2.2.2.1 Packet Hashing

The Hash for the packet is computed after the packet has been fully constructed and before the SecurityData field is updated. The Hash MUST be computed using the Session Header, Packet-specific Section and Extended Options. The computation for the Hash of the packet MUST NOT include the Security Header.

The Hash MUST be calculated for the packet using the cryptographic algorithm specified by HashAlgId in [MS-WDSMSI] section 2.2.1.

The resulting Hash MUST be used along with the HashKey Cryptographic Key (defined in [MS-WDSMSI] section 3.1.1.3) and the HMACAlgId cryptographic algorithm (defined in [MS-WDSMSI] section 3.1.1.3) to compute the HMAC Hash for the packet.

The resulting HMAC Hash for the packet MUST be treated as binary data, and a network byte order transformation MUST NOT be performed.