[MS-GRVSSTPS]:
Simple Symmetric Transport Protocol (SSTP) Security Protocol
Intellectual Property Rights Notice for Open Specifications Documentation
§ Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies.
§ Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications.
§ No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
§ Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft Open Specification Promise or the Community Promise. If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting .
§ Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit www.microsoft.com/trademarks.
§ Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.
Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it.
Revision Summary
Date / Revision History / Revision Class / Comments /04/04/2008 / 0.1 / Initial Availability
06/27/2008 / 1.0 / Major / Revised and edited the technical content
01/16/2009 / 1.01 / Editorial / Revised and edited the technical content
07/13/2009 / 1.02 / Major / Revised and edited the technical content
08/28/2009 / 1.03 / Editorial / Revised and edited the technical content
11/06/2009 / 1.04 / Editorial / Revised and edited the technical content
02/19/2010 / 2.0 / Minor / Updated the technical content
03/31/2010 / 2.01 / Editorial / Revised and edited the technical content
04/30/2010 / 2.02 / Editorial / Revised and edited the technical content
06/07/2010 / 2.03 / Editorial / Revised and edited the technical content
06/29/2010 / 2.04 / Editorial / Changed language and formatting in the technical content.
07/23/2010 / 2.05 / Minor / Clarified the meaning of the technical content.
09/27/2010 / 2.05 / No change / No changes to the meaning, language, or formatting of the technical content.
11/15/2010 / 2.05 / No change / No changes to the meaning, language, or formatting of the technical content.
12/17/2010 / 2.05 / No change / No changes to the meaning, language, or formatting of the technical content.
03/18/2011 / 3.0 / Major / Significantly changed the technical content.
06/10/2011 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
01/20/2012 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
04/11/2012 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
07/16/2012 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
10/08/2012 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
02/11/2013 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
07/30/2013 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
11/18/2013 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
02/10/2014 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
04/30/2014 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
07/31/2014 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
10/30/2014 / 3.0 / No change / No changes to the meaning, language, or formatting of the technical content.
1/1
[MS-GRVSSTPS] — v20141019
Simple Symmetric Transport Protocol (SSTP) Security Protocol
Copyright © 2014 Microsoft Corporation.
Release: October 30, 2014
Table of Contents
1 Introduction 7
1.1 Glossary 7
1.2 References 8
1.2.1 Normative References 8
1.2.2 Informative References 9
1.3 Protocol Overview (Synopsis) 9
1.3.1 Client/Server Model 10
1.3.1.1 Client Role 11
1.3.1.2 Server Role 11
1.3.2 Messages 11
1.3.3 Typical Message Sequences 11
1.3.3.1 Registrations 11
1.3.3.2 Authentications 12
1.4 Relationship to Other Protocols 13
1.5 Prerequisites/Preconditions 14
1.6 Applicability Statement 14
1.7 Versioning and Capability Negotiation 14
1.8 Vendor-Extensible Fields 14
1.9 Standards Assignments 14
2 Messages 15
2.1 Transport 15
2.2 Message Syntax 15
2.2.1 SecConnect 17
2.2.2 SecConnectResponse 18
2.2.3 SecConnectResponseDeviceRegistrationNeeded 20
2.2.4 SecConnectResponseAuthenticationFailed 20
2.2.5 SecConnectAuthenticate 21
2.2.6 SecAttach 21
2.2.7 SecAttachResponse 23
2.2.8 SecAttachResponseAccountRegistrationNeeded 25
2.2.9 SecAttachResponseNewDeviceRegistrationNeeded 25
2.2.10 SecAttachResponseAuthenticationFailed 26
2.2.11 SecAttachAuthenticate 26
2.2.12 SecDeviceAccountRegister 27
2.2.13 SecDeviceAccountRegisterResponse 30
2.2.14 SecAccountRegister 32
2.2.15 SecAccountOnNewDevice 34
