2.2.2.3 YourGMC
The YourGMC message is sent at the end of password-based authentication to deliver the generated GMC to the new group member.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Message Type |
Encrypted GMC Length |
||||||||||||||||||||||||||||||
|
... |
Encrypted GMC Data (variable) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Message Type (2 bytes): The type of message being sent, in big-endian byte order. For a YourGMC message, the type MUST be 0x0002.
Encrypted GMC Length (4 bytes): An unsigned binary integer containing the length of the Encrypted GMC Data field which follows, in big-endian byte order.
Encrypted GMC Data (variable): The Encrypted PKCS7 ASN encoded GMC chain [RFC2315]. The GMC data MUST be encrypted with the following steps:
A Hash of the Group password MUST be generated using the SHA1 algorithm specified in [RFC3174].
A Session key MUST be generated from the hash of the Group password according to the following steps:
Let n=32 bytes and k=20 bytes
a) Form a 64-byte buffer by repeating the constant 0x36 64 times. Set the first k bytes of the buffer to the result of an XOR operation of the first k bytes of the hash of the Group password generated at step 1
b) Form a 64-byte buffer by repeating the constant 0x5C 64 times. Set the first k bytes of the buffer to the result of an XOR operation of the first k bytes of the hash of the Group password generated at step 1.
c) Hash the result of step a by using the SHA1 algorithm.
d) Hash the result of step b by using the SHA1 algorithm.
e) Concatenate the result of step c with the result of step d.
f) Use the first n bytes of the result of step e as the derived key.
The GMC data MUST be encrypted using the generated encryption key and AES 256 with CBC and empty initialization vector. Refer to [FIPS197] for the AES standard and [SP800-38A] for the supported block cipher mode.