[cifs-protocol] [EXTERNAL] [MS-OAPXBC] Incorrect session key instructions
David Mulder
dmulder at samba.org
Thu Jan 25 17:02:17 UTC 2024
On 1/25/24 9:54 AM, David Mulder via cifs-protocol wrote:
>
>
> On 1/25/24 9:45 AM, David Mulder wrote:
>>
>>
>> On 1/25/24 9:41 AM, Sreekanth Nadendla wrote:
>>> Hello David, the data obtained after base64url decode is the key in
>>> encrypted form. You would use the machine transport key to decrypt
>>> this to obtain the pop key you need. Can you check if this works?
>> That's exactly the problem. It can't be decrypted using the transport
>> key. The number of bytes is too long. The CEK returned by MS appears
>> to be corrupted (or a buffer overrun on your side, we're not sure).
>
> For example:
>
> > python3
>
> >>> from cryptography.hazmat.primitives import serialization
> >>> from cryptography.hazmat.primitives.asymmetric import padding
> >>> from cryptography.hazmat.primitives import hashes
> >>> transport_key = serialization.load_der_private_key(b'<redacted>',
> None)
>
> >>> session_key_jwe =
> "eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.Lwx1oUwtrOVhZoHkPlNCVfvmInTIVfkpY4daNtS7fiL-dL-G2pgnSbCG23vwmk8VF9dbQPKkN4ERiWsXA8hjaZPE4XcWsylUrbT65hyO3U_r3nXLGxAYX06rRP21L8ak1qoFAl9wodJI30yHmBqYdsrO3BNa0QRXNmvliRF1fNnvzuRj5VQiqFi78-8as7rwKtUQ117R11q3EvaoYgwQUJS1JdDAiRDRHuVpVmfH8Gf279EpRuhKlyEN1gtjXCcK1U9cj3Oco47JeS3AuCZOrU0Q0rRSt0hWBFC21mLxqQ64hXTG3NOb5O-DFoN7sIf7vDBdQloZ2Sxq5gDVdegfmcsKTnjD3nooJIOuT8mmCyTeqdHlio-sYNBm0QzSsLPP3Dngl1bK.yLJM5ZkeigtBz5Cl.TA.lBRRBpOedY0K62Ti7jDqNA"
>
> >>> encKey = base64.urlsafe_b64decode(session_key_jwe_parts[1]+'==')
> >>>
> >>> transport_key.decrypt(encKey,
> padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()),
> algorithm=hashes.SHA1(), label=None))
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File
> "/usr/lib64/python3.11/site-packages/cryptography/hazmat/backends/openssl/rsa.py",
> line 444, in decrypt
> raise ValueError("Ciphertext length must be equal to key size.")
> ValueError: Ciphertext length must be equal to key size.
Powershell also fails to decrypt that CEK:
MethodInvocationException:
/home/dmulder/.local/share/powershell/Modules/AADInternals/0.9.2/PRT_Utils.ps1:754
Line |
754 | … $CEK =
[System.Security.Cryptography.RSAOAEPKeyExchang …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Exception calling "DecryptKeyExchange" with "1" argument(s):
"The length of the data to decrypt is not valid
| for the size of this key."
I got this error by feeding the bad session_key_jwe response into
Powershell with the transport_key and attempting to decrypt it.
--
David Mulder
Labs Software Engineer, Samba
SUSE
1221 S Valley Grove Way, Suite 500
Pleasant Grove, UT 84062
(P)+1 385.208.2989
dmulder at suse.com
http://www.suse.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240125/09104b55/attachment.htm>
More information about the cifs-protocol
mailing list