2.2.16 SecAccountRegisterResponse 35
2.2.17 SecIdentityRegister 37
3 Protocol Details 40
3.1 Common Details 40
3.1.1 Common Security Parameter Formats and Processing 40
3.1.1.1 Relay Server Certificate 40
3.1.1.2 Relay Server Certificate Fingerprint 40
3.1.1.3 Client Public Keys Object Format 41
3.1.1.4 MARC4 43
3.1.2 Common Data Model 43
3.1.2.1 Connections 43
3.1.2.2 Sessions 43
3.1.3 Message Mappings 44
3.1.3.1 Device Authentication Messages 44
3.1.3.2 Account Authentication Messages 44
3.1.3.3 Registration Messages 45
3.2 Client Details 45
3.2.1 Abstract Data Model 45
3.2.2 Timers 49
3.2.3 Initialization 49
3.2.4 Higher-Layer Triggered Events 50
3.2.4.1 Higher-Layer Device Authentication Initiation 50
3.2.4.2 Higher-Layer Account Authentication Initiation 50
3.2.4.3 Higher-Layer Account and Device Registration Initiation 50
3.2.4.3.1 New Account and Device Registration 50
3.2.4.3.2 Account on New Device Registration 50
3.2.4.4 Higher-Layer Identity Registration Initiation 51
3.2.5 Message Processing Events and Sequencing Rules 51
3.2.5.1 SecConnectResponse Message 51
3.2.5.2 SecConnectResponseDeviceRegistrationNeeded Message 52
3.2.5.3 SecConnectResponseAuthenticationFailed Message 52
3.2.5.4 SecAttachResponseAuthenticationFailed Message 52
3.2.5.5 SecAttachResponse Message 52
3.2.5.6 SecAttachResponseNewDeviceRegistrationNeeded Message 52
3.2.5.7 SecAttachResponseAccountRegistrationNeeded Message 52
3.2.5.8 SecDeviceAccountRegisterResponse Message 53
3.2.5.9 RegisterResponse with no Authentication Token 53
3.2.6 Timer Events 53
3.2.7 Other Local Events 53
3.3 Server Details 53
3.3.1 Abstract Data Model 53
3.3.2 Timers 55
3.3.3 Initialization 55
3.3.4 Higher-Layer Triggered Events 55
3.3.5 Message Processing Events and Sequencing Rules 55
3.3.5.1 SecConnect 55
3.3.5.2 SecConnectAuthenticate 56
3.3.5.3 SecAttach 57
3.3.5.4 SecAttachAuthenticate 58
3.3.5.5 SecDeviceAccountRegister 58
3.3.5.5.1 New Account Registration 58
3.3.5.5.2 Account- on-New-Device Registration 60
3.3.5.6 SecIdentityRegister 61
3.3.6 Timer Events 61
3.3.7 Other Local Events 61
4 Protocol Examples 62
4.1 Registration and Authentication for a New Account 62
4.1.1 Connect 63
4.1.2 ConnectResponseDeviceRegistrationNeeded 64
4.1.3 Attach 65
4.1.4 AttachResponseAccountRegistrationNeeded 66
4.1.5 Register for Device and Account Registration 66
4.1.6 RegisterResponse for Device and Account Registration 70
4.1.7 AttachResponse 72
4.1.8 AttachAuthenticate 73
4.1.9 Close 73
4.1.10 Register for Identity Registration 74
4.1.11 RegisterResponse for Identity Registration 75
4.2 Registration and Authentication for an Account on a New Device 75
4.2.1 AttachResponseNewDeviceRegistrationNeeded 76
4.2.2 Register for Account on New Device 77
4.2.3 RegisterResponse 77
4.3 Authentications for a Reconnecting Client 77
4.3.1 ConnectResponse 79
4.3.2 ConnectAuthenticate 80
5 Security 81
5.1 Security Considerations for Implementers 81
5.1.1 Use of semi-weak algorithms 81
5.1.2 Use of weak algorithms 81
5.1.3 Use of non-standard/suspect algorithms 81
5.1.4 Insufficient integrity protection of SSTP headers 81
5.1.5 Insufficient encryption of SSTP headers 81
5.1.6 Use of the same key for encryption and HMAC 81
5.1.7 Version number is not included in the HMAC 81
5.1.8 Susceptibility to TCP sessions hijacking 81
5.2 Index of Security Parameters 82
6 Appendix A: Product Behavior 84
7 Change Tracking 86
8 Index 87
1/1
[MS-GRVSSTPS] — v20141019
Simple Symmetric Transport Protocol (SSTP) Security Protocol
Copyright © 2014 Microsoft Corporation.
Release: October 30, 2014
1 Introduction
This document specifies a security protocol used for client registration and authentication within the Simple Symmetrical Transmission Protocol (SSTP). SSTP Security is a sub protocol of the SSTP protocol.
SSTP Security is a block-oriented application-layer binary protocol designed so that a client and a relay server are mutually authenticated before a client retrieves data from a relay server. It provides a mechanism for a client and a relay server to securely exchange secret keys that are then used to authenticate each other through a simple challenge/response message sequence.
