5.5.13 Default XML messages and elements for XML security

36.579-13GPPMission Critical (MC) services over LTEPart 1: Common test environmentRelease 15TS

5.5.13.1 XML signature for integrity protection of MIME bodies

Table 5.5.13.1-1: XML signature MIME body from the UE

Derivation Path: TS 24.379 [9] annex F.6.2

Information Element

Value/remark

Comment

Reference

Condition

Signatures

list of N signatures for the signed XML bodies of a SIP message

Signature [n]

n {1..N}

id

any value if present

SignedInfo

CanonicalizationAlgorithm

any value

canonicalisation method e.g. "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"

SignatureAlgorithm

"HMAC-SHA-256"

Hashing algorithm to be applied to sign the SignedInfo with the key given in the KeyInfo

Reference

URI

same value as the Content-ID of the XML MIME body the signature belongs to

DigestAlgorithm

"SHA-256"

Hashing algorithm to be applied to sign the data object

DigestValue

Hash signing the data object (referred to by the URI)

SignatureValue

Hash signing the SignedInfo

The signing key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with

FC = 0x52

XPK-ID = CSK-ID

KeyInfo

KeyName

base64 encoded CSK-ID

Table 5.5.13.1-2: XML signature MIME body from the SS

Derivation Path: TS 24.379 [9] annex F.6.2

Information Element

Value/remark

Comment

Reference

Condition

Signatures

list of N signatures for the signed XML bodies of a SIP message

Signature [n]

n {1..N}

id

"signature" & n

SignedInfo

CanonicalizationAlgorithm

"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"

canonicalisation method

SignatureAlgorithm

"HMAC-SHA-256"

Hashing algorithm to be applied to sign the SignedInfo with the key given in the KeyInfo

Reference

URI

same value as the Content-ID of the XML MIME body the signature belongs to

DigestAlgorithm

"SHA-256"

Hashing algorithm to be applied to sign the data object

DigestValue

Hash signing the data object (referred to by the URI)

SignatureValue

Hash signing the SignedInfo

The signing key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with

FC = 0x52

XPK-ID = CSK-ID

KeyInfo

KeyName

base64 encoded CSK-ID

5.5.13.2 XML <EncryptedData> element for encryption of XML element content

Table 5.5.13.2-1: XML <EncryptedData> element from the UE

Derivation Path: XML Encryption Syntax, Version 1.1 [108] clause 9.1

Information Element

Value/remark

Comment

Reference

Condition

EncryptedData

Type attribute

"http://www.w3.org/2001/04/xmlenc#Content" if present

EncryptionMethod

if present

Algorithm attribute

"http://www.w3.org/2009/xmlenc11#aes128-gcm"

KeyInfo

if present

KeyName

base64 encoded CSK-ID

The CSK-ID is provided by the UE at CSK distribution

CipherData

CipherValue

encrypted XML element content

The encryption key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with

FC = 0x51

XPK-ID = CSK-ID

TS 33.180 [94] clause 9.3.4.2

Table 5.5.13.2-2: XML <EncryptedData> element from the SS

Derivation Path: XML Encryption Syntax, Version 1.1 [108] clause 9.1

Information Element

Value/remark

Comment

Reference

Condition

EncryptedData

Type attribute

"http://www.w3.org/2001/04/xmlenc#Content"

EncryptionMethod

Algorithm attribute

"http://www.w3.org/2009/xmlenc11#aes128-gcm"

KeyInfo

KeyName

base64 encoded CSK-ID

The CSK-ID is provided by the UE at CSK distribution

CipherData

CipherValue

encrypted XML element content

The encryption key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with

FC = 0x51

XPK-ID = CSK-ID

TS 33.180 [94] clause 9.3.4.2

5.5.13.3 Encrypted XML URI attribute

Table 5.5.13.3-1: Encrypted XML URI attribute

Delivery Path: RFC 3261 [22] clause 19.1

Information Element

Value/remark

Comment

Reference

Condition

SIP URI

scheme

"sip"

user

semicolon separated list of:

TS 24.379 [9] clause 6.6.2.3.4

base64 encoded encrypted URI

The encryption key is derived from the CSK according to TS 33.180 [94] Annex F.1.4 with

FC = 0x51

XPK-ID = CSK-ID

"iv=" & base64 encoded 96-bit random initialisation vector (IV)

IV as used by AES-128 encryption algorithm

"key-id=" & base64 encoded encryption key identifier (XPK-ID)

with XPK-ID = CSK-ID

"alg=128-aes-gcm"

AES-128 encryption algorithm

password

not present

host

"mc1-encryption.3gppnetwork.org"

TS 24.379 [9] clause 6.6.2.3.4;

TS 23.003 [69] clause 26.2

port

not present

uri parameters

not present

headers

not present