none
Implementation of relationship transformation algorithm RRS feed

  • Question

  • Hi, I'm trying to calculate digest of _rel/.rel part of MS Word XML signature. There is relationship transform transformation to be applayed to the file before canonicalization and digest calculation. I heed help with this, how and what is relationship transformation algorithm?

    How to calculate digest for this example:

    -<Reference URI="/word/_rels/document.xml.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml">
    
    
    -<Transforms>
    
    
    -<Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform">
    
    <mdssi:RelationshipReference SourceId="rId3"/>
    
    <mdssi:RelationshipReference SourceId="rId7"/>
    
    <mdssi:RelationshipReference SourceId="rId2"/>
    
    <mdssi:RelationshipReference SourceId="rId1"/>
    
    <mdssi:RelationshipReference SourceId="rId6"/>
    
    <mdssi:RelationshipReference SourceId="rId5"/>
    
    <mdssi:RelationshipReference SourceId="rId4"/>
    
    </Transform>
    
    <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    
    </Transforms>
    
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    
    <DigestValue>OdPEVfOpIYCwT4RcDhW771tklQY=</DigestValue>
    
    </Reference>

    Tuesday, February 9, 2016 2:43 PM

All replies

  • the /word/_rels/document.rels.xml.... is as follows:

    <?xml version="1.0" encoding="UTF-8" standalone="true"?>
    
    -<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
    
    <Relationship Target="stylesWithEffects.xml" Type="http://schemas.microsoft.com/office/2007/relationships/stylesWithEffects" Id="rId8"/>
    
    <Relationship Target="webSettings.xml" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/webSettings" Id="rId3"/>
    
    <Relationship Target="theme/theme1.xml" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Id="rId7"/>
    
    <Relationship Target="settings.xml" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings" Id="rId2"/>
    
    <Relationship Target="styles.xml" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Id="rId1"/>
    
    <Relationship Target="fontTable.xml" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/fontTable" Id="rId6"/>
    
    <Relationship Target="endnotes.xml" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/endnotes" Id="rId5"/>
    
    <Relationship Target="footnotes.xml" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/footnotes" Id="rId4"/>
    
    </Relationships>

    Tuesday, February 9, 2016 2:49 PM
  • >>>I heed help with this, how and what is relationship transformation algorithm?

    According to your description, you could refer to below helpful link about Understanding XML Digital Signature

    https://msdn.microsoft.com/en-us/library/ms996502.aspx

    • Marked as answer by David_JunFeng Thursday, February 18, 2016 2:36 PM
    • Unmarked as answer by David_JunFeng Wednesday, March 16, 2016 9:17 AM
    Thursday, February 11, 2016 2:21 AM
  • Hi, there is not a single word about relationships in the linked document.

    I'm calculating successfully digests for all the parts of XML signature but /rels/_rels file, where relationship transformation is involved.

    Monday, February 29, 2016 12:56 PM
  • Hi, there is not a single word about relationships in the linked document.

    I'm calculating successfully digests for all the parts of XML signature but /rels/_rels file, where relationship transformation is involved.

    Monday, February 29, 2016 12:57 PM
  • >>>I'm calculating successfully digests for all the parts of XML signature but /rels/_rels file, where relationship transformation is involved.

    Could you help us figure out  more details about it. What do you want to achieve?

    In addition could you provide sample codes and screenshot etc., that will help us reproduce and resolve it.

    Thanks for your understanding.
    Wednesday, March 16, 2016 9:34 AM
  • Hi, I'm trying to validate a MS Word *.docx file with digital signature. In order to do validation, i have to calculate digest of referenced nodes and to check if it is same as one given in the signature (sig1.xml). I can't find info about how ti implement relationship transformation in order to calculate that digest.

    the part of signature XML (sig1.xml) is as follows:

    <Object Id="idPackageObject" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature"><Manifest><Reference URI="/_rels/.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml"><Transforms><Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform"><mdssi:RelationshipReference SourceId="rId1"/></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>1vWU/YTF/7t6ZjnE44gAFTbZvvA=</DigestValue>....(next ref node ....)..<Reference URI="/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>s2yQEJrQSfC0YoRe1hvm+IGBpJQ=</DigestValue></Reference>.....More Reference Nodes.....

    /_rels/.rels file himself:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin" Target="_xmlsignatures/origin.sigs"/></Relationships>

    So i need to calculate SHA1 of /_rels/.rels, but before calculation i must apply relationship transform and C14N.

    When i'm calculating digest of node with no relationship transform(of this node, for example: <Reference URI="/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>s2yQEJrQSfC0YoRe1hvm+IGBpJQ=</DigestValue></Reference> ) everything is fine, just doing SHA1 of referred URI(/word/document.xml in this case) gives me same hash as one given int the signature <DigestValue> node. But when it comes to node with relationship transform - calculations never gives same value as stated in the signature.

    My Question in general is where to find info about this relationship transform.

    Thanks,

    Georgi

    Thursday, March 17, 2016 1:36 PM
  • I believe the issue here George refers to section 13.2.4.24  in on Open Packaging Conventions in XML. Link below.

    Link: https://www.ecma-international.org/activities/Office%20Open%20XML%20Formats/Draft%20ECMA-376%203rd%20edition,%20March%202011/Office%20Open%20XML%20Part%202%20-%20Open%20Packaging%20Conventions.pdf

    From what I gathered:

    Only the relationship with Id's referenced in the relationship transform(ie. SourceId) should be included, i.e. "rId1" because of: <mdssi:RelationshipReference SourceId="rId1"/>.

    You should make a copy of the .rels file. This is the temp file that you will be working on:

    Steps:

    1. Remove all the 'Relationship' elements that are not referenced in the relationship transform
    2. Apply c14n
    3. perform sha1 message digest.

    All this being said, the hash isn't the same.

    George, perhaps you have figured where we have gone wrong?

    Thanks,

    David

    Thursday, February 9, 2017 8:56 PM
  • I have figured out my problem:

    I had an extra line at the end of my file.

    Also, I'm using a Unix system which uses LF and OPC uses CRLF.

    Make sure that they match up. And that your editor isn't adding an extra line after a save.

    Regards,

    David

    Thursday, February 16, 2017 11:47 AM