Export (0) Print
Expand All

4.6 Crypto Binding

The client sends an SSTP_MSG_CALL_CONNECT_REQUEST that encapsulates the PPP protocol. The actual data bytes are as follows.

10 01 00 0E 00 01 00 01 00 01 00 06 00 01 

The details for the packet are as follows.

  • Version: 0x10 (Major Version: 0x1, Minor Version: 0x0)

  • C: 1 (Control Packet)

  • Length: 0x00E

  • Message Type: 0x0001 (SSTP_MSG_CALL_CONNECT_REQUEST)

  • Num Attributes: 0x0001

  • Attribute 1:

    • Attribute ID: 0x01 (SSTP_ATTRIB_ENCAPSULATED_PROTOCOL_ID)

    • Length: 0x006

    • Value: 0x0001 (SSTP_ENCAPSULATED_PROTOCOL_PPP)

The server responds to the client with SSTP_MSG_CALL_CONNECT_ACK. In this case, the server supports only the SHA256 hash algorithm for crypto binding. The actual data bytes are as follows.

10 01 00 30 00 02 00 01 00 04 00 28 00 00 00 02 
41 2B 48 9A EB D7 EC C7 D0 89 66 F2 6B E7 CD 72 
B2 31 A0 E9 21 0D 7C 91 B3 08 86 2B 03 44 C4 35 

The details are as follows.

  • Version: 0x10 (Major Version: 0x1, Minor Version: 0x0)

  • C: 1 (Control Packet)

  • Length: 0x030

  • Message Type: 0x0002 (SSTP_MSG_CALL_CONNECT_ACK)

  • Num Attributes: 0x0001

  • Attribute 1:

    • ID: 0x04 (SSTP_ATTRIB_CRYPTO_BINDING_REQ)

    • Length: 0x028

    • Value:

      • Protocol Bitmask: 0x02 (CERT_HASH_PROTOCOL_SHA256)

      • Nonce:

    41 2B 48 9A EB D7 EC C7 D0 89 66 F2 6B E7 CD 72 
    B2 31 A0 E9 21 0D 7C 91 B3 08 86 2B 03 44 C4 35 
    

The client continues with the PPP negotiation after receiving the preceding message. When PPP authentication is finished, the client completes the crypto binding by sending an SSTP_MSG_CALL_CONNECTED message. The data bytes that are transmitted in this scenario are as follows.

10 01 00 70 00 04 00 01 00 03 00 68 00 00 00 02 
41 2B 48 9A EB D7 EC C7 D0 89 66 F2 6B E7 CD 72 
B2 31 A0 E9 21 0D 7C 91 B3 08 86 2B 03 44 C4 35 
79 93 EF 31 4C 49 3D AC E9 F0 2D 60 E7 E6 1C 84 
B6 69 0A AF E9 D7 AE EA 92 CB BE 8A D5 99 42 2D 
52 A6 8E FD 8C FF BF 52 77 0B 8F 0F E8 EC 73 71 
65 83 AF 6D 61 1E B6 D1 79 B3 B2 08 40 98 54 49 

The computation of Compound MAC is done based on the following.

Higher-Layer Authentication Key (HLAK):

2A 1B B4 0D 55 AB 0F 5E F3 2F 06 F2 B3 CC 73 C4  
8F D3 FA C4 1D 7A 13 15 A1 92 28 D9 02 4C A1 64

The hash of the certificate that is provided by the server is as follows.

79 93 EF 31 4C 49 3D AC E9 F0 2D 60 E7 E6 1C 84 
B6 69 0A AF E9 D7 AE EA 92 CB BE 8A D5 99 42 2D 

The details of the packet that is sent are as follows.

  • Version: 0x10 (Major Version: 0x1, Minor Version: 0x0)

  • C: 1 (Control Packet)

  • Length: 0x070

  • Message Type: 0x0004 (SSTP_MSG_CALL_CONNECTED)

  • Num Attributes: 0x0001

  • Attribute 1:

    • Attribute ID: 0x03 (SSTP_ATTRIB_CRYPTO_BINDING)

    • Length: 0x068

    • Value:

      • Hash Protocol Bitmask: 0x02 (CERT_HASH_PROTOCOL_SHA256)

      • Nonce:

        41 2B 48 9A EB D7 EC C7 D0 89 66 F2 6B E7 CD 72 
        B2 31 A0 E9 21 0D 7C 91 B3 08 86 2B 03 44 C4 35 
        
      • Certificate Hash:

