[cifs-protocol] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512
Andreas Schneider
asn at samba.org
Tue Jun 21 12:59:36 UTC 2022
Hello Dochelp,
I'm trying to implement support for AEAD-AES-256-CBC-HMAC-SHA512 from [MS-
SAMR] 3.2.2.4 AES Cipher Usage.
This is not really easy as there are some details unclear. I would love to
write a unit test for AEAD-AES-256-CBC-HMAC-SHA512.
Could you please provide hexdump of the buffers used in encryption from a
SamrSetInformationUser2 level 31 from a test platform.
When it performs the following:
Let enc_key ::= HMAC-SHA-512(CEK, SAM_AES256_ENC_KEY_STRING)
Let mac_key ::= HMAC-SHA-512(CEK, SAM_AES256_MAC_KEY_STRING)
Let Cipher ::= AES-CBC(enc_key, IV, secret_plaintext)
Let AuthData ::= HMAC-SHA-512(mac_key, versionbyte + IV + Cipher +
versionbyte_length)
I would like to have hexdumps of the following buffers:
* cek (16byte sesssion key)
* enc_key
* mac_key
* IV
* secret_plaintext
* cipher
* authdata
The RFC implementation provides something like that, see:
https://tools.ietf.org/id/draft-mcgrew-aead-aes-cbc-hmac-sha2-03.html#rfc.section.5.4
This would allow me to write a unit test and figure out the details what in my
implementation something goes wrong. I can then provide feedback to improve
the documentation.
Thank you very much!
Best regards
Andreas Schneider
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the cifs-protocol
mailing list