[cifs-protocol] [Pfif] MS-NRPC: AES Schannel problems

Stefan (metze) Metzmacher metze at samba.org
Sat Aug 29 00:27:49 MDT 2009


>    A quick clarification for the AES bit in Negotiate Flag, as shown in  The information in the document regarding this bit is wrong.  Bit W NETLOGON_NEG_SUPPORTS_AES_SHA2 (0x00400000) is not supported in Windows 7/Windows Server 2008 R2.   The right bit to negotiate AES support should be NETLOGON_NEG_SUPPORTS_AES(0x01000000), as you already indicated.   If  you use bit 0x00400000 to negotiate the AES support, it might be the source of your problem.

I was already only using the correct bit.

>   I will file a request to fix this problem in the document.  Meanwhile, I will work on the AES encryption details for Schannel.


> -----Original Message-----
> From: Stefan (metze) Metzmacher [mailto:metze at samba.org] 
> Sent: Friday, August 28, 2009 12:00 PM
> To: Hongwei Sun
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: Re: [Pfif] MS-NRPC: AES Schannel problems
> Stefan (metze) Metzmacher schrieb:
>> Hongwei,
>>>     The SharedSecret used for AES session key computation, as described in MS-NRPC , should be the NTOWF (MD4(UNICODE(Passwd))) of the plaintext password.   The section 3.1.1 of MS-NRPC explains what a SharedSecret is used for session key calculation in Windows implementations.  The SharedSecret  is stored in UnicodePwd AD attribute.  Please see section 3.1.1 and Windows Behavior notes <66>,<67> of MS-NRPC for details.
>> Yes, I saw that and that's why I've also done it like this, but I was 
>> wondering why Section 3.4.1 has M4SS := MD4(UNICODE(SharedSecret)) 
>> explicit for the hmac_md5 session key and the des session key.
>> I think it would make sense to also add it to the hmac_sha256 section 
>> in order to remove the confusion I had.
>>>      I will continue working on all questions related to AES encryption.
>> Thanks, as it seems I compute the session key correct, this is the 
>> place
>> (netlogon_creds_step_crypt()) where I have a bug, because I'm getting 
>> access denied when I try DCERPC_SCHANNEL_AES against a w2k8r2rc server.
> Please also provide details about the aes encryption used when schannel acts as security provider for dcerpc.
> I noticed that the documentation on has only the
> NETLOGON_NEG_SUPPORTS_AES_SHA2 (0x00400000) flag, but w2k8r2 used the new flag NETLOGON_NEG_SUPPORTS_AES(0x01000000).
> I assume the docs may missing also some crypto details, because of this...
> metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090829/add29f2e/attachment.pgp>

More information about the cifs-protocol mailing list