Implement samba.crypto.arcfour_crypt_blob for Python access
Günther Deschner
gd at samba.org
Tue Mar 14 16:49:34 UTC 2017
Hi Alexander,
RB+, looks fine and pushed to autobuild.
Thanks,
Guenther
On 10/03/17 15:43, Alexander Bokovoy wrote:
> Hi,
>
> attached patch improves availability of Samba AD in FIPS 140-2 environment.
>
> To establish trust relationship, we call CreateTrustedDomainEx2 LSA
> call. This call requires to encrypt AuthenticationInformation blob with
> RC4 cipher. While Samba C code does use lib/crypto/arcfour.c to have
> independent RC4 implementation, Python code relies on system Python
> libraries to get access to RC4 cipher.
>
> In FIPS 140-2 compliant environment all non-compliant ciphers are
> disabled and calling them causes an error. Thus, encrypting
> AuthenticationInformation blob with RC4 is not possible in this
> environment.
>
> Use of RC4 is part of the MS-LSAD 5.1.1:
> ----------
> Implementations of this protocol protect the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
> structure by encrypting the data referenced by that structure's AuthBlob field.
> The RC4 algorithm is used to encrypt the data on request (and reply) and
> decrypt the data on receipt. The key, required during runtime by the RC4
> algorithm, is the 16-byte key specified by the method that uses this
> structure (for example, see section 3.1.4.7.10). The size of data (the
> AuthSize field of LSAPR_TRUSTED_DOMAIN_AUTH_BLOB) must remain unencrypted.
> ----------
>
> I asked Microsoft dochelp team on the matter and got an answer:
>
> ----------
> FIPS mode does not change Windows Server product behavior with regards
> to MS-LSAD 5.1.1.
>
> LSAD goes over RPCE, which in turn goes over SMB/SMB2 transport. The
> protocol requires packet integrity or encryption at the RPCE level.
> MS-SMB/CIFS and MS-SMB2 (and its related authentication protocols)
> define what cryptographic algorithms are used respectively by each
> dialect of the protocol. As specified in the specs, each negotiated
> protocol parameters indicates what crypto is used. This does not depend
> on any FIPS mode configuration.
>
> On Windows, SMB1 can be disabled by configuration if desired, but this
> is purely driven by known security limitations with SMB1 protocol,
> rather than FIPS enforcing any policy.
>
> The encrypted blob (LSAPR_TRUSTED_DOMAIN_AUTH_BLOB structure you are
> referring to) is RC4-encrypted at the application level using the key
> from that RPC binding session.
>
> The encryption key is the session key from the RPC binding policy
> handle.
> -----------
>
> As we have RC4 implementation on application level already, exposing it
> to Python code allows us to solve the availability problem.
>
--
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner at redhat.com
Samba Team gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 201 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170314/c030da5b/signature.sig>
More information about the samba-technical
mailing list