[cifs-protocol] [MS-NRPC] Problem encrypting data when use AES based Netlogon SChannel
Moh Yen Liew
mohyen.liew at wesoft.com
Wed Jul 13 04:05:57 MDT 2011
Finally, I get the AES-based schannel working with windows 2008r2 domain now, thank you for your clue and help!
The [MS-NRPC].pdf have following incorrect and misleading information:
1. The spec (section 22.214.171.124.1 step 8) did not clearly mention how to construct the initialization vector for data encryption.
The correct ivec to use in encrypting the data is
seqNum + encrypted(confounder)
2. When AES encryption type is negotiated, the auth signature to use is NL_AUTH_SHA2_SIGNATURE (which confounder offset=48), as mentioned in section 126.96.36.199.3
However, one have to put the confounder at offset=24, which is same offset as NL_AUTH_SIGNATURE.
From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
Sent: Tuesday, July 05, 2011 2:37 PM
To: Moh Yen Liew
Cc: Michael B Allen; cifs-protocol at cifs.org
Subject: Re: [cifs-protocol] [MS-NRPC] Problem encrypting data when use AES based Netlogon SChannel
> According to MS-NRPC pg 111, bit 17 (indicated as bit R) of negotiable flag is actually referring to "supports the NetrServerPasswordSet2 functionality".
> In the packet trace that attached earlier, I had successfully negotiated the session key (from pkt 519-523) with the DC using unprotected RPC and established the SChannel.
> However, when sending the encrypted message (encrypted with AES-key derived from the session key) over Schannel to DC, DC responded with DCE RPC fault with error = 0x00000721.
> And, I also tried to use the initialization vector constructed using the last block (size=8 bytes) of the encrypted Confounder field, same error code returned from DC.
> There's no problem if only integrity is negotiated.
> So, I suppose the ivec mentioned in the MS-NRPC spec to encrypt the message might not correct ?
Take a look at this branch, it contains working code, at least it worked
a year ago against w2k8r2.
Maybe that helps.
More information about the cifs-protocol