[cifs-protocol] [MS-OAPXBC] Incorrect session key instructions - TrackingID#2401170040012794

Sreekanth Nadendla srenaden at microsoft.com
Wed Jan 17 20:39:46 UTC 2024 

Casemail in Cc

Dcohelp in Bcc



Hello David, thank you for your question about MS-OAPXBC specification. We have created incident 2401170040012794 to investigate this issue. I will investigate this issue and share my findings soon.



Regards,

Sreekanth Nadendla

Microsoft Windows Open Specifications

________________________________
From: David Mulder <dmulder at samba.org>
Sent: Wednesday, January 17, 2024 3:29 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; William Brown <wbrown at suse.com>
Subject: [EXTERNAL] [MS-OAPXBC] Incorrect session key instructions

In [MS-OAPXBC] section 3.2.5.1.2.2, it says to obtain the session key,
to decrypt the base64 encoded JWE called `session_key_jwe` in the json
response object. There are a couple of issues with this.

First, the `session_key_jwe` is not base64 encoded.

Second, it says that the key is encrypted using the JWE standard
[RFC7516], but the JWE does NOT follow the standard. The CEK can't be
decrypted because it is 294 bytes in length (which is greater than the
maximum 245 bytes allowed).

Is there some kind of padding in the CEK field of a JWE response from
MS? We've tried truncating the field to decrypt it, but to no avail. We
also thought that perhaps the CEK itself was base64 encoded (which FYI
would not obey the [RFC7516] spec), but that doesn't allow decryption of
the field either.

I can only assume that both Windows clients and servers have a bug in
how these JWE are encrypted/decrypted, because the response does not
follow the spec.

--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.suse.com%2F&data=05%7C02%7Csrenaden%40microsoft.com%7Cd82c8fbad432429d934608dc179afd82%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638411201659416053%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=DbaT2IoRG7VqnuV%2FCqLbikY6uhC1Hs9zEQa42MBsOQU%3D&reserved=0<http://www.suse.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240117/ab47a053/attachment.htm>

More information about the cifs-protocol mailing list