[cifs-protocol] [MS-OAPXBC] Incorrect session key instructions
David Mulder
dmulder at samba.org
Wed Jan 17 20:29:06 UTC 2024
In [MS-OAPXBC] section 3.2.5.1.2.2, it says to obtain the session key,
to decrypt the base64 encoded JWE called `session_key_jwe` in the json
response object. There are a couple of issues with this.
First, the `session_key_jwe` is not base64 encoded.
Second, it says that the key is encrypted using the JWE standard
[RFC7516], but the JWE does NOT follow the standard. The CEK can't be
decrypted because it is 294 bytes in length (which is greater than the
maximum 245 bytes allowed).
Is there some kind of padding in the CEK field of a JWE response from
MS? We've tried truncating the field to decrypt it, but to no avail. We
also thought that perhaps the CEK itself was base64 encoded (which FYI
would not obey the [RFC7516] spec), but that doesn't allow decryption of
the field either.
I can only assume that both Windows clients and servers have a bug in
how these JWE are encrypted/decrypted, because the response does not
follow the spec.
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the cifs-protocol
mailing list