[cifs-protocol] [MS-SAMR] 3.2.2.5 Deriving an Encryption Key fr... - TrackingID#2207140040006706
Hung-Chun Yu
HungChun.Yu at microsoft.com
Thu Jul 14 17:19:44 UTC 2022
[BCC] dochelp
HI Andreas
Thank you for contacting Microsoft Open Specifications Support. We created SR Case - TrackingID#2207140040006706 to track this issue. Do leave this tag in the subject line for future reference.
One of our engineers will be contacting you shortly.
Hung-Chun Yu
Escalation Engineer
Microsoft Open Specifications
-----Original Message-----
From: Andreas Schneider <asn at samba.org>
Sent: Thursday, July 14, 2022 1:03 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] [MS-SAMR] 3.2.2.5 Deriving an Encryption Key from a Plaintext Password
Dear Dochelp Team,
I need your help again :-)
I'm trying to implement SamrUnicodeChangePasswordUser4. However when I try to run my implementation against Windows. I always get STATUS_WRONG_PASSWORD returned.
For the SamrUnicodeChangePasswordUser4 method (section 3.1.5.10.4), the shared secret is the plaintext old password and the CEK is generated as specified in section 3.2.2.5.
3.2.2.5 Deriving an Encryption Key from a Plaintext Password
The client MUST derive the CEK in the following manner:
CEK :: = (PBKDF2(NT HASH of "OldPassword", Salt, IterationCount, 512))
Looking at the RFC 8018 section 5.2:
PBKDF2 (P, S, c, dkLen)
Options: PRF underlying pseudorandom function (hLen
denotes the length in octets of the
pseudorandom function output)
Input: P password, an octet string
S salt, an octet string
c iteration count, a positive integer
dkLen intended length in octets of the derived
key, a positive integer, at most
(2^32 - 1) * hLen
Output: DK derived key, a dkLen-octet string
The MS-SAMR document doesn't say a word about the dkLen. Which would be how many bytes the pbkdf2 function should return for the CEK.
I've used 16 bytes (same as the session key) as dkLen. However I get STATUS_WRONG_PASSWORD
./bin/rpcclient ncacn_np:earth.milkyway.site -U'bob%Pa$$w0rd at 3' -c 'chgpasswd4
bob Pa$$w0rd at 3 Pa$$w0rd at 6'
[...]
rpc_api_pipe: host earth.milkyway.site returned 4 bytes.
samr_ChangePasswordUser4: struct samr_ChangePasswordUser4
out: struct samr_ChangePasswordUser4
result : NT_STATUS_WRONG_PASSWORD
I've uploaded traces to:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Ffiles&data=05%7C01%7CHungChun.Yu%40microsoft.com%7C4c216d9664f84aa26ea108da656f4afc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637933826264402026%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=B%2BmNTpObYlMEbP2GV%2FEueTh9DIZ4v01Jw0Hl7hkXZy0%3D&reserved=0?
workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c2lkIjoiNTY5YjBlMTItMzYyNS00NjhlLWIwNjgtOTBiZDYyZDk2MTllIiwic3IiOiIyMjA3MTEwMDQwMDA4ODMyIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiJhYzUxMDFlOS1mMTExLTQ5MGUtOGVlYS04NWMxNGMyNzMyNmIiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE2NjU0MTQxMzEsIm5iZiI6MTY1NzYzODEzMX0.Oe0Nrl4WiClzTrLHTGeFVX6S-
oHNH4LjSGoiVF9eXNo9wN9w-
NyabVRaEUpWVvKheXcqukAuNYvxDGCnoj2ZbpPsE1JY4EByZfqC2l--8i6N0smD8Rtccd_YLg_hx9SqGO-
Dgr6Y5zLo6FMBUnfF6xQ8jhqB5a7ZJf4-
TfMnCgXDsltrLzB_JU1rLDsVGI5ZzZfN9BEOJeKxS9PJEB3azUy8lFvcMsyq8ZL5LOzyQyhg7H2CglwDjzNeGmg2Wov8vdVdh3Ahk0AZ08Otf7i-7tpggx0F9FsH13oS2j6IOzEni23z2G6AqNL4j7ss_23sCp5njIL70rvGv3LliynERA&wid=569b0e12-3625-468e-
b068-90bd62d9619e
Help here would be much appreciated. Thanks you dochelp team.
Best regards
Andreas
--
Andreas Schneider asn at samba.org
Samba Team https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba.org%2F&data=05%7C01%7CHungChun.Yu%40microsoft.com%7C4c216d9664f84aa26ea108da656f4afc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637933826264402026%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=8oUja8URtgtjjeLYFRxZN7fkLNS59uWBB73aQtx2xAM%3D&reserved=0
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the cifs-protocol
mailing list