Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAE1821F8692 for ; Tue, 17 Jan 2012 00:54:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.998 X-Spam-Level: X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKEsXDFQE4KL for ; Tue, 17 Jan 2012 00:54:23 -0800 (PST) Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id B816221F8634 for ; Tue, 17 Jan 2012 00:54:23 -0800 (PST) Received: by yenr11 with SMTP id r11so1777136yen.31 for ; Tue, 17 Jan 2012 00:54:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=NVUEaGPszHJw3NOxAa9TR55BIqd6ajwzyluqP60Q7os=; b=C36xpL4SLFuy3hm7+Djbch5hHsPUm5A0iJCdNpxGIyWln9Toy7nZzPKcAhY9T9BEX2 9nEWgW91zQuyQ6NK/dun7diDZUN923bx5bP1NIrSTu3RXqBXh4RpSmhw6UvgiJfHsROq hWf9bR7G2/M7IUtX9VosAjaEIOiB7IDoXg6RU= Received: by 10.236.78.6 with SMTP id f6mr22536763yhe.109.1326790463296; Tue, 17 Jan 2012 00:54:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.146.123.3 with HTTP; Tue, 17 Jan 2012 00:54:02 -0800 (PST) From: Arnab Bakshi Date: Tue, 17 Jan 2012 14:24:02 +0530 Message-ID: To: kitten@ietf.org Content-Type: multipart/mixed; boundary=20cf3005154041958204b6b57aff Subject: [kitten] Issue with MechListMIC X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2012 08:54:24 -0000 --20cf3005154041958204b6b57aff Content-Type: multipart/alternative; boundary=20cf3005154041957e04b6b57afd --20cf3005154041957e04b6b57afd Content-Type: text/plain; charset=ISO-8859-1 Hi,**** **** I am trying to develop a SMB2 implementation of my own and right now I would require some assistance on the authentication using SPNEGO and NTLMSSP. I am describing the issue I am getting as follows...**** **** I am using NTLM2 since extended security is ON, key exchange is ON. Please refer to the packet capture attached.**** Using the methodology defined in the specs I am able to get the signing and sealing keys perfectly. The MIC digest also looks fine. The problem I am getting is with the *mechListMIC* generation for the last negTokenTarg from the client. I am aware of the seqnum and version fields in the mechListMIC field but I am not getting through with the digest part(8 byte). The RFC4718 mentions about the DER encoding of mechTypeList received from initiator (server in this case) but by using that it is not matching with the generated digest in the packet.**** **** Can anybody kindly help with the algorithm in* generating the mechListMIC value*. I have mentioned the Sign Key, Seal Key, Mech Types List, Generated Random key on client, the mechListMIC and packet**** capture for your reference. It will be great if we can take these values as sample.**** **** Sign Key: ~~~~~~~~~~ ec-00-57-ad-88-de-cd-70-0-a7-bc-6f-b0-a8-21-d8**** **** Seal Key: ~~~~~~~~~~ 91-71-c7-7f-16-16-1-4-c2-62-cd-7f-68-1e-10-2f**** **** Mech Types List: ~~~~~~~~~~~~~~~~ 30-2e-06-09-2a-86-48-82-f7-12-01-02-02-06-09-2a-86-48-86-f7-12-01-02-02-06-0a-2a-86-48-86-f7-12-01-02-02-03-06-0a-2b-06-01-04-01-82-37-02-02-0a **** Full NegTokenInit: ~~~~~~~~~~~~~~~~~~ 0xa0,0x60,0x30,0x5e,0xa0,0x30,0x30,0x2e,0x06,0x09,0x2a,0x86,0x48,0x82,0xf7,0x12 ,0x01,0x02,0x02,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x12,0x01,0x02,0x02,0x06,0x0a ,0x2a,0x86,0x48,0x86,0xf7,0x12,0x01,0x02,0x02,0x03,0x06,0x0a,0x2b,0x06,0x01,0x04 ,0x01,0x82,0x37,0x02,0x02,0x0a,0xa3,0x2a,0x30,0x28,0xa0,0x26,0x1b,0x24,0x6e,0x6f ,0x74,0x5f,0x64,0x65,0x66,0x69,0x6e,0x65,0x64,0x5f,0x69,0x6e,0x5f,0x52,0x46,0x43 ,0x34,0x31,0x37,0x38,0x40,0x70,0x6c,0x65,0x61,0x73,0x65,0x5f,0x69,0x67,0x6e,0x6f ,0x72,0x65**** **** Encrypted Session Key: ~~~~~~~~~~~~~~~~~~~~~~ fd-ae-58-07-25-66-af-83-cf-08-f5-a8-ce-19-7e-79**** Generated Random Key: ~~~~~~~~~~~~~~~~~~~~~ 0x0d, 0xa8, 0xfe, 0xdc, 0x2a, 0x32, 0xc1, 0x9b, 0xdf, 0xd2, 0xd1, 0xad, 0x90, 0x3f, 0x39, 0x70**** MechListMIC@ negTokenTarg from client: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 0x01,0x00,0x00,0x00,0x61,0x1d,0xd3,0x3d,0xc3,0x65,0xbc,0x9f,0x00,0x00,0x00,0x00 **** **** Warm Regards Arnab --20cf3005154041957e04b6b57afd Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

