XMLDSIG Working Group Grigorij Chudov, CRYPTO-PRO Internet Draft Serguei Leontiev, CRYPTO-PRO Expires October 7, 2004 April 7, 2004 Intended Category: Informational Using algorithms GOST R 34.10-2001, GOST R 34.10-94 and GOST R 34.11-94 for XML Digital Signatures Status of this Memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or made obsolete by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Abstract This document specifies how to use Russian national cryptographic standards GOST R 34.10-2001, GOST R 34.10-94 and GOST R 34.11-94 digital signatures and public keys with XML Signatures [XMLDSIG]. The mechanism specified provides integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or included by reference. Table of Contents 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . 2 2 GOST R 34.10-94/2001. . . . . . . . . . . . . . . . . . . 3 3 Specifying GOST within XMLDSIG. . . . . . . . . . . . . . 3 3.1 Version, Namespaces and Identifiers . . . . . . . . . . . 3 Chudov, Leontiev Informational [Page 1] Internet-Draft Using GOST for XML Digital Signatures April 2004 3.2 XML Schema Preamble and DTD Replacement . . . . . . . . . 3 3.2.1 XML Schema Preamble . . . . . . . . . . . . . . . . . . . 3 3.2.2 DTD Replacement . . . . . . . . . . . . . . . . . . . . . 3 3.3 SignatureMethod Algorithms. . . . . . . . . . . . . . . . 3 3.3.1 Public Key Signature Algorithms . . . . . . . . . . . . . 3 3.3.2 Message Authentication Code Algorithms. . . . . . . . . . 3 3.4 DigestMethod Algorithms . . . . . . . . . . . . . . . . . 4 3.5 GOST Key Values . . . . . . . . . . . . . . . . . . . . . 4 3.5.1 Key Value Root Element. . . . . . . . . . . . . . . . . . 4 3.5.2 GOST Parameters . . . . . . . . . . . . . . . . . . . . . 4 4 Security Considerations . . . . . . . . . . . . . . . . . 8 Appendix A: Aggregate XML Schema. . . . . . . . . . . . . . . . 9 Appendix B: Aggregate DTD . . . . . . . . . . . . . . . . . . . 9 References. . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 12 Author's Addresses. . . . . . . . . . . . . . . . . . . . . . . 12 Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 14 1 Introduction This document specifies how to use GOST R 34.10-2001, GOST R 34.10-94 and GOST R 34.11-94 digital signatures and public keys with XML Signatures [XMLDSIG]. Therein only two digital signature methods are defined: RSA signatures and DSA (DSS) signatures, one message digest method: SHA-1 and one message authentification method: HMAC-SHA1. This document introduces GOST R 34.10-94/2001 signatures as additional methods. This document uses both XML Schemas [XML-schema] (normative) and DTDs [XML] (informational) for specifying the corresponding XML structures. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. 2 GOST R 34.10-94/2001 Algorithms GOST R 34.10-94, GOST R 34.10-2001 and GOST R 34.11-94 have been developed by Russian Federal Agency of Governmental Communication and Information (FAGCI) and "All-Russian Scientific and Research Institute of Standardization". They are described in [GOSTR341094], [GOSTR34102001] and [GOSTR341194]. Recomended parameters for those algorithms are described in [CPALGS]. The only hash function used with GOST R 34.10-94/2001 is GOST R 34.11-94. Chudov, Leontiev Informational [Page 2] Internet-Draft Using GOST for XML Digital Signatures April 2004 3 Specifying GOST within XMLDSIG This section specifies the details of how to use GOST algorithms with XML Signature Syntax and Processing [XMLDSIG]. It relies heavily on the syntax and namespace defined in [XMLDSIG]. 3.1 Version, Namespaces and Identifiers This specification makes no provision for an explicit version number in the syntax. If a future version is needed, it will use a different namespace. The XML namespace [XML-ns] URI that MUST be used by implementations of this (dated) specification is: http://www.w3.org/2001/04/xmldsig-more# Elements in the namespace of the [XMLDSIG] specification are marked as such by using the namespace prefix "dsig" in the remaining sections of this document. 3.2 XML Schema Preamble and DTD Replacement 3.2.1 XML Schema Preamble The subsequent preamble is to be used with the XML Schema definitions given in the remaining sections of this document. 3.2.2 DTD Replacement In order to include GOST in XML-signature syntax, the following definition of the entity Key.ANY SHOULD replace the one in [XMLDSIG]: 3.3 SignatureMethod Algorithms 3.3.1 Public Key Signature Algorithms The input to the GOST R 34.10-94/2001 algorithms is the canonicalized representation of the dsig:SignedInfo element as specified in Section Chudov, Leontiev Informational [Page 3] Internet-Draft Using GOST for XML Digital Signatures April 2004 3 of [XMLDSIG]. The output consists of a pair of integers usually referred by the pair (r, s). The signature value (text value of element dsig:SignatureValue - see section 4.2 of [XMLDSIG]) consists of the base64 encoding of the concatenation of two octet-streams that respectively result from the octet-encoding of the values r and s. This concatenation is described in section 2.2 of [CPPK]. The identifier for the GOST R 34.10-94 signature algorithm is: http://www.w3.org/2001/04/xmldsig-more#gostr341094-gostr3411 The identifier for the GOST R 34.10-2001 signature algorithm is: http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411 3.3.2 Message Authentication Code Algorithms GOST R 34.11-94 can also be used in HMAC as described in section 2.2.1 of [XMLURI] for HMAC-MD5. Identifier: http://www.w3.org/2001/04/xmldsig-more#hmac-gostr3411 3.4 DigestMethod Algorithms The identifier for the GOST R 34.11-94 digest algorithm is: http://www.w3.org/2001/04/xmldsig-more#gostr3411 GOST R 34.11-94 digest is a 256-bit string. The content of the DigestValue element shall be the base64 encoding of this bit string viewed as a 32-octet octet stream. 