This SSTP Security protocol is embedded in the SSTP protocol – it relies on SSTP commands to transport its protocol messages. This protocol depends on and works only within SSTP.
Protocol data for SSTP Security is encoded as authentication tokens in several predefined SSTP commands: Connect, ConnectResponse, ConnectAuthenticate, Register, RegisterResponse, Attach, AttachResponse and AttachAuthenticate. Refer to [MS-GRVSSTP] for a complete specification of these SSTP commands.
SSTP Security is a protocol used only between a client and a relay server.
Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in [RFC2119]. Sections 1.5 and 1.9 are also normative but do not contain those terms. All other sections and examples in this specification are informative.
1.1 Glossary
The following terms are defined in [MS-OFCGLOS]:
account
account key
account URL
American National Standards Institute (ANSI) character set
ASN.1
certificate
challenge
connection
device
device key
device URL
Distinguished Encoding Rules (DER)
ElGamal encryption
identity
identity URL
identity-targeted message
little-endian
management server
Modified Alleged Rivest Cipher 4 (MARC4) algorithm
network address translation (NAT)
nonce
object identifier (OID)
private key
public key
RC4
relay server
relay URL
secret key
session
SHA-1 hash
Simple Symmetric Transport Protocol (SSTP)
symmetric key
Unicode
X.509
The following terms are specific to this document:
device-targeted message: A message with an intended destination of a specific resource handler, identity, and client device combination. A device-targeted message is sent over a session addressed by a tuple of resource URL, identity URL, and client device URL.
keyed-hash Message Authentication Code: A symmetric keyed hashing algorithm used to verify the integrity of data to help ensure it has not been modified while in storage or transit.
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.
1.2 References
References to Microsoft Open Specification documents do not include a publishing year because links are to the latest version of the documents, which are updated frequently. References to other documents include a publishing year when one is available.
1.2.1 Normative References
We conduct frequent surveys of the normative references to assure their continued availability. If you have any issue with finding a normative reference, please contact . We will assist you in finding the relevant information.
[CRYPTO] Menezes, A., Vanstone, S., and Oorschot, P., "Handbook of Applied Cryptography", 1997, http://www.cacr.math.uwaterloo.ca/hac/
[MS-GRVDYNM] Microsoft Corporation, "Groove Dynamics Protocol".
[MS-GRVHENC] Microsoft Corporation, "HTTP Encapsulation of Simple Symmetric Transport Protocol (SSTP) Protocol".
[MS-GRVSPCM] Microsoft Corporation, "Client to Management Server Groove SOAP Protocol".
[MS-GRVSPMR] Microsoft Corporation, "Management Server to Relay Server Groove SOAP Protocol".
[MS-GRVSSTP] Microsoft Corporation, "Simple Symmetric Transport Protocol (SSTP)".
[PKCS1] RSA Laboratories, "PKCS #1: RSA Cryptography Standard", PKCS #1, Version 2.1, June 2002, http://www.rsa.com/rsalabs/node.asp?id=2125
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, http://www.rfc-editor.org/rfc/rfc2119.txt
[RFC3174] Eastlake III, D., and Jones, P., "US Secure Hash Algorithm 1 (SHA1)", RFC 3174, September 2001, http://www.ietf.org/rfc/rfc3174.txt
[RFC3280] Housley, R., Polk, W., Ford, W., and Solo, D., "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002, http://www.ietf.org/rfc/rfc3280.txt
[RFC4634] Eastlake III, D. and Hansen, T., "US Secure Hash Algorithms (SHA and HMAC-SHA)", RFC 4634, July 2006, http://www.ietf.org/rfc/rfc4634.txt
[SCHNEIER] Schneier, B., "Applied Cryptography, Second Edition", John Wiley and Sons, 1996, ISBN: 0471117099.
1.2.2 Informative References
[MS-OFCGLOS] Microsoft Corporation, "Microsoft Office Master Glossary".
[RFC3641] Legg, S., "Generic String Encoding Rules (GSER) for ASN.1 Types", RFC 3641, October 2003, http://www.rfc-editor.org/rfc/rfc3641.txt
1.3 Protocol Overview (Synopsis)
SSTP Security is a security protocol that is used for client registration and authentication with a relay server over SSTP [MS-GRVSSTP]. Simple Symmetric Transport Protocol (SSTP) is an application layer protocol that provides a full-duplex connection (1) between two applications. It supports bidirectional, asynchronous communications for multiple endpoints within the applications. SSTP is used both for communications between two clients and for communications between a client and a server.