3.4.4.1 Without Extended Session Security
When Extended Session Security (NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) is not negotiated and session security (NTLMSSP_NEGOTIATE_SIGN or NTLMSSP_NEGOTIATE_SEAL) is negotiated, the message signature for NTLM without extended session security is a 16-byte value that contains the following components, as specified by the NTLMSSP_MESSAGE_SIGNATURE structure (section 2.2.2.9.1):
A 4-byte version-number value that is set to 1 (Version).
A 4-byte random pad.
The 4-bytes of the message's CRC32 (Checksum).
The 4-byte sequence number (SeqNum).
If message integrity is negotiated, the message signature is calculated as follows:
-
-- Input: -- SigningKey - The key used to sign the message. -- SealingKey - The key used to seal the message or checksum. -- RandomPad - A random number provided by the client. Typically 0. -- Message - The message being sent between the client and server. -- SeqNum - Defined in section 3.1.1. -- Handle - The handle to a key state structure corresponding to the -- current state of the SealingKey -- -- Output: -- An NTLMSSP_MESSAGE_SIGNATURE structure whose fields are defined in section 2.2.2.9. -- SeqNum - Defined in section 3.1.1. -- -- Functions used: -- ConcatenationOf() - Defined in Section 6. -- RC4() - Defined in Section 6. -- CRC32() - Defined in Section 6. Define MAC(Handle, SigningKey, SeqNum, Message) as Set NTLMSSP_MESSAGE_SIGNATURE.Version to 0x00000001 Set NTLMSSP_MESSAGE_SIGNATURE.Checksum to CRC32(Message) Set NTLMSSP_MESSAGE_SIGNATURE.RandomPad RC4(Handle, RandomPad) Set NTLMSSP_MESSAGE_SIGNATURE.Checksum to RC4(Handle, NTLMSSP_MESSAGE_SIGNATURE.Checksum) Set NTLMSSP_MESSAGE_SIGNATURE.SeqNum to RC4(Handle, 0x00000000) If (connection oriented) Set NTLMSSP_MESSAGE_SIGNATURE.SeqNum to NTLMSSP_MESSAGE_SIGNATURE.SeqNum XOR SeqNum Set SeqNum to SeqNum + 1 Else Set NTLMSSP_MESSAGE_SIGNATURE.SeqNum to NTLMSSP_MESSAGE_SIGNATURE.SeqNum XOR (application supplied SeqNum) Endif Set NTLMSSP_MESSAGE_SIGNATURE.RandomPad to 0 EndDefine