[cifs-protocol] [MS-GKDI] GetKey — Group Keys and Seed Keys
Joseph Sutton
jsutton at samba.org
Tue Nov 21 03:49:49 UTC 2023
Hi dochelp,
The documentation for GetKey ([MS-GKDI] 3.1.4.1) states that, in
general, there are four types of GetKey request: two requesting the
latest group key, and two requesting a specific seed key. If L0KeyID,
L1KeyID, and L2KeyID are all equal to −1, the caller has requested a
group key, and if they are all greater than −1, a seed key.
Further on, the documentation states:
“6. If the client is only authorized to access public keys […] compute
the public key corresponding to the SK […] Return the result in the
ppbOut parameter of the GetKey method […] and then exit.
“7. If the client is authorized to access seed keys […] then:
[directions follow for returning a seed key].”
Steps 6 and 7, taken literally, seem to imply that whether to return a
seed key depends only on the client’s access privileges. But that would
be contrary to the earlier passage which leaves the choice up to the
client — although still restricted by their privileges.
Which reading is the correct one?
Regards,
Joseph
More information about the cifs-protocol
mailing list