3.4.2 Message Integrity

  • Article

The function to sign a message MUST be calculated as follows:

 -- Input: 
 --   SigningKey - The key used to sign the message.
 --   Message - The message being sent between the client and server.
 --   SeqNum - Defined in section 3.1.1.
 --   Handle - The handle to a key state structure corresponding to
 --   the current state of the SealingKey
 --
 -- Output:      Signed message
 --   Functions used: 
 --   ConcatenationOf() - Defined in Section 6.
 --   MAC() - Defined in sections 3.4.4.1 and 3.4.4.2.
  
 Define SIGN(Handle, SigningKey, SeqNum, Message) as
 ConcatenationOf(Message, MAC(Handle, SigningKey, SeqNum, Message))
 EndDefine

The format of the message integrity data that is appended to each message for signing and sealing purposes is defined by the NTLMSSP_MESSAGE_SIGNATURE structure (section 2.2.2.9).

Note If the client is sending the message, the signing key is the one that the client calculated. If the server is sending the message, the signing key is the one that the server calculated. The same is true for the sealing key. The sequence number can be explicitly provided by the application protocol or by the NTLM security service provider. If the latter is chosen, the sequence number is initialized to zero and then incremented by one for each message sent.

On receipt, the message authentication code (MAC) value is computed and compared with the received value. If they differ, the message MUST be discarded (section 3.4.4).