5.5.13 Default XML messages and elements for XML security
36.579-13GPPMission Critical (MC) services over LTEPart 1: Common test environmentRelease 15TS
5.5.13.1 XML signature for integrity protection of MIME bodies
Table 5.5.13.1-1: XML signature MIME body from the UE
Derivation Path: TS 24.379 [9] annex F.6.2 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Signatures |
list of N signatures for the signed XML bodies of a SIP message |
|||
Signature [n] |
n ∈ {1..N} |
|||
id |
any value if present |
|||
SignedInfo |
||||
CanonicalizationAlgorithm |
any value |
canonicalisation method e.g. "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" |
||
SignatureAlgorithm |
"HMAC-SHA-256" |
Hashing algorithm to be applied to sign the SignedInfo with the key given in the KeyInfo |
||
Reference |
||||
URI |
same value as the Content-ID of the XML MIME body the signature belongs to |
|||
DigestAlgorithm |
"SHA-256" |
Hashing algorithm to be applied to sign the data object |
||
DigestValue |
Hash signing the data object (referred to by the URI) |
|||
SignatureValue |
Hash signing the SignedInfo |
The signing key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with FC = 0x52 XPK-ID = CSK-ID |
||
KeyInfo |
||||
KeyName |
base64 encoded CSK-ID |
Table 5.5.13.1-2: XML signature MIME body from the SS
Derivation Path: TS 24.379 [9] annex F.6.2 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
Signatures |
list of N signatures for the signed XML bodies of a SIP message |
|||
Signature [n] |
n ∈ {1..N} |
|||
id |
"signature" & n |
|||
SignedInfo |
||||
CanonicalizationAlgorithm |
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" |
canonicalisation method |
||
SignatureAlgorithm |
"HMAC-SHA-256" |
Hashing algorithm to be applied to sign the SignedInfo with the key given in the KeyInfo |
||
Reference |
||||
URI |
same value as the Content-ID of the XML MIME body the signature belongs to |
|||
DigestAlgorithm |
"SHA-256" |
Hashing algorithm to be applied to sign the data object |
||
DigestValue |
Hash signing the data object (referred to by the URI) |
|||
SignatureValue |
Hash signing the SignedInfo |
The signing key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with FC = 0x52 XPK-ID = CSK-ID |
||
KeyInfo |
||||
KeyName |
base64 encoded CSK-ID |
5.5.13.2 XML <EncryptedData> element for encryption of XML element content
Table 5.5.13.2-1: XML <EncryptedData> element from the UE
Derivation Path: XML Encryption Syntax, Version 1.1 [108] clause 9.1 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
EncryptedData |
||||
Type attribute |
"http://www.w3.org/2001/04/xmlenc#Content" if present |
|||
EncryptionMethod |
if present |
|||
Algorithm attribute |
"http://www.w3.org/2009/xmlenc11#aes128-gcm" |
|||
KeyInfo |
if present |
|||
KeyName |
base64 encoded CSK-ID |
The CSK-ID is provided by the UE at CSK distribution |
||
CipherData |
||||
CipherValue |
encrypted XML element content |
The encryption key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with FC = 0x51 XPK-ID = CSK-ID |
TS 33.180 [94] clause 9.3.4.2 |
Table 5.5.13.2-2: XML <EncryptedData> element from the SS
Derivation Path: XML Encryption Syntax, Version 1.1 [108] clause 9.1 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
EncryptedData |
||||
Type attribute |
"http://www.w3.org/2001/04/xmlenc#Content" |
|||
EncryptionMethod |
||||
Algorithm attribute |
"http://www.w3.org/2009/xmlenc11#aes128-gcm" |
|||
KeyInfo |
||||
KeyName |
base64 encoded CSK-ID |
The CSK-ID is provided by the UE at CSK distribution |
||
CipherData |
||||
CipherValue |
encrypted XML element content |
The encryption key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with FC = 0x51 XPK-ID = CSK-ID |
TS 33.180 [94] clause 9.3.4.2 |
5.5.13.3 Encrypted XML URI attribute
Table 5.5.13.3-1: Encrypted XML URI attribute
Delivery Path: RFC 3261 [22] clause 19.1 |
||||
Information Element |
Value/remark |
Comment |
Reference |
Condition |
SIP URI |
||||
scheme |
"sip" |
|||
user |
semicolon separated list of: |
TS 24.379 [9] clause 6.6.2.3.4 |
||
base64 encoded encrypted URI |
The encryption key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with FC = 0x51 XPK-ID = CSK-ID |
|||
"iv=" & base64 encoded 96-bit random initialisation vector (IV) |
IV as used by AES-128 encryption algorithm |
|||
"key-id=" & base64 encoded encryption key identifier (XPK-ID) |
with XPK-ID = CSK-ID |
|||
"alg=128-aes-gcm" |
AES-128 encryption algorithm |
|||
password |
not present |
|||
host |
"mc1-encryption.3gppnetwork.org" |
TS 24.379 [9] clause 6.6.2.3.4; TS 23.003 [69] clause 26.2 |
||
port |
not present |
|||
uri parameters |
not present |
|||
headers |
not present |