This document is the interop report for new features introduced in XML Signature 1.1. It includes the test cases and test results for these new features. It does not replicate interop testing performed for features retained from XML Signature 1.0.


This document summarizes interop tests and the test results for new features introduced in XML Signature 1.1 [[XMLDSIG-CORE1]]. Changes to XML Signature introduced in XML Signature 1.1 are summarized in a detailed change explanation document [[XMLDSIG-CORE1-CHGS]].

Tests that are marked 'Y' are completed, 'U' means 'untested' and should not be taken to make a statement about the implementation (as testing may simply not have been performed for interop due to timing or other reasons).

Elliptic Curve Algorithms (Interop testing completed)

Summary of Changes

Elliptic Curve Test Cases (not including SHA-224)

Various combinations of the following

Microsoft's test vectors - 48 files

Oracle's test vectors - 18 files

Elliptic Curve Test Results (not including SHA-224)

See test file directory.

Signature AlgorithmDigestCanonicalizationECKeyValueMicrosoftOracle
ECDSA (P256/P384/P521] withSHA-1Excl C14NECKeyValueYY
ECDSA (P256/P384/P521] withSHA-256Excl C14NECKeyValueYY
ECDSA (P256/P384/P521] withSHA-384Excl C14NECKeyValueYY
ECDSA (P256/P384/P521] withSHA-512Excl C14NECKeyValueYY

Elliptic Curve SHA-224 Test Cases

The following are the SHA-224 tests:

Elliptic Curve SHA-224 Test Results

Signature AlgorithmDigestOracleApache Santuario (C++)
ECDSA (P256/P384/P521] withSHA-224YY

SHA Algorithms (Interop testing completed)

Summary of Changes

SHA Test Cases (not including SHA-224)

Various combinations of the following

Sun's test vectors - 18 files

Oracle's test vectors - 9 files (same as sun's, C14n 1.0 only)

Microsoft's test vectors - 14 files

HMAC key

SHA Test Results (not including SHA-224)


SHA-224 Test Cases

SHA-224 Test Results

DigestSignatureOracleApache Santuario (C++)

X509Data Additions

Summary of Changes

Note: X509Digest was added to correct issues with X509IssuerSerial.

X509Data Test Cases

X509Data Test Results

ItemOpenSAML (Shibboleth)Oracle

KeyInfo Additions

Summary of Changes

KeyInfo Test Cases

KeyInfo Test Results

ItemApache Santuario (C++)OpenSAML (Shibboleth)Oracle
DEREncodedKeyValue (both EC and RSA)YUY

Note: Same author for both Apache Santuario (C++) and OpenSAML (Shibboleth) implementations. In OpenSaml reproduced the X509Digest material by consuming the same keypair and successfully processing the KeyInfoReference after copying it into a SAML document.

HMACOutputLength verification

Summary of Changes

HMACOutputLength Test Cases

The following are test vectors for HMACOutputLength verification:

The first one is truncated to 40 bytes, so it should be rejected. The second one is not truncated at all, so it should be accepted.

HMACOutputLength Test Results

HMACOutputLengthOracleApache Santuario (C++)
Truncated 40 (invalid)YY
Truncated 160 (valid)YY

Additional Algorithm additions and changes (previously interop tested)

The following algorithms were added or changed in XML Signature 1.1 but were not included in this round of interop testing as they have been previously tested during the development of the corresponding W3C Recommendations: