[cifs-protocol] [EXTERNAL] [MS-OAPXBC] Incorrect session key instructions
David Mulder
dmulder at samba.org
Thu Jan 25 18:01:00 UTC 2024
On 1/25/24 10:40 AM, David Mulder via cifs-protocol wrote:
>
>
> On 1/25/24 10:32 AM, Sreekanth Nadendla wrote:
>> Hello David, I was under the impression that the decoded part being
>> still encrypted will have varying size (actually depends on the key
>> size of the RSA algorithm) and actual problem lies with data supplied
>> or decrypting process. Please stand by while I look into potential
>> ways of tracing server-side logic. I'll contact you as soon as I have
>> something.
>>
>> Alternatively, if there is a way for you to send me the powershell
>> code you are using to see how our server is sending the CEK, I can
>> run it at my end and look at the byte sequences, step through
>> assuming it's not a complicated setup.
>
> That's easy enough. Just follow this blog post:
>
> https://aadinternals.com/post/prt/#creating-your-own-prt
>
> You just need the AADInternals powershell module.
>
>
> The author of the module is a MS employee: Dr. Nestori Syynimaa. So he
> might be able to assist you.
>
> I have not been able to reproduce the error from Windows, however.
> Something about the request is different enough that the server is
> responding correctly on a Windows machine.
>
I just discovered something interesting. If I take the transport key and
certificate from the powershell on Windows join, then transfer it to my
Linux code, then I get a valid session_key_jwe in the PRT response. So
something about the join is breaking the PRT.
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240125/c3e6f7ca/attachment.htm>
More information about the cifs-protocol
mailing list