Implement samba.crypto.arcfour_crypt_blob for Python access

Günther Deschner gd at samba.org
Tue Mar 14 16:49:34 UTC 2017


Hi Alexander,

RB+, looks fine and pushed to autobuild.

Thanks,
Guenther

On 10/03/17 15:43, Alexander Bokovoy wrote:
> Hi,
> 
> attached patch improves availability of Samba AD in FIPS 140-2 environment.
> 
> To establish trust relationship, we call CreateTrustedDomainEx2 LSA
> call. This call requires to encrypt AuthenticationInformation blob with
> RC4 cipher. While Samba C code does use lib/crypto/arcfour.c to have
> independent RC4 implementation, Python code relies on system Python
> libraries to get access to RC4 cipher.
> 
> In FIPS 140-2 compliant environment all non-compliant ciphers are
> disabled and calling them causes an error. Thus, encrypting
> AuthenticationInformation blob with RC4 is not possible in this
> environment.
> 
> Use of RC4 is part of the MS-LSAD 5.1.1:
> ----------
> Implementations of this protocol protect the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
> structure by encrypting the data referenced by that structure's AuthBlob field.
> The RC4 algorithm is used to encrypt the data on request (and reply) and
> decrypt the data on receipt. The key, required during runtime by the RC4
> algorithm, is the 16-byte key specified by the method that uses this
> structure (for example, see section 3.1.4.7.10). The size of data (the
> AuthSize field of LSAPR_TRUSTED_DOMAIN_AUTH_BLOB) must remain unencrypted.
> ----------
> 
> I asked Microsoft dochelp team on the matter and got an answer:
> 
> ----------
> FIPS mode does not change Windows Server product behavior with regards
> to MS-LSAD 5.1.1.
> 
> LSAD goes over RPCE, which in turn goes over SMB/SMB2 transport. The
> protocol requires packet integrity or encryption at the RPCE level.
> MS-SMB/CIFS and MS-SMB2 (and its related authentication protocols)
> define what cryptographic algorithms are used respectively by each
> dialect of the protocol. As specified in the specs, each negotiated
> protocol parameters indicates what crypto is used. This does not depend
> on any FIPS mode configuration.
> 
> On Windows, SMB1 can be disabled by configuration if desired, but this
> is purely driven by known security limitations with SMB1 protocol,
> rather than FIPS enforcing any policy.
> 
> The encrypted blob (LSAPR_TRUSTED_DOMAIN_AUTH_BLOB structure you are
> referring to) is RC4-encrypted at the application level using the key
> from that RPC binding session.
> 
> The encryption key is the session key from the RPC binding policy
> handle.
> -----------
> 
> As we have RC4 implementation on application level already, exposing it
> to Python code allows us to solve the availability problem.
> 


-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 201 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170314/c030da5b/signature.sig>


More information about the samba-technical mailing list