[cifs-protocol] [MS-OAPXBC] Incorrect session key instructions
David Mulder
dmulder at samba.org
Wed Jan 17 20:50:16 UTC 2024
On 1/17/24 1:29 PM, David Mulder via cifs-protocol wrote:
> In [MS-OAPXBC] section 3.2.5.1.2.2, it says to obtain the session key,
> to decrypt the base64 encoded JWE called `session_key_jwe` in the json
> response object. There are a couple of issues with this.
>
> First, the `session_key_jwe` is not base64 encoded.
Well, technically each field of a JWE is base64 encoded prior to
parsing. Perhaps this is what the [MS-OAPXBC] spec is referring to? If
so, that wording is a bit confusing.
> Is there some kind of padding in the CEK field of a JWE response from
> MS? We've tried truncating the field to decrypt it, but to no avail.
> We also thought that perhaps the CEK itself was base64 encoded (which
> FYI would not obey the [RFC7516] spec), but that doesn't allow
> decryption of the field either.
Here I meant we attempted to base64 decode the field a second time,
which seems odd, but [MS-OAPXBC] isn't clear what it means.
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
More information about the cifs-protocol
mailing list