[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006
From: "Jeff McCashland \(He/him\) via cifs-protocol" <cifs-protocol () lists ! samba ! org>
Date: 2022-07-27 20:48:03
Message-ID: DM5PR21MB08274DB7DAEE806432EFCB9BA3979 () DM5PR21MB0827 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]
Hi Andreas,
Here are the updates that we came up with for [MS-SAMR] to help clarify the process:
We expanded the table of constants and added definitions:
2.2.1.18 AEAD-AES-256-CBC-HMAC-SHA512 Constants
The following constants are used for wire encryption of sensitive data with the \
AEAD-AES-256-CBC-HMAC-SHA512 cipher, as specified in [AES-CBC] and in section \
3.2.2.4. Constant Name /value Description
Versionbyte 0x01 Version identifier
versionbyte_length 1 Version identifier length
SAM_AES_256_ALG "AEAD-AES-256-CBC-HMAC-SHA512" A NULL terminated ANSI string
SAM_AES256_ENC_KEY_STRING "Microsoft SAM encryption key AEAD-AES-256-CBC-HMAC-SHA512 \
16" A NULL terminated ANSI string SAM_AES256_MAC_KEY_STRING "Microsoft SAM MAC key \
AEAD-AES-256-CBC-HMAC-SHA512 16" A NULL terminated ANSI string \
SAM_AES256_ENC_KEY_STRING_LENGTH sizeof(SAM_AES256_ENC_KEY_STRING) (61) The length of \
SAM_AES256_ENC_KEY_STRING including the null terminator. \
SAM_AES256_MAC_KEY_STRING_LENGTH sizeof(SAM_AES256_MAC_KEY_STRING) (54) The length of \
SAM_AES256_MAC_KEY_STRING including the null terminator
We added a couple of clarifying comments to this section:
3.2.2.4 AES Cipher Usage
§ For SamrUnicodeChangePasswordUser4 and SamrSetInformationUser2 the secret plaintext \
must be in format specified in Section 2.2.6.32.
Note that enc_key is truncated to 32-bytes and the entire 64-byte mac_key is used.
We adjusted this section and added clarifying comments:
3.2.2.5 Deriving an Encryption Key from a Plaintext Password
The client MUST derive the CEK in the following manner:
A 16-byte encryption key is derived using the PBKDF2 algorithm with HMAC SHA-512, the \
NT-hash of the users existing password, a random 16-byte Salt, and an Iteration \
count. The Iteration Count MUST be between 5000 and 1,000,000 inclusive.
CEK :: = (PBKDF2(NT HASH of "OldPassword", Salt, Iteration Count, 16))
I hope that helps!
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open \
Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific \
Time (US and Canada) Local country phone number found here: \
http://support.microsoft.com/globalenglish | Extension 1138300
-----Original Message-----
From: Andreas Schneider <asn@samba.org>
Sent: Monday, June 27, 2022 4:56 AM
To: Jeff McCashland (He/him) <jeffm@microsoft.com>
Cc: cifs-protocol@lists.samba.org; Jeff McCashland <jeffm@microsoftsupport.com>; \
Obaid Farooqi <obaidf@microsoft.com>
Subject: [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - \
TrackingID#2206210040006850
On Wednesday, June 22, 2022 8:09:34 PM CEST Jeff McCashland (He/him) wrote:
> Hi Andreas,
Hi Jeff,
> I will research your question and see what we can come up with for
> test data.
thank you very much. Looking forward to hear from you :-)
Andreas
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 |
> Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> Local country phone number found here:
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuppo
> rt.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.
> com%7Cb133cf48cfa147d4956b08da5833fc38%7C72f988bf86f141af91ab2d7cd011d
> b47%7C1%7C0%7C637919277699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&
> amp;sdata=%2BJdN4TiV%2Bvqq4dqYGpq7mGhZ1vh3gQrrvgjqsBuBXbg%3D&reser
> ved=0 | Extension
> 1138300 We value your feedback. My manager is Stacy Gray (stacygr),
> +1
> (469) 775-4055
>
> -----Original Message-----
> From: Obaid Farooqi <obaidf@microsoft.com>
> Sent: Tuesday, June 21, 2022 9:08 AM
> To: Andreas Schneider <asn@samba.org>
> Cc: cifs-protocol@lists.samba.org; Obaid Farooqi
> <obaidf@microsoftsupport.com> Subject: [EXTERNAL] [MS-SAMR]
> AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
>
> Hi Andreas:
> Thanks for contacting Microsoft. I have created a case to track this issue.
