[xmlsec] digestvalue failure

Artur BUJDOSO artur.bujdoso at saveas.hu
Wed Mar 3 07:05:07 PST 2004


Sorry for a kind of off-topic question, but the whole thing is driving 
me nuts.
Here's my problem:

I have to implement an XML digital signature checker, but unfortunately, 
without using the xmlsec library. This environment has a specially 
patched (and 0.9.6 only) libssl that renders xmlsec library unusable. 
Here's the problem:

I read the xml file, parse it with libxml2, then I try to canonize it with:

xmlC14NDocDumpMemory(xmlDoc, NULL, 1, NULL, doc_txt_ptr);

where xmlDoc is an xmlDocPtr, and doc_txt_ptr is an **xmlChar.

When I dump the canonized content, it seems ok, at least it's readable, 
has 0x0a at each line end, has no whitespace but 0x20, etc....

At the next step, I look for the referenced URI in the document, in my 
case, it looks like this: <Reference URI="#Body">. It is a digitally 
signed XML SOAP content, so it refers to the section, starts with 
"<SOAP-ENV:Body". I check through the document, and cut the part 
_starting_ with <SOAP-ENV:Body and _ending_ with: </SOAP-ENV:Body>. The 
< is the first byte in my sha1 buffer and the last one is a > (of the 
both SOAP-ENV:Body tags). I generate an sha1 hash, then do a base64 
encoding. (I encode the bytes, not the UTF8 chars, of course) and it 
produces a DigestValue for me.

Here's the catch: whatever I do, the DigestValue will not match the one 
specified in the Reference section.

I simply don't know what to do next. I dumped the sha1 hash buffer and 
ran across a manual OpenSSL dgst -sha1 and it produces the same hash 
that my code does (I use mhash library, to replace openssl) _and_ when I 
run this byte content across uudecode -m, it produces the _same_ base64 
hash that my code produces! So it seems that sha1 and base64 hashing 
works ok.

What do I miss?

Any answer will be appreticated, thanks in advance.

Artur Bujdoso

More information about the xmlsec mailing list