3.5 GOST Key Values The syntax used for GOST key values closely follows the ASN.1 syntax defined in [CPPK]. 3.5.1 Key Value Root Element Elements GOST3410-94-KeyValue and GOST3410-2001-KeyValue are used for encoding GOST public keys. For use with XMLDSIG simply use these elements inside dsig:KeyValue, such as the predefined elements dsig:RSAKeyValue or dsig:DSAKeyValue. The elements consist of an optional subelement Parameters and the mandatory subelement PublicKey. If Parameters are missing in an instance, this means that the application knows about them from other means (implicitly). Chudov, Leontiev Informational [Page 4] Internet-Draft Using GOST for XML Digital Signatures April 2004 Schema Definition: DTD Definition: 3.5.2 GOST Parameters Gost paramaters contain three OIDs: publicKeyParamSet, digestParamSet and optional encryptionParamSet. Parameter values, corresponding to these OIDs, can be found in [CPALGS]. Schema Definition: Chudov, Leontiev Informational [Page 5] Internet-Draft Using GOST for XML Digital Signatures April 2004 DTD Definition: 4 Security Considerations It is RECCOMENDED, that applications verify signature values and subject public keys to conform to [GOSTR34102001], [GOSTR341094] standards prior to their use. For security discussion concerning use of algorithm parameters, see section Security Considerations from [CPALGS]. Appendix A: Aggregate XML Schema Chudov, Leontiev Informational [Page 6] Internet-Draft Using GOST for XML Digital Signatures April 2004 Chudov, Leontiev Informational [Page 7] Internet-Draft Using GOST for XML Digital Signatures April 2004 Appendix B: Aggregate DTD References [GOSTR341094] "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signatures based on Asymmetric Cryptographic Algo- rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of Russian Federation, Government Committee of the Rus- sia for Standards, 1994. (In Russian); [GOSTR34102001] "Information technology. Cryptographic Data Secu- rity.Signature and verification processes of [elec- tronic] digital signature.", GOST R 34.10-2001, Gosu- darstvennyi Standard of Russian Federation, Govern- ment Committee of the Russia for Standards, 2001. (In Russian); [GOSTR341194] "Information technology. Cryptographic Data Security. Hashing function.", GOST R 34.10-94, Gosudarstvennyi Standard of Russian Federation, Government Committee of the Russia for Standards, 1994. (In Russian); Chudov, Leontiev Informational [Page 8] Internet-Draft Using GOST for XML Digital Signatures April 2004 [RFC 2119] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [XMLDSIG] Eastlake, D., Reagle, J., and Solo, D., XML-Signature Syntax and Processing. W3C Recommendation, February 2002. http://www.w3.org/TR/2002/REC-xmldsig- core-20020212/ [XML-schema] Beech, D., Maloney, M., Mendelsohn, N., and Thompson, H., XML Schema Part 1: Structures, W3C Recommenda- tion, May 2001. http://www.w3.org/TR/2001/REC- xmlschema-1-20010502/ Biron, P., and Malhotra, A., ML Schema Part 2: Datatypes, W3C Recommendation, May 2001. http://www.w3.org/TR/2001/REC- xmlschema-2-20010502/ [XMLURI] Donald E. Eastlake 3rd "Additional XML Security URIs", draft-eastlake-xmldsig-uri-05.txt [CPALGS] V. Popov, I. Kurepkin, S. Leontiev "Additional cryp- tographic algorithms for use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algorithms.", draft-popov-cryptopro-cpalgs-01.txt [CPPK] S. Leontiev, D. Shefanovskij, "Algorithms and Identi- fiers for the Internet X.509 Public Key Infrastruc- ture Certificates and Certificate Revocation List (CRL), corresponding to the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94", draft- ietf-pkix-gost-cppk-01.txt Acknowledgments This document was created in accordance with "Russian Cryptographic Software Compatibility Agreement", signed by FGUE STC "Atlas", CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI), Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual compatibility of the products and solutions. The authors wish to thank: Microsoft Corporation Russia for provided information about Chudov, Leontiev Informational [Page 9] Internet-Draft Using GOST for XML Digital Signatures April 2004 company products and solutions, and also for technical consulting in PKI. RSA Security Russia and Demos Co Ltd for active colaboration and critical help in creation of this document. NIP Informzachita for compatibility testing of the proposed data formats while incorporating them into company products. Citrix Inc for help in compatibility testing Citrix products for Microsoft Windows. Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative, creating this document. This document is based on a contribution of CRYPTO-PRO company. Any substantial use of the text from this document must acknowledge CRYPTO-PRO. CRYPTO-PRO requests that all material mentioning or referencing this document identify this as "CRYPTO-PRO CPTLS". Author's Addresses Serguei Leontiev CRYPTO-PRO 38, Obraztsova, Moscow, 127018, Russian Federation EMail: lse@cryptopro.ru Grigorij Chudov CRYPTO-PRO 38, Obraztsova, Moscow, 127018, Russian Federation EMail: chudov@cryptopro.ru Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of Chudov, Leontiev Informational [Page 10] Internet-Draft Using GOST for XML Digital Signatures April 2004 developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Chudov, Leontiev Informational [Page 11]