2.2.2 SecConnectResponse
The SecConnectResponse message is sent by a relay server in response to a SecConnect message that the server received from the client. The message is encoded as a binary byte sequence in the AuthenticationToken field of the SSTP ConnectResponse command. The AuthenticationTokenLength field of the SSTP ConnectResponse command specifies the size in bytes of the binary byte sequence.
The relay server uses the SecConnectResponse message to respond to the previous SecConnect message only if the server already has the secret device key and has successfully verified the device nonce and the HMAC from the SecConnect message. If the server does not have registration information for the connecting device, it MUST send a SecConnectResponseDeviceRegistrationNeeded message as a response to the SecConnect message.
The SecConnectResponse message fields are shown in the following table.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
MajorVersionNumber |
MinorVersionNumber |
MessageID |
IVLength |
||||||||||||||||||||||||||||
|
... |
IV (variable) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
HMACLength |
HMAC (variable) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
DeviceNonceLength |
DeviceNonce (variable) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
EncryptedRelayNonceLength |
EncryptedRelayNonce (variable) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
MajorVersionNumber (1 byte): This field specifies the SSTP Security protocol major version number of the sending relay server.
MinorVersionNumber (1 byte): This field specifies the SSTP Security protocol minor version number of the sending relay server.
MessageID (1 byte): This field is a numerical message identifier, and MUST be set to "SecConnectResponseMsgId" for the SecConnectResponse message.
IVLength (2 bytes): This field specifies the length in bytes of the IV field.
IV (variable): This field is a randomly generated block of binary data that has been used as an initialization vector (IV) in encrypting a relay nonce saved in the EncryptedRelayNonce field.
HMACLength (2 bytes): This field specifies the length in bytes of the HMAC field.
HMAC (variable): This field contains a keyed hash message authentication code that is calculated as follows:
Apply the SHA1 algorithm [RFC3174] to the concatenation of the following elements in order:
SecConnectReponseMsgId
device URL
ServerCertificateFingerprint
RelayNonce
Apply the HMAC-SHA1 algorithm [RFC4634] to the hash value produced in step 1 with the secret device key.
Where SecConnectResponseMsgId is the 1-byte message identifier as in the SecConnectResponse message header, device URL is a null-terminated ANSI string that uniquely identifies the client device, ServerCertificateFingerprint is the server certificate fingerprint as calculated in section 3.1.1.2, and RelayNonce is a random number of 24 bytes in length, which the server has newly generated.
DeviceNonceLength (2 bytes): This field specifies the length in bytes of the DeviceNonce field.
DeviceNonce (variable): This field contains the decrypted device nonce from the SecConnect message that the server has previously received from the client. The server MUST use the MARC4 cipher as specified in section 3.1.1.4, to decrypt the nonce.
EncryptedRelayNonceLength (2 bytes): This field specifies the length in bytes of the EncryptedRelayNonce field.
EncryptedRelayNonce (variable): This field contains a relay nonce that the server has newly generated and encrypted using the MARC4 cipher as specified in section 3.1.1.4, with the IV and the secret device key. The server sends this encrypted nonce to challenge the client about its knowledge of the secret device key.