[cifs-protocol] [EXTERNAL] [MS-OAPXBC] Incorrect session key instructions
William Brown
wbrown at suse.de
Thu Jan 25 04:06:36 UTC 2024
> On 25 Jan 2024, at 13:53, Sreekanth Nadendla <srenaden at microsoft.com> wrote:
>
>
> >We have now been able to get a sample of a valid exchange
> >compact-jwt/src/crypto/ms_oapxbc.rs at b13dda1420e527d639f2962f4022609d2a46ae50 · kanidm/compact-jwt · GitHub
> >with a correctly sized CEK (256 bytes). We are still unsure under what conditions MS is sending us a 294 CEK under.
>
> This means your implementation works fine whenever CEK is 256 bytes ?
Correct - RSA-OAEP can only work on a CEK of 256 bytes when the key in use is 2048bits. This is part of the RSA OAEP specification.
>
> It's unclear how the base64decoded followed by decrypted key varies in size randomly. I will investigate this tomorrow and get back to you.
Thank you, we aren't sure either.
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
More information about the cifs-protocol
mailing list