Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The sealing key function produces an encryption key from the random session key and the null-terminated ASCII constants shown.
If extended session security is negotiated, the sealing key has either 40, 56, or 128 bits of entropy stored in a 128-bit value.
If extended session security is not negotiated, the sealing key has either 40 or 56 bits of entropy stored in a 64-bit value.
Note The MD5 hashes completely overwrite and fill the 64-bit or 128-bit value.
Input:
ExportedSessionKey - A randomly generated session key.
NegFlg - Defined in section 3.1.1.
Mode - An enum that defines the local machine performingthe computation.Mode always takes the value "Client" or "Server".
Output:
SealKey - The key used for sealing messages.
Functions used:
ConcatenationOf(), MD5() - Defined in section 6.
Define SEALKEY(NegFlg, ExportedSessionKey, Mode) as If (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag is set in NegFlg) If ( NTLMSSP_NEGOTIATE_128 is set in NegFlg) Set SealKey to ExportedSessionKey ElseIf ( NTLMSSP_NEGOTIATE_56 flag is set in NegFlg) Set SealKey to ExportedSessionKey[0..6] Else Set SealKey to ExportedSessionKey[0..4] Endif If (Mode equals "Client") Set SealKey to MD5(ConcatenationOf(SealKey, "session key to client-to-server sealing key magic constant")) Else Set SealKey to MD5(ConcatenationOf(SealKey, "session key to server-to-client sealing key magic constant")) Endif ElseIf ( (NTLMSSP_NEGOTIATE_LM_KEY is set in NegFlg) or ( (NTLMSSP_NEGOTIATE_DATAGRAM is set in NegFlg) and (NTLMRevisionCurrent >= NTLMSSP_REVISION_W2K3) ) ) If (NTLMSSP_NEGOTIATE_56 flag is set in NegFlg) Set SealKey to ConcatenationOf(ExportedSessionKey[0..6], 0xA0) Else Set SealKey to ConcatenationOf(ExportedSessionKey[0..4], 0xE5, 0x38, 0xB0) EndIf Else Set SealKey to ExportedSessionKey Endif EndDefine