Manualshelf

Alert Standard Format (ASF) Specification

ManualsBrandsIntel ManualsOtherIntel Desktop Board DG41MJ
31323334353637383940
Alert Standard Format (ASF) Specification v2.0 DMTF Document DSP0136
DSP0136 23 April 2003 Page 32 of 94
Algorithms such as RAKP depend on "quality" random numbers for their security. Quality in this
context means that the numbers must be random in a cryptographic sense (i.e., they must be
genuinely unpredictable). To ensure that a baseline-level of quality random numbers are
provided for management consoles and managed clients, this specification defines the following
algorithm that RAKP implementations must use if no other higher-quality source of random
numbers is available (e.g., a hardware random number generator).
In addition to the three previously defined RAKP keys (i.e., K
A
, K
O
, and K
G
), a Management
Console generates an additional 160-bit key, K
R
, which is unique for each managed client. The
value of this key cannot be reused during the lifetime of K
A
, K
O
, and K
G
. During installation after
all of the RAKP keys have been loaded into non-volatile storage, the managed client creates two
(2) 32 bit counters, C
P
and C
Q
and sets the value of each counter to zero (0).
C
P
is used to count the number of device power cycles and its value is saved in non-volatile
storage. Once initialized, C
P
is incremented by one (1) after each power cycle and its new value
is again saved in non-volatile storage. C
Q
is used to count the number of random number
generation requests per power cycle. Once initialized, C
Q
is incremented by one (1) after each
random number generation request. After each power cycle, the value of C
Q
is set to zero (0)
(i.e., its value is not saved across power cycles). If during a given power cycle, C
Q
rolls-over
back to zero, the managed client must increment C
P
by one (1) and save its new value back into
non volatile storage.
The managed client creates a random number by generating an HMAC per [RFC2104] of the
concatenation of C
P
and C
Q
using key K
R
.
Random Number = HMAC
KR
(C
P
| C
Q
)
3.2.3.5.1 RSSP and RAKP Message Status Codes
The table below lists the status codes for specific RSSP and RAKP messages.
Message
Status
Code
Description
43h 44h C1h C2h
00h No errors X X X X
01h Insufficient resources to create a session X
02h Invalid session ID X X X X
03h Invalid payload type X
04h Invalid authentication algorithm X
05h Invalid integrity algorithm X
06h No matching authentication payload X
07h No matching integrity payload X
08h Inactive session ID X X X
09h Invalid role X
0Ah Unauthorized role X
0Bh Insufficient resources to create a session at the requested role X
0Ch Invalid name length X
0Dh Unauthorized name X
0Eh Unauthorized GUID X
0Fh Invalid integrity check value X