[cifs-protocol] [EXTERNAL] [MS-OAPXBC] Incorrect session key instructions

[Sreekanth Nadendla]

Hello David, I was under the impression that the decoded part being still encrypted will have varying size (actually depends on the key size of the RSA algorithm) and actual problem lies with data supplied or decrypting process. Please stand by while I look into potential ways of tracing server-side logic. I'll contact you as soon as I have something.

Alternatively, if there is a way for you to send me the powershell code you are using to see how our server is sending the CEK, I can run it at my end and look at the byte sequences, step through assuming it's not a complicated setup.

________________________________
From: David Mulder <dmulder at samba.org>
Sent: Thursday, January 25, 2024 11:45 AM
To: Sreekanth Nadendla <srenaden at microsoft.com>; William Brown <wbrown at suse.de>
Cc: Microsoft Support <supportmail at microsoft.com>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Subject: Re: [EXTERNAL] [cifs-protocol] [MS-OAPXBC] Incorrect session key instructions



On 1/25/24 9:41 AM, Sreekanth Nadendla wrote:
Hello David, the data obtained after base64url decode is the key in encrypted form. You would use the machine transport key to decrypt this to obtain the pop key you need. Can you check if this works?
That's exactly the problem. It can't be decrypted using the transport key. The number of bytes is too long. The CEK returned by MS appears to be corrupted (or a buffer overrun on your side, we're not sure).

--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com<mailto:dmulder at suse.com>
http://www.suse.com<http://www.suse.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240125/d0bdaff0/attachment.htm>