Export (0) Print
Expand All

3.4.5.2 SIGNKEY

If extended session security is not negotiated (section 2.2.2.5), then no signing keys are available and message signing is not supported.

If extended session security is negotiated, the signing key is a 128-bit value that is calculated as follows from the random session key and the null-terminated ASCII constants shown.

-- Input:     
--   ExportedSessionKey - A randomly generated session key.
--   NegFlg - Defined in section 3.1.1.
--   Mode - An enum that defines the local machine performing
     the computation.  
     Mode always takes the value "Client" or "Server".
--
-- Output:     
--   SignKey - The key used for signing messages.
--
-- Functions used: 
--   ConcatenationOf(), MD5(), NIL - Defined in Section 6.

Define SIGNKEY(NegFlg, ExportedSessionKey, Mode) as
If (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag is set in NegFlg) 
     If (Mode equals "Client")
          Set SignKey to MD5(ConcatenationOf(ExportedSessionKey, 
          "session key to client-to-server signing key magic  
          constant"))
     Else
          Set SignKey to MD5(ConcatenationOf(ExportedSessionKey, 
          "session key to server-to-client signing key magic
          constant"))
     Endif
Else 
     Set  SignKey to NIL
Endif
EndDefine
 
Show:
© 2015 Microsoft