        79 93 EF 31 4C 49 3D AC E9 F0 2D 60 E7 E6 1C 84 
        B6 69 0A AF E9 D7 AE EA 92 CB BE 8A D5 99 42 2D 
        
      • Compound MAC:

        52 A6 8E FD 8C FF BF 52 77 0B 8F 0F E8 EC 73 71 
        65 83 AF 6D 61 1E B6 D1 79 B3 B2 08 40 98 54 49 
        

In this example, the server uses a SHA1 hash for crypto binding. The following is a sample SSTP_MSG_CALL_CONNECT_ACK in this scenario.

10 01 00 30 00 02 00 01 00 04 00 28 00 00 00 01 
0F 1A 2D 58 D4 A3 E3 00 0F AD 3C E4 90 6E 07 B7 
07 AA 9E 44 1C CE AC 5C BD 7B 2C C1 C9 D8 6C DF 

The details of the packet are as follows.

  • Version: 0x10 (Major Version: 0x1, Minor Version: 0x0)

  • C: 1 (Control Packet)

  • Length: 0x030

  • Message Type: 0x0002 (SSTP_MSG_CALL_CONNECT_ACK)

  • Num Attributes: 0x0001

  • Attribute 1:

    • Attribute ID: 0x04 (SSTP_ATTRIB_CRYPTO_BINDING_REQ)

    • Length: 0x028

    • Value:

      • Hash Protocol Bitmask: 0x01 (CERT_HASH_PROTOCOL_SHA1)

      • Nonce:

        0F 1A 2D 58 D4 A3 E3 00 0F AD 3C E4 90 6E 07 B7 
        07 AA 9E 44 1C CE AC 5C BD 7B 2C C1 C9 D8 6C DF 
        

For this SSTP_MSG_CALL_CONNECT_ACK, the following shows a valid crypto binding completion via the SSTP_MSG_CALL_CONNECTED message.

10 01 00 70 00 04 00 01 00 03 00 68 00 00 00 01 
0F 1A 2D 58 D4 A3 E3 00 0F AD 3C E4 90 6E 07 B7 
07 AA 9E 44 1C CE AC 5C BD 7B 2C C1 C9 D8 6C DF 
58 26 B6 29 BD A5 9B 8E 6F D8 DC D2 62 2F D3 4C 
53 48 05 A5 00 00 00 00 00 00 00 00 00 00 00 00 
69 91 5D D5 83 D8 06 2F EF 16 F6 1D B2 F0 32 90 
EC 27 CB 6C 00 00 00 00 00 00 00 00 00 00 00 00 

The compound MAC is computed based on the following values for HLAK and certificate hash.

Higher-Layer Authentication Key (HLAK):

4B 31 28 F4 39 25 D9 00-6E EF B1 C4 E8 65 15 A1  
D8 8E 56 BA B3 CA 2B DF-03 73 B7 F5 A8 A1 3B 19

The hash of the certificate that is provided by the server is as follows.

58 26 B6 29 BD A5 9B 8E 6F D8 DC D2 62 2F D3 4C 
53 48 05 A5 

The details of the packet are as follows.

  • Version: 0x10 (Major Version: 0x1, Minor Version: 0x0)

  • C: 1 (Control Packet)

  • Length: 0x070

  • Message Type: 0x0004 (SSTP_MSG_CALL_CONNECTED)

  • Num Attributes: 0x0001

  • Attribute 1:

    • Attribute ID: 0x03 (SSTP_ATTRIB_CRYPTO_BINDING)

    • Length: 0x068

    • Value:

      • Hash Protocol Bitmask: 0x01 (CERT_HASH_PROTOCOL_SHA1)

      • Nonce:

        0F 1A 2D 58 D4 A3 E3 00 0F AD 3C E4 90 6E 07 B7 
        07 AA 9E 44 1C CE AC 5C BD 7B 2C C1 C9 D8 6C DF 
        
      • Certificate Hash:

        58 26 B6 29 BD A5 9B 8E 6F D8 DC D2 62 2F D3 4C 
        53 48 05 A5 
        
      • Compound MAC:

        69 91 5D D5 83 D8 06 2F EF 16 F6 1D B2 F0 32 90 
        EC 27 CB 6C
        
 
Show:
© 2014 Microsoft