SignedXml.CheckSignature failing for valid Enveloped signature with #xpointer(/) reference

[m0sa]

Description

SignedXml.CheckSignature is returning false for valid a enveloped signature document that is using a <ds:References URI="#xpointer(/)">.

This should work, given that xpointer(/) is explicitly mentioned in the documentation, and SignedXml code

Reproduction Steps

var xmlDoc = new XmlDocument();
xmlDoc.LoadXml("""<?xml version="1.0" encoding="UTF-8"?><hello><world>Hi</world><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#xpointer(/)"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>SVaCE5w9iLXTVYTKP1t/yjjmPXvWovMYpgljGgpgz2Y=</DigestValue></Reference></SignedInfo><SignatureValue>dqcBmS1ZvDJNhmCEgobpAb+A2XaiuB69dfGIhisZvqoxaWqAqv/0w49jp38+usJ5t3wcq3aMC631QE8iln+lHWrarojDMDWLa00isv3oE3q9UgOIV9e6MUSoRTTvQkmlK/LSYV9T/SKx6h03vLLcIkUMXaTkC/n2kthlJTGkLbU=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>t6qV1iTlkCPoaIeOTvnDczQv5pytUxMoyNXws5vaMQYxfJMKos47dvmiLtfWUDLYXFX3Yf/JMC14plJw2JA5jLrlHLnZj/vCjRtXckmWW/wGYewXUqrgR1CytStUeQKj9mNsi76erukua10UhzIrWG+H6YQ/qS4AMMJZU6jBvO0=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></hello>""");
var signedXml = new SignedXml(xmlDoc);
var signature = xmlDoc.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl).OfType<XmlElement>().Single();
signedXml.LoadXml(signature);
var result = signedXml.CheckSignature();

Expected behavior

SignedXml.CheckSignature returns true

Actual behavior

SignedXml.CheckSignature returns false

Regression?

This issue started happening between v7.0.0-preview.3.22175.4 and v7.0.0-preview.4.22229.4

Known Workarounds

No response

Configuration

No response

Other information

I wrote a small app for reproducing and narrowing down the regression here: https://github.com/m0sa/EnvelopedXMLDSIG

I get the following output:

$ dotnet run -p:NugetVersion=7.0.0-preview.4.22229.4 -f net6.0 -c Debug --project .\Verifier\Verifier.csproj -- exampleSigned.xml exampleKey.pem
signedXml.CheckSignature(/*  */): FAIL (System.Security.Cryptography.Xml: 7.0.0-preview.4.22229.4+9c37a3b3eb6d955d54865a2f9edf557620ab7fa8, .NET: 6.0.25)
signedXml.CheckSignature(rsaKey): FAIL (System.Security.Cryptography.Xml: 7.0.0-preview.4.22229.4+9c37a3b3eb6d955d54865a2f9edf557620ab7fa8, .NET: 6.0.25)

$ dotnet run -p:NugetVersion=7.0.0-preview.3.22175.4 -f net6.0 -c Debug --project .\Verifier\Verifier.csproj -- exampleSigned.xml exampleKey.pem
signedXml.CheckSignature(/*  */): PASS (System.Security.Cryptography.Xml: 7.0.0-preview.3.22175.4+162f83657cab981e82dbae0ed89b2bc5b44c2d86, .NET: 6.0.25)
signedXml.CheckSignature(rsaKey): PASS (System.Security.Cryptography.Xml: 7.0.0-preview.3.22175.4+162f83657cab981e82dbae0ed89b2bc5b44c2d86, .NET: 6.0.25)

I did some debugging and it seems to boil down to the XmlDsigEnvelopedSignatureTransform.SignaturePosition not getting set here

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Description

SignedXml.CheckSignature is returning false for valid a enveloped signature document that is using a <ds:References URI="#xpointer(/)">.

