Re: [cifs-protocol] [MS-NRPC] Problem encrypting data when use AES based Netlogon SChannel

Wed, 13 Jul 2011 03:06:11 -0700 

Hi Metze/Mike:
        Finally, I get the AES-based schannel working with windows 2008r2 
domain now, thank you for your clue and help! 

        The [MS-NRPC].pdf have following incorrect and misleading information:  
        1.  The spec (section 3.3.4.2.1 step 8) did not clearly mention how to 
construct the initialization vector for data encryption. 
              The correct ivec to use in encrypting the data is 
                seqNum + encrypted(confounder)  
        2. When AES encryption type is negotiated, the auth signature to use is 
NL_AUTH_SHA2_SIGNATURE (which confounder offset=48), as mentioned in section 
2.2.1.3.3  
             However, one have to put the confounder at offset=24, which is 
same offset as NL_AUTH_SIGNATURE.  

Thanks,
Yen
-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:[email protected]] 
Sent: Tuesday, July 05, 2011 2:37 PM
To: Moh Yen Liew
Cc: Michael B Allen; [email protected]
Subject: Re: [cifs-protocol] [MS-NRPC] Problem encrypting data when use AES 
based Netlogon SChannel

Hi,

>    According to MS-NRPC pg 111, bit 17 (indicated as  bit R) of  negotiable 
> flag is actually referring to  "supports the NetrServerPasswordSet2 
> functionality".  
> In the packet trace that attached earlier, I had successfully negotiated the 
> session key (from pkt 519-523) with the DC using unprotected RPC and 
> established the SChannel.    
> However, when sending the encrypted message (encrypted with AES-key derived 
> from the session key) over Schannel to DC, DC   responded with DCE RPC fault 
> with error = 0x00000721. 
> 
> And,  I also tried to use the initialization vector constructed using the 
> last block (size=8 bytes) of the encrypted Confounder field, same error code 
> returned from DC. 
> 
> There's no problem if only integrity is negotiated.   
> So, I suppose the ivec mentioned in the MS-NRPC spec  to encrypt the message 
> might not correct  ?   

Take a look at this branch, it contains working code, at least it worked
a year ago against w2k8r2.
http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-schannel

Maybe that helps.
metze

_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to