3.2.5.2 Packet Validation

The information specified in Security Header (section 2.2.2) MUST match the server security mode (section 3.1.1.1).

If the server security mode (section 3.1.1.1) is set to WDSMCTP_SEC_HASH, the client MUST compute the HMAC Hash of the packet (section 2.2.2.1), and the HMAC Hash specified in the Security Header of packet MUST match the value computed by the client.

If the server security mode (section 3.1.1.1) is set to WDSMCTP_SEC_SIGN, the client MUST use the RSA Public Key provided by WDS Multicast Session Initiation Protocol, as specified in [MS-WDSMSI], to validate Signature of the packet.

If the server security mode (section 3.1.1.1) is set to WDSMCTP_SEC_CHECKSUM, the client MUST compute the Checksum of the packet (section 2.2.2.3), and the Checksum specified in the Security Header of the packet MUST match the value computed by client.

If the server security mode (section 3.1.1.1) is set to WDSMCTP_SEC_NONE, then the packet MUST NOT have any security/validation information.

The SessionId field in Session Header (section 2.2.3) MUST match the SessionId (section 3.1.1.1).

Based on the OpCode field in Session Header (section 2.2.3), the client MUST validate remaining fields of the packet as specified in section 2.2.