[Pfif] [cifs-protocol] Clarify AEAD behaviour for GSSAPIwith AES

Hongwei Sun hongweis at microsoft.com
Thu Feb 19 22:24:15 GMT 2009


metze,

   Since RRC as specified in section 3.4.5.4.1 in MS-KILE is different than what is defined in RFC4121, we will not be adding an additional notes.  Thanks for your suggestion.  

Hongwei

-----Original Message-----
From: Hongwei Sun 
Sent: Friday, January 09, 2009 5:19 PM
To: 'Stefan (metze) Metzmacher'
Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [Pfif] [cifs-protocol] Clarify AEAD behaviour for GSSAPIwith AES

Stefan,

  Thanks for the feedback.  Please see the inline comments.

>The diagram and text look good, maybe add a notice that
>- right rotation by (EC+RRC) count - doesn't match the rfc, which says
>  right rotation just by RRC count

I will discuss your suggestion with the documentation team. 

>But please check with Larry if that behavior will stay for the non-dce-style case in future versions, there were some discussions about making the
>EC+RRC "feature" dce-style specific in future versions of windows.

I confirmed with the product team that there is no change planed in future releases in terms of EC+RRC  handling logic. The existing behavior will stay.


Thanks

----------------------------------------------------------
Hongwei  Sun - Sr. Support Escalation Engineer
DSC Protocol  Team, Microsoft
hongweis at microsoft.com
Tel:  469-7757027 x 57027
-----------------------------------------------------------



-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:metze at samba.org] 
Sent: Thursday, January 08, 2009 1:29 AM
To: Hongwei Sun
Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [Pfif] [cifs-protocol] Clarify AEAD behaviour for GSSAPIwith AES

Hi Hongwei,

>    I just want to check to see if you have any more feedback about the latest update of diagram and text.   If you don't have any more questions, I will close the case regarding Gss_WrapEx with  AES128-CTS-HMAC-SHA1-96 in MS-KILE.

The diagram and text look good, maybe add a notice that
- right rotation by (EC+RRC) count - doesn't match the rfc, which says
  right rotation just by RRC count

But please check with Larry if that behavior will stay for the non-dce-style case in future versions, there were some discussions about making the
EC+RRC "feature" dce-style specific in future versions of windows.

metze

> ----------------------------------------------------------
> Hongwei  Sun - Sr. Support Escalation Engineer DSC Protocol  Team, 
> Microsoft hongweis at microsoft.com
> Tel:  469-7757027 x 57027
> -----------------------------------------------------------
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Hongwei Sun
> Sent: Tuesday, December 30, 2008 10:26 AM
> To: 'Stefan (metze) Metzmacher'
> Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org
> Subject: RE: [Pfif] [cifs-protocol] Clarify AEAD behaviour for 
> GSSAPIwith AES
> 
> Stefan,
> 
>    We have updated the example for GSS_WrapEx with AES128-CTS-HMAC-SHA1-96 in MS-KILE as per your suggestion.  I attached the updated section 4.3 of MS-KILE for your review.  Please also see the inline comment.
> 
>    We really appreciate your help for improving our Open Protocol Documentation.
> 
> 
>> -----Original Message-----
>> From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
>> Sent: Sunday, October 19, 2008 10:03 AM
>> To: Hongwei Sun
>> Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org
>> Subject: Re: [Pfif] [cifs-protocol] Clarify AEAD behaviour for 
>> GSSAPIwith AES
> 
>> Hi Hongwei,
> 
>>>   We finished adding an example for GSS_WrapEx with
>>> AES128-CTS-HMAC-SHA1-96 in [MS-KILE]. The attached PDF document is 
>>> the newly added section(4.3) of the [MS-KILE] document.
>>>
>>>   We really appreciate your suggestion.   Please let us know if you have
>>> further questions regarding this subject.
> 
>> It would be nice if this example would use ec != 0, as that was 
>> exactly not match RFC 4121 and the reason our (heimdal) krb5 code was 
>> not able to handle network traffix from windows.
> 
> We explicitly documented in the latest update that  "right rotation by (EC+RRC) count" should be performed.
> 
>> You should unify the naming of the resulting overhead, in the 
>> diagramm you use 'checksum' and in the test you use 'signature', maybe 'token'
>> would be the better word here, as 'checksum' is a non unique in the diagramm.
> 
> We fixed the inconsistency between text and diagram.
> 
>> An example with arcfour-hmac-md5 would also be very useful, as there 
>> the pseudo ASN.1 wrapping arround the token is very tricky.
>> As it's only arround the 'token' instead of 'token' + 'message' + 
>> 'padding' as it is for the standard GSS_Wrap function.
> 
>> Also it would be nice to have a specific example how the RPC layer 
>> calls GSS_WrapEx.
> 
>> It would also be very helpfull to know how the mapping to the SSPI 
>> function parameters works.
> 
> I already responded to you regarding these questions in a separate mail on 11/24/08.
> 
>> metze
> 
> 
> 
> Thanks
> 
> ----------------------------------------------------------
> Hongwei  Sun - Sr. Support Escalation Engineer DSC Protocol  Team, 
> Microsoft hongweis at microsoft.com
> Tel:  469-7757027 x 57027
> -----------------------------------------------------------




More information about the cifs-protocol mailing list