3.1.4.26 R_KeyExchangePhase2 (Opnum 27)

  • Article

The R_KeyExchangePhase2 method receives the encrypted client session and hash keys in response to the R_KeyExchangePhase1 method and returns the encrypted server hash keys.

 HRESULT R_KeyExchangePhase2(
   [unique, in] IIS_CRYPTO_BLOB* pClientSessionKeyBlob,
   [unique, in] IIS_CRYPTO_BLOB* pClientHashBlob,
   [out] IIS_CRYPTO_BLOB** ppServerHashBlob
 );

pClientSessionKeyBlob: A pointer to an IIS_CRYPTO_BLOB structure containing the encrypted client session key.

pClientHashBlob: A pointer to an IIS_CRYPTO_BLOB structure containing the encrypted client hash key.

ppServerHashBlob: A pointer to a set of IIS_CRYPTO_BLOB structures containing the encrypted session hash keys.

Return Values: A signed 32-bit value that indicates return status. If the method returns a negative value, it failed. If the 12-bit facility code (bits 16–27) is set to 0x007, the value contains a Win32 error code in the lower 16 bits. Zero or positive values indicate success, with the lower 16 bits in positive nonzero values containing warnings or flags defined in the method implementation. For more information about Win32 error codes and HRESULT values, see [MS-ERREF].

Return value/code

Description

0x00000000

S_OK

The call was successful.

The opnum field value for this method is 27.

When the server receives the R_KeyExchangePhase2 method, it SHOULD check the state of the secure session. If the session negotiation has not started yet by processing the R_KeyExchangePhase1 method, the MD_ERROR_SECURE_CHANNEL_FAILURE error code MUST be returned back to client.

If any of the parameters sent by the client are empty, the server SHOULD return an E_INVALIDARG error code.

Upon successful validation, the server SHOULD perform the following steps:

  1. Decrypt the encrypted client's session key using the server's key exchange private key.

  2. Store the client's session key.

  3. Compute the hash of the following 3 values (in this order):

    1. Client's session key.

    2. Server's session key.

    3. Value of HASH_TEXT_STRING_1, as specified in section 2.2.3.

  4. Compare the hash computed in the previous step with the hash received from the client. If they match, the client has proved that it owns the client's key exchange private key that matches the client's key exchange public key. It proved it by being able to decrypt the server's session key that was needed for the hash calculation.

  5. Compute hash of the following 2 values (in this order):

    1. Client's session key.

    2. Value of HASH_TEXT_STRING_2, as specified in 2.2.3.

  6. Build an IIS_CRYPTO_BLOB structure with the BlobSignature field set to HASH_BLOB_SIGNATURE and store the hash calculated in the previous step.

  7. Send the IIS_CRYPTO_BLOB structure calculated in the previous step to the client.