A Message Authentication Code (MAC) is calculated from the data to be authenticated and a secret quantity. The HMAC algorithm [RFC 2104] is the basis of all MACs that XML Security specifies, although other strong MAC techniques exist as well [Schneier]. You can use the HMAC algorithm with any hash code.
MAC algorithm identifiers appear as the value of the Algorithm attribute of SignatureMethod elements, as shown in Figure 18-3. Their implicit inputs consist of their keying material and the octet stream output by the signature's CanonicalizationMethod. MACs are syntactically identical to signatures but imply a shared secret key.
Figure 18-3. SignatureMethod algorithms
18.3.1 HMAC SHA-1
HMAC SHA-1 Identifier: http://www.w3.org/2000/09/xmldsig#hmac-sha1
Implementation of HMAC SHA-1 is mandatory for applications that conform to the XML Digital Signature standard. The HMAC algorithm [RFC 2104] takes the truncation length in bits as an explicit parameter; if the application does not specify the parameter, then all bits of the hash are output. An example of an HMAC SignatureMethod element follows:
<SignatureMethod Algorithm= "http://www.w3.org/2000/09/xmldsig#hmac-sha1"> <HMACOutputLength>128</HMACOutputLength> </SignatureMethod>
The output of the HMAC algorithm is ultimately the output (possibly truncated) of the chosen digest algorithm. This value is encoded in base-64 in the SignatureValue element. For example, the SignatureValue element for the HMAC-SHA1 digest
9294727A 3638BB1C 13F48EF8 158BFC9D
from the test vectors in [RFC 2104] would be
The DTD for the HMACOutputLength element follows:
<!-- HMACOutputLength DTD --> <!ELEMENT HMACOutputLength (#PCDATA)>
In schema notation, it has the following form:
<!-- HMACOutputLength Schema Definition --> <simpleType name="HMACOutputLengthType"> <restriction base="integer"/> </simpleType>
18.3.2 Additional HMAC Variations
Additional HMAC Variation Identifiers: http://www.w3.org/2001/04/xmldsig-more#hmac-md5 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
Implementation of these HMAC variations is optional. All variations use the technique described in [RFC 2104] and have an optional HMACOutputLength explicit parameter as described in Section 18.3.1. The only difference involves the message digest algorithm used.