Hi Andreas, I will research your question and see what we can come up with for test data.
Best regards, Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300 We value your feedback. My manager is Stacy Gray (stacygr), +1 (469) 775-4055 -----Original Message----- From: Obaid Farooqi <oba...@microsoft.com> Sent: Tuesday, June 21, 2022 9:08 AM To: Andreas Schneider <a...@samba.org> Cc: cifs-protocol@lists.samba.org; Obaid Farooqi <oba...@microsoftsupport.com> Subject: [EXTERNAL] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850 Hi Andreas: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalation Engineer | Microsoft -----Original Message----- From: Andreas Schneider <a...@samba.org> Sent: Tuesday, June 21, 2022 8:00 AM To: Interoperability Documentation Help <doch...@microsoft.com> Cc: cifs-protocol@lists.samba.org Subject: [EXTERNAL] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 Hello Dochelp, I'm trying to implement support for AEAD-AES-256-CBC-HMAC-SHA512 from [MS- SAMR] 3.2.2.4 AES Cipher Usage. This is not really easy as there are some details unclear. I would love to write a unit test for AEAD-AES-256-CBC-HMAC-SHA512. Could you please provide hexdump of the buffers used in encryption from a SamrSetInformationUser2 level 31 from a test platform. When it performs the following: Let enc_key ::= HMAC-SHA-512(CEK, SAM_AES256_ENC_KEY_STRING) Let mac_key ::= HMAC-SHA-512(CEK, SAM_AES256_MAC_KEY_STRING) Let Cipher ::= AES-CBC(enc_key, IV, secret_plaintext) Let AuthData ::= HMAC-SHA-512(mac_key, versionbyte + IV + Cipher + versionbyte_length) I would like to have hexdumps of the following buffers: * cek (16byte sesssion key) * enc_key * mac_key * IV * secret_plaintext * cipher * authdata The RFC implementation provides something like that, see: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fid%2Fdraft-mcgrew-aead-aes-cbc-hmac-sha2-03.html%23rfc.section.5.4&data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7cc1b08da53a03c24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310820%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jzVMJ8GS%2BP30uF6pHSTfJf8ioOzDOK69Y%2ByyFKDzpKo%3D&reserved=0 This would allow me to write a unit test and figure out the details what in my implementation something goes wrong. I can then provide feedback to improve the documentation. Thank you very much! Best regards Andreas Schneider -- Andreas Schneider a...@samba.org Samba Team https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba.org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7cc1b08da53a03c24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310820%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0VU8ycMe9EFGOAEV7JROkmRRoQCDje5N%2FxAIbzqpbI4%3D&reserved=0 GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol
