18.3 Message Authentication Codes


A Message Authentication Code (MAC) is calculated from the data to be authenticated and a secret quantity. The HMAC algorithm [RFC 2104] is the basis of all MACs that XML Security specifies, although other strong MAC techniques exist as well [Schneier]. You can use the HMAC algorithm with any hash code.

MAC algorithm identifiers appear as the value of the Algorithm attribute of SignatureMethod elements, as shown in Figure 18-3. Their implicit inputs consist of their keying material and the octet stream output by the signature's CanonicalizationMethod. MACs are syntactically identical to signatures but imply a shared secret key.

Figure 18-3. SignatureMethod algorithms

graphics/18fig03.gif

18.3.1 HMAC SHA-1

 HMAC SHA-1 Identifier:     http://www.w3.org/2000/09/xmldsig#hmac-sha1 

Implementation of HMAC SHA-1 is mandatory for applications that conform to the XML Digital Signature standard. The HMAC algorithm [RFC 2104] takes the truncation length in bits as an explicit parameter; if the application does not specify the parameter, then all bits of the hash are output. An example of an HMAC SignatureMethod element follows:

 <SignatureMethod Algorithm= "http://www.w3.org/2000/09/xmldsig#hmac-sha1">     <HMACOutputLength>128</HMACOutputLength> </SignatureMethod> 

The output of the HMAC algorithm is ultimately the output (possibly truncated) of the chosen digest algorithm. This value is encoded in base-64 in the SignatureValue element. For example, the SignatureValue element for the HMAC-SHA1 digest

 9294727A 3638BB1C 13F48EF8 158BFC9D 

from the test vectors in [RFC 2104] would be

 <SignatureValue>kpRyejY4uxwT9I74FYv8nQ==</SignatureValue> 

The DTD for the HMACOutputLength element follows:

 <!-- HMACOutputLength DTD --> <!ELEMENT HMACOutputLength (#PCDATA)> 

In schema notation, it has the following form:

 <!-- HMACOutputLength Schema Definition --> <simpleType name="HMACOutputLengthType">     <restriction base="integer"/> </simpleType> 

18.3.2 Additional HMAC Variations

 Additional HMAC Variation Identifiers:     http://www.w3.org/2001/04/xmldsig-more#hmac-md5     http://www.w3.org/2001/04/xmldsig-more#hmac-sha256     http://www.w3.org/2001/04/xmldsig-more#hmac-sha512     http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 

Implementation of these HMAC variations is optional. All variations use the technique described in [RFC 2104] and have an optional HMACOutputLength explicit parameter as described in Section 18.3.1. The only difference involves the message digest algorithm used.



Secure XML(c) The New Syntax for Signatures and Encryption
Secure XML: The New Syntax for Signatures and Encryption
ISBN: 0201756056
EAN: 2147483647
Year: 2005
Pages: 186

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net