SignedXml cannot validate signature that contain XPath transforms

[petarpetrovt]

Description

I have a few XML documents that have been signed using various tools, but their validation fails in .NET. However, these documents are deemed valid in tools such as the European Commission Digital Signature Service (DSS).

Reproduction Steps

Generate an enveloped XAdES signed XML document via DSS tool.

The transform that seems to not be supported.

<ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
  <dsig-filter2:XPath xmlns:dsig-filter2="http://www.w3.org/2002/06/xmldsig-filter2" Filter="subtract">/descendant::ds:Signature</dsig-filter2:XPath>
</ds:Transform>

The validation code.

XmlDocument document = new() { PreserveWhitespace = true };
document.Load("test-signed-xades-baseline-b.xml");
var signedXml = new SignedXml(document);
signedXml.LoadXml((XmlElement)document.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl)[0]!);
Console.WriteLine(signedXml.CheckSignature());

Expected behavior

The signature validation is successful.

Actual behavior

Unhandled exception. System.Security.Cryptography.CryptographicException: Unknown transform has been encountered.
   at System.Security.Cryptography.Xml.Reference.LoadXml(XmlElement value)
   at System.Security.Cryptography.Xml.SignedInfo.LoadXml(XmlElement value)
   at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value)
   at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value)

Regression?

No response

Known Workarounds

No response

Configuration

No response

Other information

I have a signature produced by a Java application that uses a different XPath transform. This signature also cannot be validated.

<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
  <ds:XPath>not(ancestor-or-self::ds:Signature)</ds:XPath>
</ds:Transform>

Adding http://www.w3.org/TR/1999/REC-xpath-19991116 algorithm in SafeCanonicalizationMethods property allows to bypass IsSafeTransform check but then throws XPathException, maybe related to this #21451 issue.

signedXml.SafeCanonicalizationMethods.Add("http://www.w3.org/TR/1999/REC-xpath-19991116");

Unhandled exception. System.Xml.XPath.XPathException: Namespace prefix 'ds' is not defined.
   at MS.Internal.Xml.XPath.CompiledXpathExpr.UndefinedXsltContext.LookupNamespace(String prefix)
   at MS.Internal.Xml.XPath.BaseAxisQuery.SetXsltContext(XsltContext context)
   at MS.Internal.Xml.XPath.CompiledXpathExpr.SetContext(IXmlNamespaceResolver nsResolver)
   at System.Security.Cryptography.Xml.XmlDsigXPathTransform.GetOutput()
   at System.Security.Cryptography.Xml.TransformChain.TransformToOctetStream(Object inputObject, Type inputType, XmlResolver resolver, String baseUri)
   at System.Security.Cryptography.Xml.TransformChain.TransformToOctetStream(XmlDocument document, XmlResolver resolver, String baseUri)
   at System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
   at System.Security.Cryptography.Xml.SignedXml.CheckDigestedReferences()
   at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignature()

[ghost]

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Description

I have a few XML documents that have been signed using various tools, but their validation fails in .NET. However, these documents are deemed valid in tools such as the European Commission Digital Signature Service (DSS).

Reproduction Steps

Generate an enveloped XAdES signed XML document via DSS tool.

The transform that seems to not be supported.

<ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
  <dsig-filter2:XPath xmlns:dsig-filter2="http://www.w3.org/2002/06/xmldsig-filter2" Filter="subtract">/descendant::ds:Signature</dsig-filter2:XPath>
</ds:Transform>

The validation code.

XmlDocument document = new() { PreserveWhitespace = true };
document.Load("test-signed-xades-baseline-b.xml");
var signedXml = new SignedXml(document);
signedXml.LoadXml((XmlElement)document.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl)[0]!);
Console.WriteLine(signedXml.CheckSignature());

Expected behavior

The signature validation is successful.

Actual behavior

Unhandled exception. System.Security.Cryptography.CryptographicException: Unknown transform has been encountered.
   at System.Security.Cryptography.Xml.Reference.LoadXml(XmlElement value)
   at System.Security.Cryptography.Xml.SignedInfo.LoadXml(XmlElement value)
   at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value)
   at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value)

Regression?

No response

Known Workarounds

No response

Configuration

No response

Other information

I have a signature produced by a Java application that uses a different XPath transform. This signature also cannot be validated.

<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
  <ds:XPath>not(ancestor-or-self::ds:Signature)</ds:XPath>
</ds:Transform>

Adding http://www.w3.org/TR/1999/REC-xpath-19991116 algorithm in SafeCanonicalizationMethods property allows to bypass IsSafeTransform check but then throws XPathException, maybe related to this #21451 issue.

signedXml.SafeCanonicalizationMethods.Add("http://www.w3.org/TR/1999/REC-xpath-19991116");

Unhandled exception. System.Xml.XPath.XPathException: Namespace prefix 'ds' is not defined.
   at MS.Internal.Xml.XPath.CompiledXpathExpr.UndefinedXsltContext.LookupNamespace(String prefix)
   at MS.Internal.Xml.XPath.BaseAxisQuery.SetXsltContext(XsltContext context)
   at MS.Internal.Xml.XPath.CompiledXpathExpr.SetContext(IXmlNamespaceResolver nsResolver)
   at System.Security.Cryptography.Xml.XmlDsigXPathTransform.GetOutput()
   at System.Security.Cryptography.Xml.TransformChain.TransformToOctetStream(Object inputObject, Type inputType, XmlResolver resolver, String baseUri)
   at System.Security.Cryptography.Xml.TransformChain.TransformToOctetStream(XmlDocument document, XmlResolver resolver, String baseUri)
   at System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList)
   at System.Security.Cryptography.Xml.SignedXml.CheckDigestedReferences()
   at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey(AsymmetricAlgorithm& signingKey)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignature()

Author:	petarpetrovt
Assignees:	-
Labels:	area-System.Security, untriaged
Milestone:	-

[jeffhandley]

Thanks for reporting this, @petarpetrovt. We won't be able to investigate this further during .NET 8, so I'm moving this to Future. I'm going to label this as help wanted [up-for-grabs] Good issue for external contributors , inviting help on further investigation to be certain we know how to fix it.

[ankyrawat1]

I'm facing the same issue with the netstandard version of the "System.Security.Cryptography.Xml" dll.....with the net framework version of this dll , it works perfectly fine

This exception was originally thrown at this call stack:
System.Security.Cryptography.Xml.Reference.LoadXml(System.Xml.XmlElement) in Reference.cs
System.Security.Cryptography.Xml.SignedInfo.LoadXml(System.Xml.XmlElement) in SignedInfo.cs
System.Security.Cryptography.Xml.Signature.LoadXml(System.Xml.XmlElement) in Signature.cs
System.Security.Cryptography.Xml.SignedXml.LoadXml(System.Xml.XmlElement) in SignedXml.cs

[bartonjs]

The XPath transform is not safe, it is intentionally not listed in the safe transforms list; and callers who need to use it have to explicitly register it in themselves.

There are notes about the carriage return issue in #99856.