[cifs-protocol] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
Andreas Schneider
asn at samba.org
Mon Jun 27 11:55:49 UTC 2022
On Wednesday, June 22, 2022 8:09:34 PM CEST Jeff McCashland (He/him) wrote:
> Hi Andreas,
Hi Jeff,
> I will research your question and see what we can come up with for test
> data.
thank you very much. Looking forward to hear from you :-)
Andreas
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol
> Open Specifications Team Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm |
> Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone
> number found here: http://support.microsoft.com/globalenglish | Extension
> 1138300 We value your feedback. My manager is Stacy Gray (stacygr), +1
> (469) 775-4055
>
> -----Original Message-----
> From: Obaid Farooqi <obaidf at microsoft.com>
> Sent: Tuesday, June 21, 2022 9:08 AM
> To: Andreas Schneider <asn at samba.org>
> Cc: cifs-protocol at lists.samba.org; Obaid Farooqi
> <obaidf at microsoftsupport.com> Subject: [EXTERNAL] [MS-SAMR]
> AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
>
> Hi Andreas:
> Thanks for contacting Microsoft. I have created a case to track this issue.
> A member of the open specifications team will be in touch soon.
>
> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
>
> -----Original Message-----
> From: Andreas Schneider <asn at samba.org>
> Sent: Tuesday, June 21, 2022 8:00 AM
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> Cc: cifs-protocol at lists.samba.org
> Subject: [EXTERNAL] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512
>
> Hello Dochelp,
>
> I'm trying to implement support for AEAD-AES-256-CBC-HMAC-SHA512 from [MS-
> SAMR] 3.2.2.4 AES Cipher Usage.
>
> This is not really easy as there are some details unclear. I would love to
> write a unit test for AEAD-AES-256-CBC-HMAC-SHA512.
>
> Could you please provide hexdump of the buffers used in encryption from a
> SamrSetInformationUser2 level 31 from a test platform.
>
> When it performs the following:
>
> Let enc_key ::= HMAC-SHA-512(CEK, SAM_AES256_ENC_KEY_STRING) Let mac_key ::=
> HMAC-SHA-512(CEK, SAM_AES256_MAC_KEY_STRING) Let Cipher ::=
> AES-CBC(enc_key, IV, secret_plaintext) Let AuthData ::=
> HMAC-SHA-512(mac_key, versionbyte + IV + Cipher + versionbyte_length)
>
>
> I would like to have hexdumps of the following buffers:
>
> * cek (16byte sesssion key)
> * enc_key
> * mac_key
> * IV
> * secret_plaintext
> * cipher
> * authdata
>
> The RFC implementation provides something like that, see:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf
> .org%2Fid%2Fdraft-mcgrew-aead-aes-cbc-hmac-sha2-03.html%23rfc.section.5.4&am
> p;data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7cc1b08da53a03c24%7C
> 72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310820%7CUnknown%7CTW
> FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D
> %7C3000%7C%7C%7C&sdata=jzVMJ8GS%2BP30uF6pHSTfJf8ioOzDOK69Y%2ByyFKDzpKo%3
> D&reserved=0
>
> This would allow me to write a unit test and figure out the details what in
> my implementation something goes wrong. I can then provide feedback to
> improve the documentation.
>
>
> Thank you very much!
>
>
> Best regards
>
>
> Andreas Schneider
>
>
> --
> Andreas Schneider asn at samba.org
> Samba Team
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba.
> org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7cc1b08da53
> a03c24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310820%7CUnk
> nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
> CI6Mn0%3D%7C3000%7C%7C%7C&sdata=0VU8ycMe9EFGOAEV7JROkmRRoQCDje5N%2FxAIbz
> qpbI4%3D&reserved=0 GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the cifs-protocol
mailing list