ECDsa support in System.Security.Cryptography.Xml.SignedXml

[Nukepayload2]

This feature request is related to the following problem:

When I'm using System.Security.Cryptography.Xml.SignedXml, if the type of SigningKey is ECDsa, ComputeSignature will throw CryptographicException.
The exception was thrown at this line:

runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs

Line 401 in 3011955

throw new CryptographicException(SR.Cryptography_Xml_CreatedKeyFailed);

If I set SignedInfo.SignatureMethod to "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" by setting protected fields through a subclass, another exception will be thrown at:

runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs

Line 408 in 3011955

throw new CryptographicException(SR.Cryptography_Xml_SignatureDescriptionNotCreated);

Description of what API need to be added or changed
System.Security.Cryptography.Xml.SignedXml should be able to create and verify ECDsa xml signatures.

[ghost]

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq
Notify danmosemsft if you want to be subscribed.

[vcsjones]

I believe it is possible to get this working today if you are able to implementing the formatters and are able to ensure its correctness.

If you set the signature method URI before signing, it will attempt to resolve a SignatureDescription from the CryptoConfig. So you could do something like this:

CryptoConfig.AddAlgorithm(typeof(ECDsaP256SHA256SignatureDescription), "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256");
XmlDocument doc = GetDocument();
SignedXml sxml = new SignedXml(doc);
sxml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
sxml.SigningKey = ecdsa;

The trick then is to create and implement the ECDsaP256SHA256SignatureDescription, which is really just used for getting an AsymmetricSignatureDeformatter and AsymmetricSignatureFormatter, which are also abstract classes that need to be implemented for ECDSA. Looking at the XmlDSig spec, it expects signatures to be in {R,S} IEEE format, which I believe ECDsa produces by default.

I threw together a gist that implements a bare-bones example here: https://gist.github.com/vcsjones/07460cd1a0adf03ade27151efdf266e2. It bears repeating that this code is a quickly thrown together example to explore the feasibility of it.

[olljanat]

@vcsjones thanks for sharing. Example code in you gist looks to be working correctly.

On https://gist.github.com/olljanat/848c51c141634c7306712fe1bbb20727 I combined it with HLKX package signing code and hardware submission portal looks to be detecting it as correctly signed file.

However as far I see, there is not way to define SignatureMethod method when signing is done thorough PackageDigitalSignatureManager which why at least olljanat@0de728b should be included to here.