Questions about [MS-SIPAE] 3.3.4.1 Sending Messages to the SIP Client

Question

According to [MS-SIPAE] 3.3.4.1 Sending Messages to the SIP Client ... I have 5 questions when using NTLM Authentication:

1. Is the rspauth value exactly the HEX string format of the NTLMSSP_MESSAGE_SIGNATURE described in [MS-NLMP] 2.2.2.9 NTLMSSP_MESSAGE_SIGNATURE?

2. Is there any relation between the srand value and the RandomPad value of NTLMSSP_MESSAGE_SIGNATURE described in [MS-NLMP] 2.2.2.9.1 NTLMSSP_MESSAGE_SIGNATURE?

3. Is there any relation between the snum value and the SeqNum value of NTLMSSP_MESSAGE_SIGNATURE described in [MS-NLMP] 2.2.2.9 NTLMSSP_MESSAGE_SIGNATURE? (question added on April 21 ... I found the snum begins with 1, and SeqNum must begin with 0)

4. What does "Note that for the NTLM SSPI, the server (2) provides a fixed message sequence number of 100, in addition to the buffer and protocol context." mean?  The SeqNum value of NTLMSSP_MESSAGE_SIGNATURE is always 100? (question added on April 21)

5. Where can I find the psudo code about NTLM GSS_VerifyMIC()? [MS-NLMP] doesn't publish it. I need to know how to verify the signature using my own programming code(have the same question with this).

Anyone can help? Thanks a lot!

Answer 1

Hi,

Thanks for your question regarding MS-SIPAE specification. One of our teammates will follow up with you soon.

Edgar

Answer 2

Hi Tzuchun,

 

I'll be helping you with these questions.

 

I'll let you know as soon as I have answers or I need clarifications.

 

Thanks and regards,

---

SEBASTIAN CANEVARI - MSFT Escalation Engineer Protocol Documentation Team

Answer 3

Many thanks to Microsoft friends in advance.

Answer 4

Hi Tzuchun,

We are still working in your questions but I wanted to give you an update.

Question #5 states:

5. Where can I find the psudo code about NTLM GSS_VerifyMIC()? [MS-NLMP] doesn't publish it. I need to know how to verify the signature using my own programming code(have the same question with this).

I have filed a change request with the product group so the document stands corrected.

 

In section 3.4.8.1 (Signature Creation for GSS_GetMICEx()), where it states:

“Section 3.4.2 describes the algorithm used by GSS_GetMICEx() to create the signature”

It will now read:

“Section 3.4.2 describes the algorithm used by GSS_GetMICEx() to create the signature”

 

Section 3.4.9.1 (Signature Creation for GSS_VerifyMICEx()) will now read:

For NTLMv1, all input data buffers where signed==TRUE are concatenated together and the signature is verified against the resulting concatenated buffer. For NTLMv2, the signature is verified for all of the input data buffers including the buffers where signed==FALSE.

Section 3.4.2 describes the algorithm used by GSS_VerifyMICEx() to create the signature to verify against. The per_msg_token contains the NTLMSSP_MESSAGE_SIGNATURE structure (section 2.2.2.9).

 

Thanks and regards,

 

Sebastian

---

SEBASTIAN CANEVARI - MSFT Escalation Engineer Protocol Documentation Team

Answer 5

Hi Tzuchu,

I have responses to the rest of your questions now:

1. Is the rspauth value exactly the HEX string format of the NTLMSSP_MESSAGE_SIGNATURE described in [MS-NLMP] 2.2.2.9 NTLMSSP_MESSAGE_SIGNATURE?

 Yes, MS-SIPAE, section 3.3.4.1, step 5 says that value of rspauth parameter comes from step 4 which in turn says that for NTLM it is result of GSS_GetMIC() call base16 encoded. The section 3.1.4 of MS-NLMP says that Gss_GetMIC produces NTLMSSP_MESSAGE_SIGNATURE structure which is described in section 2.2.2.9 of the same document

2. Is there any relation between the srand value and the RandomPad value of NTLMSSP_MESSAGE_SIGNATURE described in [MS-NLMP] 2.2.2.9.1 NTLMSSP_MESSAGE_SIGNATURE?

