2018-03-12 08:40 UTC (History)
9 users (show)

Is this bug a regression?: ---
Last known good build:

Code that illustrates issue (7.19 KB, text/plain)
2012-10-08 00:34 UTC, transistor1

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description transistor1 2012-10-08 00:34:14 UTC
Created attachment 2704 [details]
Code that illustrates issue

Using open source Rhino.Licensing to generate licenses for Windows apps in Linux, and discovered that SignedXml::CheckSignature() will not validate a signature in Windows that was generated in Linux, and vice versa. It will validate on whatever platform it was generated on, though.

Created a sample program based on the code in Rhino.Licensing to illustrate this issue.

Tried compiling in both Mono and in Windows, same results.

I don't know much about cryptography, so I also don't know if there are some settings that would need to be set in order to prevent this.

;;; Windows output of attached program:

drive: >Program.exe key
Generating Keys...

drive: >Program.exe license
PATH: C:\Path\To\Licenses\runtime_license.xml

drive: >Program.exe validate
PUB KEY: C:\Path\To\public.txt
LIC: C:\Path\To\Licenses\runtime_license.xml
Got validated XML doc.

### Trying to validate that same signature in Linux:

$ ./Program.exe validate
PUB KEY: /path/to/public.txt
LIC: /path/to/Licenses/runtime_license.xml
Couldn't get validated XML doc.

URL for Rhino Licensing: https://github.com/hibernating-rhinos/rhino-licensing
Comment 1 Dan Smith 2014-02-23 21:17:56 UTC
Just to confirm, this issue is still present in mono 3.2.6.  Also, I noticed that the exact same code generates a different result if the executable is run in the .NET environment vs the Mono environment.  (Regardless of which C# compiler was used to compile the code)
Comment 3 Giorgi 2014-06-28 06:26:00 UTC
Does the same thing happen if you generate the signed xml with mono but on Windows?
Comment 4 Dan Smith 2014-06-28 08:51:15 UTC
Mono -> Mono: Works
Mono -> Windows: Fails
Windows -> Mono: Fails
Windows -> Windows: Works

Basically, there is some difference in the underlying implementation of signed XML on Windows/Mono, and as such, signed XMLs are not compatible across the two platforms
Comment 5 Sam Bendall 2014-09-28 04:06:54 UTC
Same problem here.
Generating on Ubuntu 14.04 w/ 3.2.8 fails to validate on Windows.
Although generating the licenses with Mono 3.2.3 on Windows are validated with the Windows app.
Comment 7 Brendan Zagaeski (Xamarin Team, assistant) 2014-11-17 16:28:15 UTC
I've submitted a one line pull request that fixes the test case from comment 0 for me:

I changed `string.Compare()` to `string.CompareOrdinal()` in `XmlDsigC14NTransformAttributesComparer.Compare()`.

The underlying problem was that the Mono C14N XML canonicalizer was not sorting the XML attributes in the same order as Microsoft .NET's canonicalizer. The C14N specification [2] states: "the attributes are sorted lexicographically by attribute name (based on Unicode character code points)." This wording suggests that the order of attributes should be strictly ascending based on Unicode byte value. The pull request changes the attribute sort order to match the specification.