Compartir a través de


3.4.5.2 SIGNKEY

If extended session security is not negotiated (section 2.2.2.5), then no signing keys are available and message signing is not supported.

If extended session security is negotiated, the signing key is a 128-bit value that is calculated as follows from the random session key and the null-terminated ASCII constants shown.

Input:

  • ExportedSessionKey - A randomly generated session key.

  • NegFlg - Defined in section 3.1.1.

  • Mode - An enum that defines the local machine performing the computation.  Mode always takes the value "Client" or "Server".

Output:

  • SignKey - The key used for signing messages.

Functions used:

  • ConcatenationOf(), MD5(), NIL - Defined in section 6.

      
     Define SIGNKEY(NegFlg, ExportedSessionKey, Mode) as
     If (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag is set in NegFlg) 
          If (Mode equals "Client")
               Set SignKey to MD5(ConcatenationOf(ExportedSessionKey, 
               "session key to client-to-server signing key magic  
               constant"))
          Else
               Set SignKey to MD5(ConcatenationOf(ExportedSessionKey, 
               "session key to server-to-client signing key magic
               constant"))
          Endif
     Else 
          Set  SignKey to NIL
     Endif
     EndDefine