[kitten] Issue with MechListMIC
Arnab Bakshi <arnab.bakshi@gmail.com> Tue, 17 January 2012 08:54 UTC
Return-Path: <arnab.bakshi@gmail.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAE1821F8692 for <kitten@ietfa.amsl.com>; Tue, 17 Jan 2012 00:54:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKEsXDFQE4KL for <kitten@ietfa.amsl.com>; Tue, 17 Jan 2012 00:54:23 -0800 (PST)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id B816221F8634 for <kitten@ietf.org>; Tue, 17 Jan 2012 00:54:23 -0800 (PST)
Received: by yenr11 with SMTP id r11so1777136yen.31 for <kitten@ietf.org>; Tue, 17 Jan 2012 00:54:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=NVUEaGPszHJw3NOxAa9TR55BIqd6ajwzyluqP60Q7os=; b=C36xpL4SLFuy3hm7+Djbch5hHsPUm5A0iJCdNpxGIyWln9Toy7nZzPKcAhY9T9BEX2 9nEWgW91zQuyQ6NK/dun7diDZUN923bx5bP1NIrSTu3RXqBXh4RpSmhw6UvgiJfHsROq hWf9bR7G2/M7IUtX9VosAjaEIOiB7IDoXg6RU=
Received: by 10.236.78.6 with SMTP id f6mr22536763yhe.109.1326790463296; Tue, 17 Jan 2012 00:54:23 -0800 (PST)
MIME-Version: 1.0
Received: by 10.146.123.3 with HTTP; Tue, 17 Jan 2012 00:54:02 -0800 (PST)
From: Arnab Bakshi <arnab.bakshi@gmail.com>
Date: Tue, 17 Jan 2012 14:24:02 +0530
Message-ID: <CAM+--j_5y0ovQ5yNJ7DSS=5eA6inQRZMZeeP9c-_8CWTfd2NCg@mail.gmail.com>
To: kitten@ietf.org
Content-Type: multipart/mixed; boundary="20cf3005154041958204b6b57aff"
Subject: [kitten] Issue with MechListMIC
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2012 08:54:24 -0000
Hi,**** **** I am trying to develop a SMB2 implementation of my own and right now I would require some assistance on the authentication using SPNEGO and NTLMSSP. I am describing the issue I am getting as follows...**** **** I am using NTLM2 since extended security is ON, key exchange is ON. Please refer to the packet capture attached.**** Using the methodology defined in the specs I am able to get the signing and sealing keys perfectly. The MIC digest also looks fine. The problem I am getting is with the *mechListMIC* generation for the last negTokenTarg from the client. I am aware of the seqnum and version fields in the mechListMIC field but I am not getting through with the digest part(8 byte). The RFC4718 mentions about the DER encoding of mechTypeList received from initiator (server in this case) but by using that it is not matching with the generated digest in the packet.**** **** Can anybody kindly help with the algorithm in* generating the mechListMIC value*. I have mentioned the Sign Key, Seal Key, Mech Types List, Generated Random key on client, the mechListMIC and packet**** capture for your reference. It will be great if we can take these values as sample.**** **** Sign Key: ~~~~~~~~~~ ec-00-57-ad-88-de-cd-70-0-a7-bc-6f-b0-a8-21-d8**** **** Seal Key: ~~~~~~~~~~ 91-71-c7-7f-16-16-1-4-c2-62-cd-7f-68-1e-10-2f**** **** Mech Types List: ~~~~~~~~~~~~~~~~ 30-2e-06-09-2a-86-48-82-f7-12-01-02-02-06-09-2a-86-48-86-f7-12-01-02-02-06-0a-2a-86-48-86-f7-12-01-02-02-03-06-0a-2b-06-01-04-01-82-37-02-02-0a **** Full NegTokenInit: ~~~~~~~~~~~~~~~~~~ 0xa0,0x60,0x30,0x5e,0xa0,0x30,0x30,0x2e,0x06,0x09,0x2a,0x86,0x48,0x82,0xf7,0x12 ,0x01,0x02,0x02,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x12,0x01,0x02,0x02,0x06,0x0a ,0x2a,0x86,0x48,0x86,0xf7,0x12,0x01,0x02,0x02,0x03,0x06,0x0a,0x2b,0x06,0x01,0x04 ,0x01,0x82,0x37,0x02,0x02,0x0a,0xa3,0x2a,0x30,0x28,0xa0,0x26,0x1b,0x24,0x6e,0x6f ,0x74,0x5f,0x64,0x65,0x66,0x69,0x6e,0x65,0x64,0x5f,0x69,0x6e,0x5f,0x52,0x46,0x43 ,0x34,0x31,0x37,0x38,0x40,0x70,0x6c,0x65,0x61,0x73,0x65,0x5f,0x69,0x67,0x6e,0x6f ,0x72,0x65**** **** Encrypted Session Key: ~~~~~~~~~~~~~~~~~~~~~~ fd-ae-58-07-25-66-af-83-cf-08-f5-a8-ce-19-7e-79**** Generated Random Key: ~~~~~~~~~~~~~~~~~~~~~ 0x0d, 0xa8, 0xfe, 0xdc, 0x2a, 0x32, 0xc1, 0x9b, 0xdf, 0xd2, 0xd1, 0xad, 0x90, 0x3f, 0x39, 0x70**** MechListMIC@ negTokenTarg from client: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 0x01,0x00,0x00,0x00,0x61,0x1d,0xd3,0x3d,0xc3,0x65,0xbc,0x9f,0x00,0x00,0x00,0x00 **** **** Warm Regards Arnab
- [kitten] Issue with MechListMIC Arnab Bakshi