2.2.8.1.1.2.3 FIPS (TS_SECURITY_HEADER2)

The TS_SECURITY_HEADER2 structure extends the Basic Security Header (section 2.2.8.1.1.2.1) and is used to store padding information and a 64-bit Message Authentication Code.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

flags

flagsHi

length

version

padlen

dataSignature

...

flags (2 bytes): A 16-bit, unsigned integer that contains security flags as specified in section 2.2.8.1.1.2.1.

flagsHi (2 bytes): A 16-bit, unsigned integer. This field is reserved for future use. It is currently unused and all values are ignored. This field MUST contain valid data only if the SEC_FLAGSHI_VALID bit (0x8000) is set in the flags field. If this bit is not set, the flagsHi field is uninitialized and MAY contain random data.

length (2 bytes): A 16-bit, unsigned integer. The length of the FIPS security header. This field MUST be set to 0x0010 (16 bytes).

version (1 byte): An 8-bit, unsigned integer. The version of the FIPS header. This field SHOULD be set to TSFIPS_VERSION1 (0x01).

padlen (1 byte): An 8-bit, unsigned integer. The number of padding bytes of padding appended to the end of the packet prior to encryption to make sure that the data to be encrypted is a multiple of the 3DES block size (that is, a multiple of 8 because the block size is 64 bits).

dataSignature (8 bytes): A 64-bit Message Authentication Code generated by using the techniques specified in section 5.3.6.2.

Show: