2.2.1 TSRequest

  • Article

The TSRequest structure is the top-most structure used by the CredSSP client and CredSSP server. It contains the SPNEGO tokens and MAY<7> contain Kerberos/NTLM messages that are passed between the client and server, and either the public key authentication messages that are used to bind to the TLS session or the client credentials that are delegated to the server. The TSRequest message is always sent over the TLS-encrypted channel between the client and server in a CredSSP Protocol exchange (see step 1 in section 3.1.5).<8><9> 

 TSRequest ::= SEQUENCE {
         version    [0] INTEGER,
         negoTokens [1] NegoData  OPTIONAL,
         authInfo   [2] OCTET STRING OPTIONAL,
         pubKeyAuth [3] OCTET STRING OPTIONAL,
         errorCode  [4] INTEGER OPTIONAL,
         clientNonce [5] OCTET STRING OPTIONAL
 }

version: An unsigned integer encoded as an ASN.1 INTEGER that specifies the supported version of the CredSSP Protocol. Valid values for this field are 2, 3, 4, 5, and 6.<10> If the version received is greater than the implementation understands, treat the peer as one that is compatible with the version of the CredSSP Protocol that the implementation understands.

negoTokens: A NegoData structure, as defined in section 2.2.1.1, that contains the SPNEGO tokens or Kerberos/NTLM messages that are passed between the client and server.

authInfo: A TSCredentials structure, as defined in section 2.2.1.2, encoded as an ASN.1 OCTET STRING that contains the user's credentials that are delegated to the server. The authInfo field MUST be encrypted under the encryption key that is negotiated under the SPNEGO package. The authInfo field carries the message signature and then the encrypted data.

pubKeyAuth: An encrypted public key encoded as an ASN.1 OCTET STRING. This field is used to assure that the public key that is used by the server during the TLS handshake belongs to the target server and not to a man-in-the-middle. This TLS session-binding is specified in section 3.1.5. After the client completes the SPNEGO phase of the CredSSP Protocol, it uses GSS_WrapEx() for the negotiated protocol to encrypt the server's public key. With version 4 or lower, the pubKeyAuth field carries the message signature and then the encrypted public key to the server. In response, the server uses the pubKeyAuth field to transmit to the client a modified version of the public key (as specified in section 3.1.5) that is encrypted under the encryption key that is negotiated under SPNEGO. In version 5 or higher, this field stores a computed hash of the public key.<11>

errorCode: A 32-bit value encoded as an ASN.1 INTEGER. If the negotiated protocol version is 3, 4, or 6, and the SPNEGO exchange fails on the server, this field SHOULD<12> be used to send the NTSTATUS failure code ([MS-ERREF] section 2.3) to the client so that it knows what failed and be able to display a descriptive error to the user.

clientNonce: A 32-byte array of cryptographically random bytes encoded as an ASN.1 OCTET STRING used to provide sufficient entropy during hash computation. This value is only used in version 5 or higher of this protocol.