[cifs-protocol] MS-NRPC: AES Schannel problems
Stefan (metze) Metzmacher
metze at samba.org
Tue Aug 25 23:15:01 MDT 2009
Hongwei,
> The SharedSecret used for AES session key computation, as described in 3.1.4.3 MS-NRPC , should be the NTOWF (MD4(UNICODE(Passwd))) of the plaintext password. The section 3.1.1 of MS-NRPC explains what a SharedSecret is used for session key calculation in Windows implementations. The SharedSecret is stored in UnicodePwd AD attribute. Please see section 3.1.1 and Windows Behavior notes <66>,<67> of MS-NRPC for details.
Yes, I saw that and that's why I've also done it like this,
but I was wondering why Section 3.4.1 has
M4SS := MD4(UNICODE(SharedSecret)) explicit for the hmac_md5 session key
and the des session key.
I think it would make sense to also add it to the hmac_sha256 section
in order to remove the confusion I had.
>
> I will continue working on all questions related to AES encryption.
Thanks, as it seems I compute the session key correct, this is the place
(netlogon_creds_step_crypt()) where I have a bug, because I'm getting
access denied when I try DCERPC_SCHANNEL_AES against a w2k8r2rc server.
metze
>
> -----Original Message-----
>
> From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
>
> Sent: Tuesday, August 25, 2009 11:13 AM
>
> To: Interoperability Documentation Help
>
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
>
> Subject: MS-NRPC: AES Schannel problems
>
>
>
> Hi,
>
>
>
> I'm currently trying to implement the AES based Netlogon Secure Channel in Samba.
>
>
>
> But the documentation is not really clear about the used algorithms.
>
>
>
> I have started with the implementation here:
>
> http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-schannel
>
>
>
> And here's the actual commit that tries to add aes support:
>
> http://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=50dca9ce0f051c863f00cc949db2c19bf247887b
>
>
>
> In Section "3.1.4.3 Session-Key Computation" the hmac-sha256 base computation of the session-key seems to use the plain SharedSecret and not the NT-HASH of it (MD4(UNICODE(ShareSecret))), is that correct?
>
> I thought the plain text is never stored in AD by default...
>
> Where should the netlogon server get the plain text from?
>
> I just tried the NT-HASH see my netlogon_creds_init_hmac_sha256() function.
>
>
>
> In Section "3.1.4.4 Netlogon Credential Computation" there's a AesEncrypt function used. Can you please document the exact algorithm that's used there. You say AES128 is used in CFB mode without initialization vector.
>
>
>
> http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
>
> says that all modes except ECB require an IV.
>
>
>
> It would also be nice if you could add some more example values in secion 4.2 Cryptographic Values for Session Key Validation.
>
>
>
> metze
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090826/cf430427/attachment.pgp>
More information about the cifs-protocol
mailing list