[cifs-protocol] [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
Jeff McCashland (He/him)
jeffm at microsoft.com
Wed Jul 27 20:48:03 UTC 2022
Hi Andreas,
Here are the updates that we came up with for [MS-SAMR] to help clarify the process:
We expanded the table of constants and added definitions:
2.2.1.18 AEAD-AES-256-CBC-HMAC-SHA512 Constants
The following constants are used for wire encryption of sensitive data with the AEAD-AES-256-CBC-HMAC-SHA512 cipher, as specified in [AES-CBC] and in section 3.2.2.4.
Constant Name /value Description
Versionbyte 0x01 Version identifier
versionbyte_length 1 Version identifier length
SAM_AES_256_ALG "AEAD-AES-256-CBC-HMAC-SHA512" A NULL terminated ANSI string
SAM_AES256_ENC_KEY_STRING "Microsoft SAM encryption key AEAD-AES-256-CBC-HMAC-SHA512 16" A NULL terminated ANSI string
SAM_AES256_MAC_KEY_STRING "Microsoft SAM MAC key AEAD-AES-256-CBC-HMAC-SHA512 16" A NULL terminated ANSI string
SAM_AES256_ENC_KEY_STRING_LENGTH sizeof(SAM_AES256_ENC_KEY_STRING) (61) The length of SAM_AES256_ENC_KEY_STRING including the null terminator.
SAM_AES256_MAC_KEY_STRING_LENGTH sizeof(SAM_AES256_MAC_KEY_STRING) (54) The length of SAM_AES256_MAC_KEY_STRING including the null terminator
We added a couple of clarifying comments to this section:
3.2.2.4 AES Cipher Usage
§ For SamrUnicodeChangePasswordUser4 and SamrSetInformationUser2 the secret plaintext must be in format specified in Section 2.2.6.32.
Note that enc_key is truncated to 32-bytes and the entire 64-byte mac_key is used.
We adjusted this section and added clarifying comments:
3.2.2.5 Deriving an Encryption Key from a Plaintext Password
The client MUST derive the CEK in the following manner:
A 16-byte encryption key is derived using the PBKDF2 algorithm with HMAC SHA-512, the NT-hash of the users existing password, a random 16-byte Salt, and an Iteration count.
The Iteration Count MUST be between 5000 and 1,000,000 inclusive.
CEK :: = (PBKDF2(NT HASH of "OldPassword", Salt, Iteration Count, 16))
I hope that helps!
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
-----Original Message-----
From: Andreas Schneider <asn at samba.org>
Sent: Monday, June 27, 2022 4:56 AM
To: Jeff McCashland (He/him) <jeffm at microsoft.com>
Cc: cifs-protocol at lists.samba.org; Jeff McCashland <jeffm at microsoftsupport.com>; Obaid Farooqi <obaidf at microsoft.com>
Subject: [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
On Wednesday, June 22, 2022 8:09:34 PM CEST Jeff McCashland (He/him) wrote:
> Hi Andreas,
Hi Jeff,
> I will research your question and see what we can come up with for
> test data.
thank you very much. Looking forward to hear from you :-)
Andreas
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 |
> Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> Local country phone number found here:
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuppo
> rt.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.
> com%7Cb133cf48cfa147d4956b08da5833fc38%7C72f988bf86f141af91ab2d7cd011d
> b47%7C1%7C0%7C637919277699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&
> amp;sdata=%2BJdN4TiV%2Bvqq4dqYGpq7mGhZ1vh3gQrrvgjqsBuBXbg%3D&reser
> ved=0 | Extension
> 1138300 We value your feedback. My manager is Stacy Gray (stacygr),
> +1
> (469) 775-4055
>
> -----Original Message-----
> From: Obaid Farooqi <obaidf at microsoft.com>
> Sent: Tuesday, June 21, 2022 9:08 AM
> To: Andreas Schneider <asn at samba.org>
> Cc: cifs-protocol at lists.samba.org; Obaid Farooqi
> <obaidf at microsoftsupport.com> Subject: [EXTERNAL] [MS-SAMR]
> AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
>
> Hi Andreas:
> Thanks for contacting Microsoft. I have created a case to track this issue.
