Partager via


2.2.1.3.2 NL_AUTH_SIGNATURE

The NL_AUTH_SIGNATURE structure is a security token that defines the authentication signature used by Netlogon to execute Netlogon methods over a secure channel. It follows the security trailer that a security provider MUST associate with a signed or encrypted message. A security trailer or sec_trailer structure ([MS-RPCE] section 2.2.2.11) has syntax equivalent to the auth_verifier_co_t structure, as specified in "Common Authentication Verifier Encodings" in [C706] section 13.2.6.1. When Netlogon is functioning as its own SSP for the RPC connection, this structure contains the signature, a sequence number, and if encryption is requested, a confounder. See section 3.3.4.2.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SignatureAlgorithm

SealAlgorithm

Pad

Flags

SequenceNumber

...

Checksum

...

Confounder

...

SignatureAlgorithm (2 bytes): A 16-bit little-endian integer that identifies the algorithm that is used for signature computation. The only supported signature algorithm is HMAC-MD5, as specified in [RFC2104]. The SignatureAlgorithm field MUST contain the following value.

Value

Meaning

0x0077

The packet is signed using HMAC-MD5.

SealAlgorithm (2 bytes): A 16-bit little-endian integer that identifies the algorithm used for encryption. The only supported encryption algorithm is RSA-RC4 (for more information about RC4, see [SCHNEIER] section 17.1). The SealAlgorithm field MUST contain one of the following values.

Value

Meaning

0xFFFF

The packet is not encrypted.

0x007A

The packet is encrypted using RC4.

Pad (2 bytes): A 2-byte padding field. Both bytes MUST be set to 0xFF.

Flags (2 bytes): Specifies properties of the structure. No flags are currently defined. Both bytes MUST be set to zero and MUST be ignored on receipt.

SequenceNumber (8 bytes): A 64-bit little-endian integer containing the sequence number of the RPC message. For more details about how to calculate the SequenceNumber, see section 3.3.4.2.1.

Checksum (8 bytes): A 64-bit value containing the final checksum of the signature and the RPC message. For more details about how to calculate the checksum, see section 3.3.4.2.1.

Confounder (8 bytes): A buffer used when the structure is used for encryption in addition to signing. The bytes are filled with random data that is used by the encryption algorithm. If the structure is used only for signing, the confounder is not included. For details about the confounder and encrypting the data, see section 3.3.4.2.1.