[cifs-protocol] [EXTERNAL] Re: [MS-OAPXBC] Incorrect session key instructions

Wed Jan 24 22:07:28 UTC 2024

On 1/24/24 2:34 PM, Sreekanth Nadendla wrote:
> Hello David, William,
> You are correct i.e. the individual fields are sent after base64 
> encoding in the response.
>
> So, the following data needs to be Base64URL decoded first in order to 
> decrypt
>        1) iv, payload, tag ( used when decrypting using dir algorithm. )
>
>              2) encrypted Key parsed out from response (when 
> decrypting using RSA-OAEP algorithm, device transport key, account 
> info is used to decrypt)
>
> Have you been able to parse the response header and verify which 
> algorithm is used ? "Direct use of a shared symmetric key as CEK" vs 
> "RSAES using OAEP".
>  It's value will be either  RSA-OAEP or dir in the header.
Here's an example:

Header:

{"enc":"A256GCM","alg":"RSA-OAEP"}

CEK field:

EGzWVAJryfCZcHTBuh2GlgpsSJ07_uJYJzxHugaMcs0fRqPCuyJbmnPUF4RAIA52NuxIIvUX2IQZbkip81SbSyDQdZc9qrMTBGBij4X3vTq_lRX6AVu9qY_S8CmOp1Uj0fwwuJ0JZBB9gyaIVz55aSmh0EpJLD6sZaWoCQ_yW4zi2Zkh76Ejj6oXdg4N4EcuT_BE_BYa-k4C6rzEZOC56tFhLeajJiaQZjkS9sDFFCqD954yakiK6OITMQWCgrxWnouXBzIgXIeeLHfoBpV2FKjLgUW9j_W_PSj02awvzPxCCgxCoMttuH0gSg_nIBslqsRUOtV7Z6-R4PRQCvu7bBBMCatoGEDCIcSDOsxGXi4qWebJDDV8lwRJDnX6fj0XlWiaSw37

Which if we decode with base64url, it's 294 bytes long (which can't be 
decrypted because it is too long).

Here's a whole session_key_jwe we're getting back from MS:
eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.EGzWVAJryfCZcHTBuh2GlgpsSJ07_uJYJzxHugaMcs0fRqPCuyJbmnPUF4RAIA52NuxIIvUX2IQZbkip81SbSyDQdZc9qrMTBGBij4X3vTq_lRX6AVu9qY_S8CmOp1Uj0fwwuJ0JZBB9gyaIVz55aSmh0EpJLD6sZaWoCQ_yW4zi2Zkh76Ejj6oXdg4N4EcuT_BE_BYa-k4C6rzEZOC56tFhLeajJiaQZjkS9sDFFCqD954yakiK6OITMQWCgrxWnouXBzIgXIeeLHfoBpV2FKjLgUW9j_W_PSj02awvzPxCCgxCoMttuH0gSg_nIBslqsRUOtV7Z6-R4PRQCvu7bBBMCatoGEDCIcSDOsxGXi4qWebJDDV8lwRJDnX6fj0XlWiaSw37.fGFa6aVfmf83em7B.EA.O8wTp91cEL3-bACPGhi3iA

I'm consistently getting this sort of response, with a garbled CEK.

I tried putting this JWE through Powershell, and attempted decrypting 
the CEK with 
`System.Security.Cryptography.RSAOAEPKeyExchangeDeformatter`. This fails 
with:

MethodInvocationException: 
/home/dmulder/.local/share/powershell/Modules/AADInternals/0.9.2/PRT_Utils.ps1:754 

Line |
  754 |  …             $CEK    = 
[System.Security.Cryptography.RSAOAEPKeyExchang …
      | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      | Exception calling "DecryptKeyExchange" with "1" argument(s): 
"The length of the data to decrypt is not valid
      | for the size of this key."

-- 
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240124/29dd76ad/attachment.htm>