[cifs-protocol] RE: Regarding String2key for random trust keys ([MS-ADTS]

Andrew Bartlett abartlet at samba.org
Tue Aug 19 12:30:31 GMT 2008

On Tue, 2008-08-19 at 14:48 +1000, Andrew Bartlett wrote:
> On Fri, 2008-08-15 at 09:32 -0700, John Dunning wrote:
> > Hello Andrew,
> >     I wanted to ask you if you have taken a look at Section 3 of RFC
> > 3629 which may be of help for this problem. 
> Is that the expected target string format for string2key operations?
> > If you have and it didn't help then we need to get more information on
> > how you are actually doing the conversion. For example are you using
> > your own function or a canned one?
> We use our own implementation of iconv() for the UTF16 -> UTF8
> translations.
> http://gitweb.samba.org/?p=samba.git;a=blob;f=source/lib/charset/iconv.c;h=4f4bc8fd2da70c9f9d5bb75b2ee0f946516c996a;hb=v4-0-test#l589
> It (rightly) rejects the random data as not being valid UTF16 input.  
> As far as I can tell, it is not possible for random bytes to simply be
> described as UTF16 (and then converted to another charset), so I suspect
> we will need a filter or modified function.

Talking with tridge about this problem, perhaps the problem is that
these buffers are not really 'Unicode' (by the convention of this
document, ie UTF-16).  If the buffers were instead UCS2 and rules about
illegal and reserved ranges were ignored, then the standard UTF8 Huffman
encoding were applied, would this result in the same UTF8 string as
Micorsoft uses for it's input into the AES and DES string2key functions?

For reference, MS-ADTS describes it this way:

TRUST_AUTH_TYPE_CLEAR AuthInfo byte field contains a cleartext password,
encoded as a Unicode string.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080819/caf625ca/attachment.bin

More information about the cifs-protocol mailing list