A Message Authentication Code (MAC) is calculated from the data to be authenticated and a secret quantity. The HMAC algorithm [RFC 2104] is the basis of all MACs that XML Security specifies, although other strong MAC techniques exist as well [Schneier]. You can use the HMAC algorithm with any hash code. MAC algorithm identifiers appear as the value of the Algorithm attribute of SignatureMethod elements, as shown in Figure 18-3. Their implicit inputs consist of their keying material and the octet stream output by the signature's CanonicalizationMethod. MACs are syntactically identical to signatures but imply a shared secret key. Figure 18-3. SignatureMethod algorithms18.3.1 HMAC SHA-1HMAC SHA-1 Identifier: http://www.w3.org/2000/09/xmldsig#hmac-sha1 Implementation of HMAC SHA-1 is mandatory for applications that conform to the XML Digital Signature standard. The HMAC algorithm [RFC 2104] takes the truncation length in bits as an explicit parameter; if the application does not specify the parameter, then all bits of the hash are output. An example of an HMAC SignatureMethod element follows: <SignatureMethod Algorithm= "http://www.w3.org/2000/09/xmldsig#hmac-sha1"> <HMACOutputLength>128</HMACOutputLength> </SignatureMethod> The output of the HMAC algorithm is ultimately the output (possibly truncated) of the chosen digest algorithm. This value is encoded in base-64 in the SignatureValue element. For example, the SignatureValue element for the HMAC-SHA1 digest 9294727A 3638BB1C 13F48EF8 158BFC9D from the test vectors in [RFC 2104] would be <SignatureValue>kpRyejY4uxwT9I74FYv8nQ==</SignatureValue> The DTD for the HMACOutputLength element follows: <!-- HMACOutputLength DTD --> <!ELEMENT HMACOutputLength (#PCDATA)> In schema notation, it has the following form: <!-- HMACOutputLength Schema Definition --> <simpleType name="HMACOutputLengthType"> <restriction base="integer"/> </simpleType> 18.3.2 Additional HMAC VariationsAdditional HMAC Variation Identifiers: http://www.w3.org/2001/04/xmldsig-more#hmac-md5 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 Implementation of these HMAC variations is optional. All variations use the technique described in [RFC 2104] and have an optional HMACOutputLength explicit parameter as described in Section 18.3.1. The only difference involves the message digest algorithm used. |