> A member of the open specifications team will be in touch soon.
>
> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
>
> -----Original Message-----
> From: Andreas Schneider <asn at samba.org>
> Sent: Tuesday, June 21, 2022 8:00 AM
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> Cc: cifs-protocol at lists.samba.org
> Subject: [EXTERNAL] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512
>
> Hello Dochelp,
>
> I'm trying to implement support for AEAD-AES-256-CBC-HMAC-SHA512 from
> [MS- SAMR] 3.2.2.4 AES Cipher Usage.
>
> This is not really easy as there are some details unclear. I would
> love to write a unit test for AEAD-AES-256-CBC-HMAC-SHA512.
>
> Could you please provide hexdump of the buffers used in encryption
> from a
> SamrSetInformationUser2 level 31 from a test platform.
>
> When it performs the following:
>
> Let enc_key ::= HMAC-SHA-512(CEK, SAM_AES256_ENC_KEY_STRING) Let
> mac_key ::= HMAC-SHA-512(CEK, SAM_AES256_MAC_KEY_STRING) Let Cipher
> ::= AES-CBC(enc_key, IV, secret_plaintext) Let AuthData ::=
> HMAC-SHA-512(mac_key, versionbyte + IV + Cipher + versionbyte_length)
>
>
> I would like to have hexdumps of the following buffers:
>
> * cek (16byte sesssion key)
> * enc_key
> * mac_key
> * IV
> * secret_plaintext
> * cipher
> * authdata
>
> The RFC implementation provides something like that, see:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftool
> s.ietf%2F&data=05%7C01%7Cjeffm%40microsoft.com%7Cb133cf48cfa147d49
> 56b08da5833fc38%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637919277
> 699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ihsJ1PYjg2cT7
> 4D3zmlfdDV3UEVNtpJeOX%2BPWQYmg%2FI%3D&reserved=0
> .org%2Fid%2Fdraft-mcgrew-aead-aes-cbc-hmac-sha2-03.html%23rfc.section.
> 5.4&am
> p;data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7cc1b08da53a03
> c24%7C
> 72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310820%7CUnknow
> n%7CTW
> FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6
> Mn0%3D
> %7C3000%7C%7C%7C&sdata=jzVMJ8GS%2BP30uF6pHSTfJf8ioOzDOK69Y%2ByyFKD
> zpKo%3
> D&reserved=0
>
> This would allow me to write a unit test and figure out the details
> what in my implementation something goes wrong. I can then provide
> feedback to improve the documentation.
>
>
> Thank you very much!
>
>
> Best regards
>
>
> Andreas Schneider
>
>
> --
> Andreas Schneider asn at samba.org
> Samba Team
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba%2F&data=05%7C01%7Cjeffm%40microsoft.com%7Cb133cf48cfa147d4956b08da5833fc38%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637919277699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Q04le03I8jml11uEltlzIssEEkpVMfFeHjDYdw2cPIU%3D&reserved=0.
> org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7cc1b
> 08da53
> a03c24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310820
> %7CUnk
> nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw
> iLCJXV
> CI6Mn0%3D%7C3000%7C%7C%7C&sdata=0VU8ycMe9EFGOAEV7JROkmRRoQCDje5N%2FxAIbz
> qpbI4%3D&reserved=0 GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
--
Andreas Schneider asn at samba.org
Samba Team https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba.org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7Cb133cf48cfa147d4956b08da5833fc38%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637919277699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2B765ffn57cwQ8e0bIfKTw1cGoYcX4jXUiZ0KQkjaVCM%3D&reserved=0
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the cifs-protocol
mailing list