NTLM2 signing question

Andrew Bartlett abartlet at samba.org
Wed Aug 23 19:15:35 GMT 2006

On Wed, 2006-08-23 at 10:52 -0400, Eric Glass wrote:
> I am doing a bit of documentation revision, and had some questions
> around NTLM2 signing (I see it was worked out a couple of years back,
> good stuff).  When I had looked at it previously (just examining
> output of the MakeSignature SSPI function rather than as part of
> MSRPC) I observed the following as the signing process:

And we are very grateful for what you did examining that output.  It
made this much easier for us, and I still reference your excellent
documentation :-)

> 1. A sequence number is obtained; this starts at zero and is
> incremented after each message is signed. The number is represented as
> a 32-bit little-endian value.
> 2. The sequence number is concatenated with the message; the HMAC-MD5
> message authentication code algorithm is applied to this value, using
> the appropriate (client-to-server or server-to-client) Signing Key.
> This yields a 16-byte value.
> 3. If Key Exchange has been negotiated, an RC4 cipher is initialized
> using the appropriate Sealing key. This is done once (during the first
> operation), and the keystream is never reset; the first eight bytes
> from the HMAC result are encrypted using this RC4 cipher.  If Key
> Exchange has not been negotiated, this sealing operation is not
> performed.
> 4. A version number ("0x01000000") is concatenated with the result
> from the previous step and the sequence number to form the signature.
> It would seem the on-wire process is basically the same, but used as
> part of an AEAD generic composition; i.e. the sealed buffer is a
> subset of the signed buffer (in the RPC case the entire PDU is signed
> while only the "payload" is sealed).  Is this correct, or am I missing
> some additional intricacies?

That's pretty much correct.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060824/679e82c0/attachment.bin

More information about the samba-technical mailing list