2.2.8.1.1.2.3 FIPS (TS_SECURITY_HEADER2)
The TS_SECURITY_HEADER2 structure extends the Basic Security Header (section 2.2.8.1.1.2.1) and is used to store padding information and a 64-bit Message Authentication Code.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
flags |
flagsHi |
||||||||||||||||||||||||||||||
|
length |
version |
padlen |
|||||||||||||||||||||||||||||
|
dataSignature |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
flags (2 bytes): A 16-bit, unsigned integer that contains security flags as specified in section 2.2.8.1.1.2.1.
flagsHi (2 bytes): A 16-bit, unsigned integer. This field is reserved for future use. It is currently unused and all values are ignored. This field MUST contain valid data only if the SEC_FLAGSHI_VALID bit (0x8000) is set in the flags field. If this bit is not set, the flagsHi field is uninitialized and MAY contain random data.
length (2 bytes): A 16-bit, unsigned integer. The length of the FIPS security header. This field MUST be set to 0x0010 (16 bytes).
version (1 byte): An 8-bit, unsigned integer. The version of the FIPS header. This field SHOULD be set to TSFIPS_VERSION1 (0x01).
padlen (1 byte): An 8-bit, unsigned integer. The number of padding bytes of padding appended to the end of the packet prior to encryption to make sure that the data to be encrypted is a multiple of the 3DES block size (that is, a multiple of 8 because the block size is 64 bits).
dataSignature (8 bytes): A 64-bit Message Authentication Code generated by using the techniques specified in section 5.3.6.2.