This should work, given that xpointer(/) is explicitly mentioned in the documentation, and SignedXml code

Reproduction Steps

var xmlDoc = new XmlDocument();
xmlDoc.LoadXml("""<?xml version="1.0" encoding="UTF-8"?><hello><world>Hi</world><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#xpointer(/)"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>SVaCE5w9iLXTVYTKP1t/yjjmPXvWovMYpgljGgpgz2Y=</DigestValue></Reference></SignedInfo><SignatureValue>dqcBmS1ZvDJNhmCEgobpAb+A2XaiuB69dfGIhisZvqoxaWqAqv/0w49jp38+usJ5t3wcq3aMC631QE8iln+lHWrarojDMDWLa00isv3oE3q9UgOIV9e6MUSoRTTvQkmlK/LSYV9T/SKx6h03vLLcIkUMXaTkC/n2kthlJTGkLbU=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>t6qV1iTlkCPoaIeOTvnDczQv5pytUxMoyNXws5vaMQYxfJMKos47dvmiLtfWUDLYXFX3Yf/JMC14plJw2JA5jLrlHLnZj/vCjRtXckmWW/wGYewXUqrgR1CytStUeQKj9mNsi76erukua10UhzIrWG+H6YQ/qS4AMMJZU6jBvO0=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></hello>""");
var signedXml = new SignedXml(xmlDoc);
var signature = xmlDoc.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl).OfType<XmlElement>().Single();
signedXml.LoadXml(signature);
var result = signedXml.CheckSignature();

Expected behavior

SignedXml.CheckSignature returns true

Actual behavior

SignedXml.CheckSignature returns false

Regression?

This issue started happening between v7.0.0-preview.3.22175.4 and v7.0.0-preview.4.22229.4

Known Workarounds

No response

Configuration

No response

Other information

I wrote a small app for reproducing and narrowing down the regression here: https://github.com/m0sa/EnvelopedXMLDSIG

I get the following output:

$ dotnet run -p:NugetVersion=7.0.0-preview.4.22229.4 -f net6.0 -c Debug --project .\Verifier\Verifier.csproj -- exampleSigned.xml exampleKey.pem
signedXml.CheckSignature(/*  */): FAIL (System.Security.Cryptography.Xml: 7.0.0-preview.4.22229.4+9c37a3b3eb6d955d54865a2f9edf557620ab7fa8, .NET: 6.0.25)
signedXml.CheckSignature(rsaKey): FAIL (System.Security.Cryptography.Xml: 7.0.0-preview.4.22229.4+9c37a3b3eb6d955d54865a2f9edf557620ab7fa8, .NET: 6.0.25)

$ dotnet run -p:NugetVersion=7.0.0-preview.3.22175.4 -f net6.0 -c Debug --project .\Verifier\Verifier.csproj -- exampleSigned.xml exampleKey.pem
signedXml.CheckSignature(/*  */): PASS (System.Security.Cryptography.Xml: 7.0.0-preview.3.22175.4+162f83657cab981e82dbae0ed89b2bc5b44c2d86, .NET: 6.0.25)
signedXml.CheckSignature(rsaKey): PASS (System.Security.Cryptography.Xml: 7.0.0-preview.3.22175.4+162f83657cab981e82dbae0ed89b2bc5b44c2d86, .NET: 6.0.25)

I did some debugging and it seems to boil down to the XmlDsigEnvelopedSignatureTransform.SignaturePosition not getting set here

Author:	m0sa
Assignees:	-
Labels:	area-System.Security
Milestone:	-

[vcsjones]

If I had to take a guess, it is this PR that changed the behavior: #67010.

@m0sa I saw your draft pull request, are you working on a fix?

[m0sa]

@vcsjones yup. I think I have a fix in the PR.

[henning-krause]

We also just stumbled on this bug. Would be nice to get a fix for .net 8 soon.

[m0sa]

The PR with the fix is ready. It would be great if we could backport the fix to the 7.0.x version, too, since it's a regression from 6.

[vcsjones]

. It would be great if we could backport the fix to the 7.0.x version, too,

I lack any "official" word here, but from the support policy:

During the maintenance support period, .NET releases are updated to mitigate security vulnerabilities, only.

The maintenance support period is the final 6 months of support for any release (STS or LTS)

Since .NET 7 is EOL in < 6 months, I would not expect any fixes to go in to .NET 7.

[janjaeschke]

Maybe any fix for .NET 8?

[m0sa]

The PR got merged into main yesterday

b5b290f

I don't know what the procedure is to get the fix into .NET 8

[henning-krause]

Does anybody else here know how get this fix shipped with a .net 8 patch version?