 No relation between RandomPad value of NTLMSSP_MESSAGE_SIGNATURE and srand.

3. Is there any relation between the snum value and the SeqNum value of NTLMSSP_MESSAGE_SIGNATURE described in [MS-NLMP] 2.2.2.9 NTLMSSP_MESSAGE_SIGNATURE? (question added on April 21 ... I found the snum begins with 1, and SeqNum must begin with 0)

 No relation between SeqNum value of NTLMSSP_MESSAGE_SIGNATURE and snum value.

4. What does "Note that for the NTLM SSPI, the server (2) provides a fixed message sequence number of 100, in addition to the buffer and protocol context." mean?  The SeqNum value of NTLMSSP_MESSAGE_SIGNATURE is always 100? (question added on April 21)

 Section 3.4.4 of MS-NLMP says "In the case of connectionless NTLM authentication, the SeqNum parameter SHOULD be specified by the application".  When using NTLM in the context of MS-SIPAE, the SeqNum value supplied by the application is always 100.  The actual value that ends up in the NTLMSSP_MESSAGE_SIGNATURE might be different and it depends on security flags negotiated by the NTLM during SA establishement (see section 3.4.4 of MS-NLMP).

 

Please let me know if this answers your request.

 

Thanks and regards,

 

Sebastian

---

SEBASTIAN CANEVARI - MSFT Escalation Engineer Protocol Documentation Team

Answer 6

Hi Canevari,

That helps. I appreciate your answer.

Answer 7

I am trying to do something similar and keep getting SIP_E_AUTH_INVALIDSIGNATURE returned from Lync server, with Windows error code 0x80090310, indicating that I have the wrong sequence number. I construct the security buffer from my SIP message, and I use the MakeSignature function, passing in 0 as my sequence number. I noticed in the MS-NLMP document that the last four bytes of the signature are supposed to be the sequence number, but I get some seemingly random values. For example, the signature I get back looks like 0100000000000000D7DA05478E4B666F. Notice the last four bytes are not 0. Am I doing something wrong here?

Answer 8

Karl,

Thank you for your inquiry. One of our engineers will review this and follow-up with you soon.

Thanks,

Edgar

Answer 9

Thanks, Edgar. I actually got the correct response from the server finally - it took me some time to find in the MS-SIPAE document that the sequence number should always be set to 100.

However, I am still confused as to why the signature looks the way it does.

Answer 10

Hi Karl, I am the engineer who will be working with you on this issue. I am currently researching the problem and will provide you with an update soon. Thank you for your patience.

---

Josh Curry (jcurry) | Escalation Engineer | Open Specifications Support Team

Answer 11

Hi Karl:

I'll look into this issue. I have taken ownership of this issue from Josh. I'll be in touch as soon as I have an answer.

---

Regards, Obaid Farooqi

Answer 12

Hi Karl:

Section 3.4.4 of MS-NLMP describes two message signature functions. I looked at them and none of them looks like will generate last 4 bytes as zero.

Let’s assume you are using the algorithm described in section “3.4.4.1   Without Extended Session Security”. The part that calculates sequence number is as follows:

Set NTLMSSP_MESSAGE_SIGNATURE.SeqNum to RC4(Handle, 0x00000000)

     If (connection oriented)

          Set NTLMSSP_MESSAGE_SIGNATURE.SeqNum to

              NTLMSSP_MESSAGE_SIGNATURE.SeqNum XOR SeqNum

          Set SeqNum to SeqNum + 1

     Else

          Set NTLMSSP_MESSAGE_SIGNATURE.SeqNum to

              NTLMSSP_MESSAGE_SIGNATURE.SeqNum XOR

              (application supplied SeqNum)

     Endif

Let’s assume after encrypting 0x00000000 using RC4, we get ABCDEF01. Since, as per MS-SIPAE, datagram (connectionless) NTLM is used and sequence number is fixed 100, last 4 bytes of signature would be 0xABCDEF01 XOR 0x00000100 = 0xABCDEE01. The only situation in which last 4 digits would be zero is when after RC4 encryption of 0x00000000 we get 0x00000100, which is very unlikely.