Hi,

=A0

=A0=A0 I am trying to develop a SM= B2 implementation of my own and right now I would require some assistance o= n the authentication using SPNEGO and NTLMSSP.=A0
I am describing the issue I am getting as follows...

=A0=

I am using NTLM2 since extended security is ON, key exc= hange is ON. Please refer to the packet capture attached.

Using= the methodology defined in=A0the specs I am able to get the signing and se= aling keys perfectly. The MIC digest also looks fine.=A0
The problem I a= m getting is with the=A0mechListMIC=A0generation for the l= ast negTokenTarg from the client. I am aware of the seqnum and version fiel= ds in the mechListMIC field but I am not
getting through with the digest part(8 byte). The RFC4718 mentions about th= e DER encoding of mechTypeList received from initiator (server in this case= ) but by using that it is not matching with the=A0
generated digest in t= he packet.

=A0

Can anybody kindly help with the algorithm in generati= ng the mechListMIC value. I have mentioned the Sign Key, Seal Key, Mech= Types List, Generated Random key on client, the mechListMIC and packet<= /u>

captu= re for your reference. It will be great if we can take these values as samp= le.

=A0

Sign = Key:=A0
~~~~~~~~~~
ec-00-57-ad-88-de-cd-70-0-a7-bc-6f-b0-a8-21-d8<= /u>

=A0

Seal = Key:=A0
~~~~~~~~~~
91-71-c7-7f-16-16-1-4-c2-62-cd-7f-68-1e-10-2f

=A0

Mech = Types List:=A0
~~~~~~~~~~~~~~~~
30-2e-06-09-2a-86-48-82-f7-12-01-02-0= 2-06-09-2a-86-48-86-f7-12-01-02-02-06-0a-2a-86-48-86-f7-12-01-02-02-03-06-0= a-2b-06-01-04-01-82-37-02-02-0a


F= ull NegTokenInit:=A0=A0=A0
~~~~~~~~~~~~~~~~~~
0xa0,0x60,0x30,0x5e,0xa= 0,0x30,0x30,0x2e,0x06,0x09,0x2a,0x86,0x48,0x82,0xf7,0x12
,0x01,0x02,0x02= ,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x12,0x01,0x02,0x02,0x06,0x0a
,0x2a,0x86,0x48,0x86,0xf7,0x12,0x01,0x02,0x02,0x03,0x06,0x0a,0x2b,0x06,0x01= ,0x04
,0x01,0x82,0x37,0x02,0x02,0x0a,0xa3,0x2a,0x30,0x28,0xa0,0x26,0x1b,= 0x24,0x6e,0x6f
,0x74,0x5f,0x64,0x65,0x66,0x69,0x6e,0x65,0x64,0x5f,0x69,0= x6e,0x5f,0x52,0x46,0x43
,0x34,0x31,0x37,0x38,0x40,0x70,0x6c,0x65,0x61,0x73,0x65,0x5f,0x69,0x67,0x6e= ,0x6f
,0x72,0x65

=A0

Encrypted Sess= ion Key:
~~~~~~~~~~~~~~~~~~~~~~
fd-ae-58-07-25-66-af-83-cf-08-f5-a8-c= e-19-7e-79


Generated Random Key:=A0=A0
~~~~~~~~~~~~~~~~~~~~~
0x0d, 0xa8, 0xfe, 0= xdc, 0x2a, 0x32, 0xc1, 0x9b, 0xdf, 0xd2, 0xd1, 0xad, 0x90, 0x3f, 0x39, 0x70=


MechListMIC@ negTokenTarg from client:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~
0x01,0x00,0x00,0x00,0x61,0x1d,0xd3,0x3d,0xc3,0x65,0xbc,0x9f,0x00,0= x00,0x00,0x00

