ASF Specification v2.0 DSP0136 - DMTF
ASF Specification v2.0 DSP0136 - DMTF
ASF Specification v2.0 DSP0136 - DMTF
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Alert Standard Format (<strong>ASF</strong>) <strong>Specification</strong> <strong>v2.0</strong><br />
<strong>DMTF</strong> Document <strong>DSP0136</strong><br />
After receiving Message 2, the management console verifies that the value SID M is active and<br />
that GUID C matches the managed client that the management console is expecting to<br />
communicate with. The management console then validates the HMAC. If the HMAC is valid,<br />
the management console creates the Session Integrity Key (SIK) by generating an HMAC per<br />
[RFC2104] of the concatenation of R M , R C , Role M , ULength M , and (optional) UName M using key<br />
K G (note – no truncation).<br />
SIK = HMAC KG (R M | R C | Role M | ULength M | < UName M >)<br />
Then the management console sends to the managed client as Message 3 the value SID C and<br />
the HMAC per [RFC2404] of the values (R C , SID M , Role M , ULength M , < UName M >) generated<br />
using key K O or K A selected by the requested role, Role M .<br />
Message 3: Mgt Console —► Managed Client<br />
SID C , HMAC KO or KA (R C , SID M , Role M , ULength M , < UName M >)<br />
After receiving Message 3, the managed client verifies that the value SID C is active and then<br />
validates the HMAC. If the HMAC is valid, the managed client creates the SIK by generating an<br />
HMAC per [RFC2104] of the concatenation of R M , R C , Role M , ULength M , and (optional)<br />
UName M using key K G (note – no truncation).<br />
SIK = HMAC KG (R M | R C | Role M | ULength M | < UName M >)<br />
If the specific session integrity algorithm negotiated between the management console and the<br />
managed client requires more keying material than that provided by SIK, additional keying<br />
material can be derived by using an HMAC per [RFC2104], keyed by SIK, to process a predefined<br />
set of constants.<br />
K 1 = HMAC SIK (const 1)<br />
K 2 = HMAC SIK (const 2)<br />
K 3 = HMAC SIK (const 3)<br />
These constants are constructed using a hexadecimal octet value repeated up to the HMAC<br />
block size in length starting with the constant 01h. This mechanism can be used to derive up to<br />
255 HMAC-block-length pieces of keying material from a single SIK.<br />
Const 1 = 0x01010101010101010101 01010101010101010101<br />
Const 2 = 0x02020202020202020202 02020202020202020202<br />
Const 3 = 0x03030303030303030303 03030303030303030303<br />
.<br />
.<br />
.<br />
Const 255 = 0xFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFF<br />
<strong>DSP0136</strong> 23 April 2003 Page 31 of 94