Please let me know if it does not answer your question.

---

Regards, Obaid Farooqi

Answer 13

Hi Obaid,

I have been working on SMB client, i m having problem in forming the response packet(Type3) to respond the Challenge Message(Type2) that have i got from server. I also have uploaded the screen shot of the Session_Setup_Auth packet that i analyzed from WireShark.

I Want to know how to extract and generate response from the challenge message, i want to extract challenge from type 2 packet and generate LM-Response and NTLMv2 response.

Thanks

i

Answer 14

Hi noexscience:

 

I am providing the response to your post in a Q&A fashion for clarity.

 

Q. I’m having problem in forming the response packet(Type3) to respond the Challenge Message(Type2) that have i got from server.

 

A. To see the format of the packet that an SMB server expect from a client, please consult MS-SMB protocol specification at

http://msdn.microsoft.com/en-us/library/cc246231(v=PROT.13).aspx. If you are implementing SMB2, please consult MS-SMB2 document at http://download.microsoft.com/download/C/6/C/C6C3C6F1-E84A-44EF-82A9-49BD3AAD8F58/[MS-SMB2-Preview-Windows8].pdf

 

MS-NLMP is the official protocol document that describes how NTLM messages are constructed, with algorithms and examples. This should be your first stop to understand NTLM.  MS-NLMP is available at http://msdn.microsoft.com/en-us/library/cc236621(v=PROT.13).aspx. If you want implementation details, this is not the correct forum for that information. Please post in the appropriate forum for your OS and development environment. There is also information available on the internet on NTLM implementation for non-Windows OS’s. Please search for NTLM.

 

Q. I want to know how to extract and generate response from the challenge message, i want to extract challenge from type 2 packet and generate LM-Response and NTLMv2 response.

 

A. In case of Windows client, the redirector passes the whole security blob to SSPI via a call to InitializeSecurityContext. SSPI does all the job of generating the authenticate message, as described in section “3.2.4.2.4 User Authentication” of MS-SMB.

If your platform provides a GSSAPI implementation, you want to use that. If your platform does not have a GSSAPI implementation and you want to implement GSSAPI, the details of GSSAPI are documented in RFC 2743.

 

Looking at your trace, it looks like you want to use raw NTLM (the security blob is not a GSSAPI token but just an NTLM response). In that case, you just need to consult MS-NLMP to see how you can parse the response from server to extract the challenge message and then build an authenticate message from that.

 

I would recommend the use of GSSAPI over raw NTLM as raw NTLM is just there to support older versions of Windows. Modern versions of Windows support GSSAPI. For details you can consult MS-AUTHSOD.

 

If you have any specific question about MS-NLMP or MS-SMB/MS-SMB2, please feel free to post in Windows Protocols forum.

---

Regards, Obaid Farooqi

Answer 15

Thank you so much for replying, yes i know this place is not correct place to post questions like this, but posted my questions at 2 places but no one replied, then i saw you active on this thread thats why i wrote my question here, from now i wll ask the the question in threads related to the problem, for now i just have very little answer: 

My client machine is mac osx and server is windows7 and i am using SMB-1,  and yes i am using raw ntlm, will it work to establish connection with windows7? If not, then what changes i will have to make into the type3 packet?

Thank you so much again.

Answer 16

This is question is being dealt with in the following thread:

http://social.msdn.microsoft.com/Forums/en-US/os_windowsprotocols/thread/29fa6890-9f1e-41c2-ac90-cc76d5f1cd85

---

Regards, Obaid Farooqi