=A0


W= arm Regards
Arnab

--20cf3005154041957e04b6b57afd-- --20cf3005154041958204b6b57aff Content-Type: application/octet-stream; name="smb2_sess_setup_cap.pcap" Content-Disposition: attachment; filename="smb2_sess_setup_cap.pcap" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gxioqbtt0 1MOyoQIABAAAAAAAAAAAAP//AAABAAAA+ywNT2vtAAAmAQAAJgEAAAATwzxDxAAmWnaWxQgARQAB GA//QACABprGCs0bLQrNHlQBvfzLdvPugXmwiuRQGAEAVKIAAAAAAOz+U01CQAAAAAAAAAAAAAEA AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQABAAICAACk K7M0qE47SYnxB3g4O4PAAQAAAAAAAQAAAAEAAAABAIewQskq0MwBzJSKPAfGzAGAAGwAIExNIGBq BgYrBgEFBQKgYDBeoDAwLgYJKoZIgvcSAQICBgkqhkiG9xIBAgIGCiqGSIb3EgECAgMGCisGAQQB gjcCAgqjKjAooCYbJG5vdF9kZWZpbmVkX2luX1JGQzQxNzhAcGxlYXNlX2lnbm9yZfssDU+m8AAA 3AAAANwAAAAAJlp2lsUAE8M8Q8QIAEUAAM5YG0AAfwZT9ArNHlQKzRst/MsBvXmwiuR28+9xUBg/ 7Wv0AAAAAACi/lNNQkAAAQAAAAAAAQAfAAAAAAAAAAAAAQAAAAAAAAD//gAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAABkAAAEBAAAAAAAAAFgASgAAAAAAAAAAAGBIBgYrBgEFBQKgPjA8oA4w DAYKKwYBBAGCNwICCqIqBChOVExNU1NQAAEAAACXggjiAAAAAAAAAAAAAAAAAAAAAAYBsB0AAAAP +ywNT5nxAACXAQAAlwEAAAATwzxDxAAmWnaWxQgARQABiRAAQACABppUCs0bLQrNHlQBvfzLdvPv cXmwi4pQGAD/AlsAAAAAAV3+U01CQAABABYAAMABAAkAAQAAAAAAAAABAAAAAAAAAP/+AAAAAAAA fQAADAAEAAAAAAAAAAAAAAAAAAAAAAAACQAAAEgAFQGhggERMIIBDaADCgEBoQwGCisGAQQBgjcC AgqigfcEgfROVExNU1NQAAIAAAAOAA4AOAAAABWCieJsATVAlr2mpgAAAAAAAAAArgCuAEYAAAAG AHEXAAAAD0kAWABJAEEAQwBPAE0AAgAOAEkAWABJAEEAQwBPAE0AAQAcAEkAWABJAE4ALQBXADIA SwA4AC0AUwBSAFYAMQAEABYAaQB4AGkAYQBjAG8AbQAuAGMAbwBtAAMANABpAHgAaQBuAC0AdwAy AGsAOAAtAHMAcgB2ADEALgBpAHgAaQBhAGMAbwBtAC4AYwBvAG0ABQAWAGkAeABpAGEAYwBvAG0A LgBjAG8AbQAHAAgAsNZCySrQzAEAAAAA+ywNTw30AAB/AQAAfwEAAAAmWnaWxQATwzxDxAgARQAB cVgcQAB/BlNQCs0eVArNGy38ywG9ebCLinbz8NJQGD+UaR8AAAAAAUX+U01CQAABAAAAAAABABcA AAAAAAAAAAACAAAAAAAAAP/+AAAAAAAAfQAADAAEAAAAAAAAAAAAAAAAAAAAAAAAGQAAAQEAAAAA AAAAWADtAAAAAAAAAAAAoYHqMIHnoAMKAQGigcsEgchOVExNU1NQAAMAAAAYABgAiAAAABgAGACg AAAADgAOAFgAAAAOAA4AZgAAABQAFAB0AAAAEAAQALgAAAAVgojiBgGwHQAAAA/nD3U4yUgyrqcJ eBbrqALgSQBYAEkAQQBDAE8ATQBzAHUAcABhAG4AZABhAEkAWABJAE4ALQBTAFUATQBJAFQASlu0 nF6l0Y4AAAAAAAAAAAAAAAAAAAAATMiRUzXIOEkH3Q3BiC2gCaA3hBLgbn7z/a5YByVmr4PPCPWo zhl+eaMSBBABAAAAYR3TPcNlvJ8AAAAA+ywNT8QVAQCfAAAAnwAAAAATwzxDxAAmWnaWxQgARQAA kRAGQACABptGCs0bLQrNHlQBvfzLdvPw0nmwjNNQGAD+kbAAAAAAAGX+U01CQAABAAAAAAABAAkA CQAAAAAAAAACAAAAAAAAAP/+AAAAAAAAfQAADAAEAADu2OwlO7SaG1NXzirz7d+xCQAAAEgAHQCh GzAZoAMKAQCjEgQQAQAAAK7PhsmZIhrUAAAAAA== --20cf3005154041958204b6b57aff--