[cifs-protocol] [EXTERNAL] [MS-OAPXBC] Incorrect session key instructions

Sreekanth Nadendla srenaden at microsoft.com
Thu Jan 25 03:53:38 UTC 2024 

>We have now been able to get a sample of a valid exchange
>compact-jwt/src/crypto/ms_oapxbc.rs at b13dda1420e527d639f2962f4022609d2a46ae50 · kanidm/compact-jwt · GitHub<https://github.com/kanidm/compact-jwt/blob/b13dda1420e527d639f2962f4022609d2a46ae50/src/crypto/ms_oapxbc.rs#L256>
>with a correctly sized CEK (256 bytes). We are still unsure under what conditions MS is sending us a 294 CEK under.

This means your implementation works fine whenever CEK is 256 bytes ?

It's unclear how the base64decoded followed by decrypted key varies in size randomly. I will investigate this tomorrow and get back to you.


Regards,

Sreekanth Nadendla

Microsoft Windows Open Specifications

________________________________
From: William Brown <wbrown at suse.de>
Sent: Wednesday, January 24, 2024 10:22 PM
To: Sreekanth Nadendla <srenaden at microsoft.com>
Cc: David Mulder <dmulder at samba.org>; Microsoft Support <supportmail at microsoft.com>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Subject: Re: [EXTERNAL] [cifs-protocol] [MS-OAPXBC] Incorrect session key instructions

[You don't often get email from wbrown at suse.de. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

> On 25 Jan 2024, at 13:13, Sreekanth Nadendla <srenaden at microsoft.com> wrote:
>
> William, David
> Are you decrypting with the machine key (device transport key) ?

Yes, we are.

> Also have you been able to separate header, encryptedkey, iv, payload and authentication Tag from the response ?

Yes, we have,

> I want to see what was sent in these fields and ensure that the parsing scheme is valid.

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkanidm%2Fcompact-jwt%2Fpull%2F18%2Ffiles&data=05%7C02%7Csrenaden%40microsoft.com%7C67407826b48f44f5ad0d08dc1d54d75e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638417497446202777%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=VND1D%2B%2FgAUKy%2B1Mu%2Bri%2Fi9FxPbSUiiEFZ6frcrEVJmk%3D&reserved=0<https://github.com/kanidm/compact-jwt/pull/18/files>

Specifically, https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkanidm%2Fcompact-jwt%2Fblob%2Fb13dda1420e527d639f2962f4022609d2a46ae50%2Fsrc%2Fcompact.rs%23L402&data=05%7C02%7Csrenaden%40microsoft.com%7C67407826b48f44f5ad0d08dc1d54d75e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638417497446213751%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zV2rTszidJUb70hs84Q1ZhX7pbKtrGXwpWSqBt2C0tc%3D&reserved=0<https://github.com/kanidm/compact-jwt/blob/b13dda1420e527d639f2962f4022609d2a46ae50/src/compact.rs#L402>

Please also see https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkanidm%2Fcompact-jwt%2Fblob%2Fb13dda1420e527d639f2962f4022609d2a46ae50%2Fsrc%2Fcrypto%2Frsaes_oaep.rs%23L269&data=05%7C02%7Csrenaden%40microsoft.com%7C67407826b48f44f5ad0d08dc1d54d75e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638417497446222338%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gBqWqb8F%2FglHDyM5kgWnia2BINTLf8Y78Tn%2F7Gq18%2Fg%3D&reserved=0<https://github.com/kanidm/compact-jwt/blob/b13dda1420e527d639f2962f4022609d2a46ae50/src/crypto/rsaes_oaep.rs#L269> which is the RFC compliance test vectors.

>
> If the Algorithm is dir instead of RSA-OAEP, is your implementation working ?

Yes.


We have now been able to get a sample of a valid exchange ( https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fkanidm%2Fcompact-jwt%2Fblob%2Fb13dda1420e527d639f2962f4022609d2a46ae50%2Fsrc%2Fcrypto%2Fms_oapxbc.rs%23L256&data=05%7C02%7Csrenaden%40microsoft.com%7C67407826b48f44f5ad0d08dc1d54d75e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638417497446229066%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=pasoW1Nx6EvF5NuHCTcUDWknoQ%2F9TFoxk4Qiol2ctgM%3D&reserved=0<https://github.com/kanidm/compact-jwt/blob/b13dda1420e527d639f2962f4022609d2a46ae50/src/crypto/ms_oapxbc.rs#L256> ) with a correctly sized CEK (256 bytes). We are still unsure under what conditions MS is sending us a 294 CEK under.



--
Sincerely,

William Brown

Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240125/7f1ed9cf/attachment.htm>

More information about the cifs-protocol mailing list