> A member of the open specifications team will be in touch soon.
>
> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
>
> -----Original Message-----
> From: Andreas Schneider <asn@samba.org>
> Sent: Tuesday, June 21, 2022 8:00 AM
> To: Interoperability Documentation Help <dochelp@microsoft.com>
> Cc: cifs-protocol@lists.samba.org
> Subject: [EXTERNAL] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512
>
> Hello Dochelp,
>
> I'm trying to implement support for AEAD-AES-256-CBC-HMAC-SHA512 from
> [MS- SAMR] 3.2.2.4 AES Cipher Usage.
>
> This is not really easy as there are some details unclear. I would
> love to write a unit test for AEAD-AES-256-CBC-HMAC-SHA512.
>
> Could you please provide hexdump of the buffers used in encryption
> from a
> SamrSetInformationUser2 level 31 from a test platform.
>
> When it performs the following:
>
> Let enc_key ::= HMAC-SHA-512(CEK, SAM_AES256_ENC_KEY_STRING) Let
> mac_key ::= HMAC-SHA-512(CEK, SAM_AES256_MAC_KEY_STRING) Let Cipher
> > > = AES-CBC(enc_key, IV, secret_plaintext) Let AuthData ::=
> HMAC-SHA-512(mac_key, versionbyte + IV + Cipher + versionbyte_length)
>
>
> I would like to have hexdumps of the following buffers:
>
> * cek (16byte sesssion key)
> * enc_key
> * mac_key
> * IV
> * secret_plaintext
> * cipher
> * authdata
>
> The RFC implementation provides something like that, see:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftool
> s.ietf%2F&data=05%7C01%7Cjeffm%40microsoft.com%7Cb133cf48cfa147d49
> 56b08da5833fc38%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637919277
> 699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ihsJ1PYjg2cT7
> 4D3zmlfdDV3UEVNtpJeOX%2BPWQYmg%2FI%3D&reserved=0
> .org%2Fid%2Fdraft-mcgrew-aead-aes-cbc-hmac-sha2-03.html%23rfc.section.
> 5.4&am
> p;data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7cc1b08da53a03
> c24%7C
> 72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310820%7CUnknow
> n%7CTW
> FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6
> Mn0%3D
> %7C3000%7C%7C%7C&sdata=jzVMJ8GS%2BP30uF6pHSTfJf8ioOzDOK69Y%2ByyFKD
> zpKo%3
> D&reserved=0
>
> This would allow me to write a unit test and figure out the details
> what in my implementation something goes wrong. I can then provide
> feedback to improve the documentation.
>
>
> Thank you very much!
>
>
> Best regards
>
>
> Andreas Schneider
>
>
> --
> Andreas Schneider asn@samba.org
> Samba Team
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba%2F&da \
> ta=05%7C01%7Cjeffm%40microsoft.com%7Cb133cf48cfa147d4956b08da5833fc38%7C72f988bf86f1 \
> 41af91ab2d7cd011db47%7C1%7C0%7C637919277699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC \
> 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Q04le03I8jml11uEltlzIssEEkpVMfFeHjDYdw2cPIU%3D&reserved=0.
> org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7cc1b
> 08da53
> a03c24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310820
> %7CUnk
> nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw
> iLCJXV
> CI6Mn0%3D%7C3000%7C%7C%7C&sdata=0VU8ycMe9EFGOAEV7JROkmRRoQCDje5N%2FxAIbz
> qpbI4%3D&reserved=0 GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
--
Andreas Schneider asn@samba.org
Samba Team \
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba.org%2F& \
data=05%7C01%7Cjeffm%40microsoft.com%7Cb133cf48cfa147d4956b08da5833fc38%7C72f988bf86f1 \
41af91ab2d7cd011db47%7C1%7C0%7C637919277699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4w \
LjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2B765ffn57cwQ8e0bIfKTw1cGoYcX4jXUiZ0KQkjaVCM%3D&reserved=0
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic