Re: [cifs-protocol] MS-NRPC: AES Schannel problems

Tue, 25 Aug 2009 15:27:00 -0700 

Metze,



    The SharedSecret used for AES session key computation, as described in 
3.1.4.3 MS-NRPC , should be the NTOWF (MD4(UNICODE(Passwd))) of the plaintext 
password.   The section 3.1.1 of MS-NRPC explains what a SharedSecret is used 
for session key calculation in Windows implementations.  The SharedSecret  is 
stored in UnicodePwd AD attribute.  Please see section 3.1.1 and Windows 
Behavior notes <66>,<67> of MS-NRPC for details.



     I will continue working on all questions related to AES encryption.



Thanks!


--------------------------------------------------------------------
Hongwei  Sun - Sr. Support Escalation Engineer
DSC Protocol  Team, Microsoft
[email protected]<mailto:[email protected]>
Tel:  469-7757027 x 57027
---------------------------------------------------------------------







-----Original Message-----

From: Stefan (metze) Metzmacher [mailto:[email protected]]

Sent: Tuesday, August 25, 2009 11:13 AM

To: Interoperability Documentation Help

Cc: [email protected]; [email protected]

Subject: MS-NRPC: AES Schannel problems



Hi,



I'm currently trying to implement the AES based Netlogon Secure Channel in 
Samba.



But the documentation is not really clear about the used algorithms.



I have started with the implementation here:

http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-schannel



And here's the actual commit that tries to add aes support:

http://gitweb.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=50dca9ce0f051c863f00cc949db2c19bf247887b



In Section "3.1.4.3 Session-Key Computation" the hmac-sha256 base computation 
of the session-key seems to use the plain SharedSecret and not the NT-HASH of 
it (MD4(UNICODE(ShareSecret))), is that correct?

I thought the plain text is never stored in AD by default...

Where should the netlogon server get the plain text from?

I just tried the NT-HASH see my netlogon_creds_init_hmac_sha256() function.



In Section "3.1.4.4 Netlogon Credential Computation" there's a AesEncrypt 
function used. Can you please document the exact algorithm that's used there. 
You say AES128 is used in CFB mode without initialization vector.



http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

says that all modes except ECB require an IV.



It would also be nice if you could add some more example values in secion 4.2 
Cryptographic Values for Session Key Validation.



metze











_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to