[System.Security.Cryptography.Xml] Test plan for public classes

[tintoy]

Part of dotnet/corefx#4278.

The goal is to write automated tests for the System.Security.Cryptography.Xml namespace such that it can be incorporated into the corefx libraries.

There is no articulated quality bar, like a code coverage percentage. However, there is an implicit high bar for the quality set for corefx. This is security sensitive so additional testing of possible attacks and ensuring no foreseeable vulnerabilities is required.

The tests should ensure the code complies with the spec. It should also revisit the changes introduced in MS16-035. Details on the spec and security advisory will be added later.

There is no deadline or other requirements.

Please contact @tintoy or @anthonylangsworth if you have questions. Participation by others is welcome and encouraged. To avoid duplication of effort, please reach out to @tintoy and @anthonylangsworth before doing so.

Methodology

Use the feature/xml-crypto/tests branch as a starting point for your work; the projects in this branch have been modified so that tests can be built and run.

To run tests:

1. Build CoreFx on Windows.
2. Load the solution file src\System.Security.Cryptography.Xml\System.Security.Cryptography.Xml.sln in Visual Studio 2015 SP 1 or later, set the System.Security.Cryptograpy.Xml.Tests project as the startup project and hit Ctrl+F5.

Tests:

1. must be written using xUnit, as per the standard for .Net core.
2. must follow the C# Coding style guidelines.
3. should ensure the corefx version follows the behavior of the existing System.Security.Cryptography.Xml namespace. If this is not possible, such as from missing dependencies or platform differences, please raise this for further discussion with @tintoy and @anthonylangsworth.
4. must be committed to the branch via pull request so it can be reviewed. The goal is to get multiple eyes on the tests to ensure we meet our goal and share understanding.
5. must pass.

Test Plan

Creation of automated tests follows two phases:

1. Writing tests that cover all exposed public classes and methods. The goal is to ensure all exposed methods and properties of all classes work.
2. Drill into use of SignedXml to ensure it meets the standard, effectively integration and security tests. This builds upon the foundation of the previous phase with the confidence that the supporting classes work.

Phase 1 (Unit Testing)

The following table lists the public classes exposed by the System.Security.Cryptography.Xml namespace. These will be checked off once the tests are completed and reviewed.

As stated above, if you wish to contribute, please reach out to @tintoy and @anthonylangsworth to avoid duplication of effort.

• CipherData
• DataObject (@peterwurzinger)
• EncryptedType
  • EncryptedData
  • EncryptedKey
• EncryptedReference
  • CipherReference
  • DataReference
  • KeyReference
  • EncryptedXml
• EncryptionMethod
• EncryptionProperty
• EncryptionPropertyCollection
• KeyInfo
• KeyInfoClause
  • DSAKeyValue
  • KeyInfoEncryptedKey
  • KeyInfoName
  • KeyInfoNode
  • KeyInfoRetrievalMethod
  • KeyInfoX509Data
  • RSAKeyValue
• Reference
• ReferenceList
• Signature
• SignedInfo
• SignedXml (unit testing only)
• Transform
  • XmlDecryptionTransform
  • XmlDsigBase64Transform
  • XmlDsigC14NTransform
  • XmlDsigC14NWithCommentsTransform
  • XmlDsigEnvelopedSignatureTransform
  • XmlDsigExcC14NTransform
  • XmlDsigExcC14NWithCommentsTransform
  • XmlDsigXPathTransform
  • XmlDsigXsltTransform
  • XmlLicenseTransform
• TransformChain
• X509IssuerSerial

Phase 2 (Spec and Integration Testing)

TBA once we pass phase 1.

Questions

• (@anthonylangsworth) Can we use InternalsVisibleTo to get access to the internal classes? It will certainly make testing easier but risks possible exploitation.

[tintoy]

Hey @anthonylangsworth - as suggested by @steveharter, Mono has some tests we might be able to include (especially for SignedXml).

BTW, if we do include them, he has specific headers that need to be added to the files in question (license-related).

[anthonylangsworth]

I saw that, @tintoy . I missed the link provided and asked him about them. As you can see, I have also asked what happens if we expand on them.

[peterwurzinger]

Hey there!
As already mentioned, I'd like to get my hands dirty with this too :-)
So if you agree I would like to write some Tests for DataObject, just to get an easy start into this framework-testing-thing. I'm familiar with xunit, but only applied to web application testing, so testing a library is new to me.

EDIT: Sorry, missed the ping @tintoy @anthonylangsworth

[anthonylangsworth]

Hi @peterwurzinger . Thanks for helping out. Please go ahead. I have added your name to the list above.

[Jaedson33]

Hi, what can I do to help you? Because I really need to use that in my project!

[tintoy]

Let me have a chat to Anthony - we should be able to split up the work now.

[Jaedson33]

If the mono tests work well will we need to create tests to those classes?

[anthonylangsworth]

Once we have the mono tests working, let's review this list. The mono tests are good but there are still lots of gaps.

For example, focusing on the issue of the moment, there was only a single test for each of ToXmlString and FromXmlString on DSA and RSA. We should have a much broader coverage, handling missing and extraneous XML elements.

That said, staging is also an option. We could implement a basic set of tests, merge them into .Net Core then follow up with an expanded set of tests. We can discuss this with the .Net Core team but it is there decision, not ours.

[krwq]

@tintoy @anthonylangsworth @peterwurzinger I'll start working on fixing the tests now - I'll take a look into all PlatformNotSupportedException failures first

[anthonylangsworth]

@krwq Thanks for that. Maybe it is worth creating a branch and all of us contributing to that so we can use each other's code instead of waiting for approved PRs to master. I'll create one tonight or over the weekend if no one jumps in first.

[krwq]

@anthonylangsworth - I'm hoping to fix all the mono tests before weekend 😄

[anthonylangsworth]

@krwq For me, the weekend starts in about 8 hours. :-)

Either way, I'll want to clean up the class names (*Test.cs vs *Tests.cs), flesh out the tests (lots of basic cases missing) and convert the Assert statements to use Xunit features where applicable (e.g. remove AssertCrypto.cs. I also want to cover the cases in mentioned in the security advisory.

[krwq]

@anthonylangsworth @tintoy as I started fixing one of the tests I'm seeing it is different than the original mono test where original one is closer to working - were there many changes to original code?
i.e. SignedXmlTest.SymmetricMACTripleDESSignature (Assert.Throws was added where I do not see any exception being thrown - even on full .NET)

@anthonylangsworth we should refrain from any refactoring for now - let's make it work first and after that we can focus on refactoring :-) it's 4PM Thursday here

[anthonylangsworth]

@krwq Regarding SymmetricMACTripleDESSignature, I am pretty sure that was one of the mono ported tests (you can tell by the header). I have not worked on it and I am pretty sure no one else has either. I'll have a look at it later today if you like. Otherwise, I'd go ahead and make whatever changes you think are necessary.

@krwq Regarding my second paragraph, I am only referring to the tests, not refactoring. Sorry if that was unclear. In summary, I want to clean up things while this namespace has some focus.