Manualshelf

Alert Standard Format (ASF) Specification

ManualsBrandsIntel ManualsOtherIntel Desktop Board DG41MJ
31323334353637383940
Alert Standard Format (ASF) Specification v2.0 DMTF Document DSP0136
DSP0136 23 April 2003 Page 31 of 94
After receiving Message 2, the management console verifies that the value SID
M
is active and
that GUID
C
matches the managed client that the management console is expecting to
communicate with. The management console then validates the HMAC. If the HMAC is valid,
the management console creates the Session Integrity Key (SIK) by generating an HMAC per
[RFC2104] of the concatenation of R
M
, R
C
, Role
M
, ULength
M
, and (optional) UName
M
using key
K
G
(note – no truncation).
SIK = HMAC
KG
(R
M
| R
C
| Role
M
| ULength
M
| < UName
M
>)
Then the management console sends to the managed client as Message 3 the value SID
C
and
the HMAC per [RFC2404] of the values (R
C
, SID
M
, Role
M
, ULength
M
, < UName
M
>) generated
using key K
O
or K
A
selected by the requested role, Role
M
.
Message 3: Mgt Console — Managed Client
SID
C
, HMAC
KO or KA
(R
C
, SID
M
, Role
M
, ULength
M
, < UName
M
>)
After receiving Message 3, the managed client verifies that the value SID
C
is active and then
validates the HMAC. If the HMAC is valid, the managed client creates the SIK by generating an
HMAC per [RFC2104] of the concatenation of R
M
, R
C
, Role
M
, ULength
M
, and (optional)
UName
M
using key K
G
(note – no truncation).
SIK = HMAC
KG
(R
M
| R
C
| Role
M
| ULength
M
| < UName
M
>)
If the specific session integrity algorithm negotiated between the management console and the
managed client requires more keying material than that provided by SIK, additional keying
material can be derived by using an HMAC per [RFC2104], keyed by SIK, to process a pre-
defined set of constants.
K
1
= HMAC
SIK
(const 1)
K
2
= HMAC
SIK
(const 2)
K
3
= HMAC
SIK
(const 3)
These constants are constructed using a hexadecimal octet value repeated up to the HMAC
block size in length starting with the constant 01h. This mechanism can be used to derive up to
255 HMAC-block-length pieces of keying material from a single SIK.
Const 1 = 0x01010101010101010101 01010101010101010101
Const 2 = 0x02020202020202020202 02020202020202020202
Const 3 = 0x03030303030303030303 03030303030303030303
.
.
.
Const 255 = 0xFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFF