2.2.2.1.12 VerifyChecksum
The VerifyChecksum structure is used to calculate a MAC from the given data and compare it to the given expected value. This structure is used to detect mismatches which may indicate tampering with the PAC which is sent by the KDC to the client inside a KRB_KDC_REP. The checksum operation is performed over the input data and key and compared with the expected value. The output message indicates whether the checksum is a match or not.
When populating this field of the KerbCredIsoRemoteInput structure, the CallId field MUST be set to RemoteCallKerbVerifyChecksum.
-
struct { KERB_RPC_ENCRYPTION_KEY* Key; ULONG ChecksumType; ULONG ExpectedChecksumSize; [size_is(ExpectedChecksumSize)] const UCHAR* ExpectedChecksum; ULONG DataToCheckSize; [size_is(DataToCheckSize)] const UCHAR* DataToCheck; } VerifyChecksum;
Key: A pointer to a KERB_RPC_ENCRYPTION_KEY structure that contains the encryption key used in the checksum operation.
ChecksumType: A ULONG that contains a valid Kerberos checksum type ID, as defined in [RFC3961] or [RFC3962].
ExpectedChecksumSize: A ULONG that indicates the byte size of the ExpectedChecksum array field that contains the expected checksum.
ExpectedChecksum: A CHAR array that contains the expected checksum data.
DataToCheckSize: A ULONG that indicates the size of the DataToCheck array field that contains the input data to check.
DataToCheck: A CHAR array that contains the input data over which to perform the checksum.
When populating this field of the KerbCredIsoRemoteOutput structure, the CallId field MUST be set to RemoteCallKerbVerifyChecksum.
-
struct { BOOL IsValid; } VerifyChecksum;
IsValid: A BOOL. If TRUE, indicates that the calculated checksum matches.