<div dir="ltr">To update:<div><br></div><div>I was able to finally track the code down for session key generation to auth/ntlmssp/ntlmssp_client.c - cli_credentials_get_ntlm_response function and realized that the signing key was in fact the random session key I was generating as part of NTLMv2 with key exchange.</div>
<div><br></div><div style>Given that I am able to sign messages now, it also appears the the key in fact does change between SMB2 sessions wheras SMB1 does not.</div><div style><br></div><div style>I guess that I've answered my own questions. So unless something I've said is incorrect, thanks everyone for your time!</div>
<div style>B</div><div style><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 20, 2013 at 4:09 PM, Brad Fewster <span dir="ltr"><<a href="mailto:brad.fewster725@gmail.com" target="_blank">brad.fewster725@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span style>Hi everyone,</span><div style><br></div><div style>First off, I'm new to the list so excuse me if my mailing list etiquette is not quite up to par.</div>
<div style><br></div><div style>I have a few questions regarding SMB2 and signing that I'm hoping someone here can help me with. Note that I'm only concerned with the client, not the server, so all of my questions fall within the context of an SMB2 client.</div>
<div style><br></div><div style>Also I've done ALOT of reading of internet sources, Samba code, and MS documentation which has left me in a thoroughly confused state as to which methodologies apply to SMB, SMB2, NTLMv1, and NTLMv2.</div>
<div style><br></div><div style>My apologies if this isn't the right place for NTLM questions, but I am not sure where else to ask since this is apparently directly related to the SMB2 signing key.</div>
<div style><br></div><div style><br></div><div style>Question 1: Signing Key Format with NTLMv2</div><div style><br></div><div style>
I'm looking at a connection in which the session setup is occurring (with regard to packet layout) using NTLMv2 inside NTLMSSP inside SPNEGO inside GSS-API.</div><div style><br></div><div style>
What I'd like to know is what exactly is used as the "session key" to sign SMB2 packets? I am confused by the signing key information contained within [MS-NLMP] with regard to signing and sealing keys, some resources seem to indicate that that has no bearing on the SMB signing key, but I'm not sure that applies to SMB and/or SMB2 as the lines seem to be a bit blurred.</div>
<div style><br></div><div style>The current routine I'm using to generate the key used to sign SMB2 packets per [MS-SMB2] section 3.1.4.1 is:</div><div style> username = ASCIIZ username (i.e. "brad")</div>
<div style> domain = ASCIIZ target domain (typically the hostname from the NTLMSSP_CHALLENGE, i.e. "WIN7-X64-01")</div><div style> password = ASCIIZ password (i.e. "secret")</div>
<div style> server_challenge = 8-byte challenge received from the server (from NTLMSSP_CHALLENGE's NTLM Server Challenge field)</div><div style> client_challenge = random 8-byte nonce (generated by me)</div>
<div style> target_info = "target info" block from NTLMSSP_CHALLENGE from server</div><div style> v1Hash = MD4(UNICODE_LE(password)) [ as per heim_ntlm_nt_key ] (16 bytes)</div>
<div style> v2Hash = HMAC_MD5(UNICODE_LE(username)+UNICODE_LE(domain)) using all 16bytes of v1Hash as key</div><div style> ntlmv2_response = all but the first 16 bytes of the response that I am SENDING to the client</div>
<div style> hmac = HMAC_MD5(ntlmv2_response) using all 16 bytes of v2Hash as the key</div><div style> signingKey = HMAC_MD5(v2Hash) using all 16 bytes of 'hmac' as the session key</div>
<div style><br></div><div style>This isn't working for signing - my Windows 7 x64 Ultimate box rejects packets signed using the above signingKey. Simply an ACCESS_DENIED error is returned; if I disable signing then the commands work so it's not a legitimate permissions problem. I've gone over the actual signing code many times, which is simple compared to the NTLMv2 negotiation. I'm confident the signing code is OK and the key above is incorrect.</div>
<div style><br></div><div style>Authentication for NTLMv2 is woking correctly, so I also have access to all of the various artifacts of that process.</div><div style>
<br></div><div style>I think I've gotten lost somewhere in the mountain of hashes and different signing keys. Does SMBv2 require some of the "magic signing keys" to be used as documented in [MS-NLMP] to derive it's signing keys? Various scraping of information on the interwebs leads me to believe 'no', but I can't be 100% certain.</div>
<div style><br></div><div style>Various other permutations have been tries using assorted keys from the NTLMv2 process, the server and client challenge's, magic signing keys from [MS-NLMP], etc to no avail.</div>
<div style><br></div><div style>BTW, the flags I'm using in my NTLMSSP_NEGOTIATE are 0x60088215 and the ones returned by the server are 0x628a8215.</div><div style>
<br></div><div style><br></div><div style><br></div><div style>Question 2: Signing Key Retention</div><div style><br></div><div style>
Assuming that Q1 is answered and I'm able to obtain the proper signing key for SMB2 packets, is the key used to set the 'signature' field in the SMB2 header retained across SessionSetup/Logoff instances?</div>
<div style><br></div><div style>This appears to be the case in SMB1 and looking at [MS-SMB2] in section 3.2.5.3.2 it reads "The client MUST NOT regenerate Session.SessionKey.". I read this to mean that SMB2 behaves like SMB1 in that if a session key is established during the initial SessionSetup exchange that it will remain unchanged even if a Logoff is processed followed by another SessionSetup.</div>
<div style><br></div><div style><br></div><div style><br></div><div style>Thanks for anyone who can help,</div><div style>B</div>
<div><br></div></div>
</blockquote></div><br></div>