[cifs-protocol] [Pfif] MS-NRPC: AES Schannel problems

Stefan (metze) Metzmacher metze at samba.org
Mon Sep 14 18:30:30 MDT 2009


now with attachment...

>>>   We confirmed that AesCrypt follows the normative reference of [FIPS197] (http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf).   As far as the statement about AES128 encryption CFB mode,  we also confirmed that we do use 0 as Initialize Vector(IV), so in this case all you have to do is set the IV to the 128-bit quantity consisting of all zeros.   The reference we are using for CFB mode is [SP800-38A] ( http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf ) which states that CFB mode requires a valid and unpredictable IV (Section 6.3). Zero is a valid IV, certainly not unpredictable. However, the unpredictability is required only to guard against specific types of attacks, which become possible when a single key is used to encrypt a large number of related plaintexts. Predictable IVs could be used in applications where this is not a concern.   
>> thanks I'll try that.
>>
>> AES128 is also used in section 3.3.4.2.1 "Generating an Initial Netlogon
>> Signature Token" under 8., is that the same AesCrypt function (also
>> using CFB mode) with a just IV being contructed by using the sequence
>> number twice?
> 
> I've tried to get that working, but it doesn't work:-(
> 
> I've setup a trust between two w2k8r2 domains and captured the
> ServerReqChallenge and ServerAuthenticate3. And they're using Netlogon
> Schannel with AES. (They also use NDR64, wireshark doesn't handle this
> yet...)
> 
> There're 5 ServerAuthenticate3 exchanges in the capture
> and I put the data into a simple standalone crypto challenge
> program.
> 
> So all we need is to find the algorithm to recalculate the examples,
> changing the mxnrpc.c file.
> 
> metze
> 
>>>   We will update the document with the correct references to the related statements in the MS-NRPC document.
>> It would be really nice if you could also add some more example values
>> in secion 4.2 Cryptographic Values for Session Key Validation.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: metze-aes-2009091500.tar.gz
Type: application/gzip
Size: 62975 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090915/82b497a9/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090915/82b497a9/attachment-0001.pgp>


More information about the cifs-protocol mailing list