[xmlsec] DigestValue for Enveloped Signatures

[Dominic Steinitz]

Apologies if this is the wrong list - if it is could someone direct me to the 
right list.

I have been trying to check a DigestValue for an enveloped signature. Here's 
the template:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE parent [
<!ATTLIST t1 i ID #IMPLIED>
]>
<Envelope xmlns="urn:envelope">
<t1 i="Foo">Hello</t1>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Foo">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
</SignatureValue>
<KeyInfo>
<X509Data>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>

Using 

xmlsec1 sign --privkey-pem key.pem,cert.pem --output signed1.xml template1.xml

gives

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE parent [
<!ATTLIST t1 i ID #IMPLIED>
]>
<Envelope xmlns="urn:envelope">
<t1 i="Foo">Hello</t1>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Foo">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>mFMc4cpTQ76zyhuNnZaC7TfkFNw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>

My understanding is that sha1 on

<t1 i="Foo">Hello</t1>

should give the DigestValue. However, sha1sum (base64 encoded) gives

v5zrZxB/ZXbzlWQhbs9bw1LL4HQ=

When I use a detached signatures everything works out and the DigestValue 
matches what sha1sum gives. Here's the template:

<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="file:///home/dom/xmldsig/test1.xml#Foo">
<Transforms>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
</SignatureValue>
<KeyInfo>
<X509Data>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>

and test1.xml contains

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE parent [
<!ATTLIST t1 i ID #IMPLIED>
]>
<t1 i="Foo">Hello</t1>

Using 

xmlsec1 sign --privkey-pem key.pem,cert.pem --output signed1.xml template1.xml

gives

<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="file:///home/dom/xmldsig/test1.xml#Foo">
<Transforms>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>v5zrZxB/ZXbzlWQhbs9bw1LL4HQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>

sha1sum on the canonicalised version of test1.xml:

<t1 i="Foo">Hello</t1>

gives (base64 encoded):

v5zrZxB/ZXbzlWQhbs9bw1LL4HQ=

(the same as what I expected for the enveloped signature).

Does this mean there is a problem with xmlsec1 for enveloped signatures or 
(much more likely) I am applying sha1sum to the wrong input in the case of 
enveloped signatures?

Many thanks, Dominic.