none
SMB2 signing RRS feed

  • Question

  • I'm trying (and failing) to get SMB2 signing implemented in Samba. Looking at the MS-SMB2 docs some things are not at all clear:

     1) section 3.1.4.1 refers to MS-MWBE for SHA-256. I can't see anything in MS-MWBE that is relevant. What is that reference for?

     2) I interpret step 2 as meaning that we concatenate the session key with the packet, with the session key being put in front of the packet in the concatenated buffer. Is that right?

     3) It isn't clear if the buffer should include the 4 byte NBSS length. I think not, but I think that should be made clear

     4) step for talks about "high order 16 bytes". Do you mean the first 16 bytes? What is "high order" in a 32 byte buffer, which is what SHA-256 gives.

     5) what is the "big endian" thing about? SHA-256 gives a 32 byte buffer. It does put the bytes in there in BE format, but what does it mean to put the resulting 16 bytes in the packet in big endian format?

    Cheers, Tridge

    Friday, May 30, 2008 4:32 AM

Answers

  •  

    Hi Tridge,

     

    Let me tell you that the entire section has been reviewed and will more than likely look like this in upcoming versions:

     

    Signing An Outgoing Message

    If the client or server sending the message requires that the message be signed, it provides the message length, the buffer containing the message, and the session key to use for signing. The following steps describe the signing process:

    1.  The sender MUST zero out the 16-byte signature field in the SMB2 Header of the message to be sent prior to generating the signature.

    2.  The sender MUST compute a 32-byte hash using HMAC-SHA256 over the entire message, including the SMB2 Header from step 1, using the session key as the signing key. The HMAC-SHA256 hash is specified in [FIPS180-2] and [RFC2104].

    3.  The high-order 16 bytes of the returned hash generated by step 2 MUST be copied into the 16-byte signature field in the SMB2 Header in big-endian order.

    Determining when a client will sign an outgoing message is specified in 3.2.4.1.1, and determining when a server will sign an outgoing message is specified in 3.3.4.1.1.

     

    To answer your questions:

     

    1 and 2)These changes take care of questions 1 and 2, please let me know if I’m wrong.

     

    3) I’ll request for clarification on this

     

    4 and 5) I’ll create a change request on the document so it can explain this in further detail. For what I was able to research in the code, the signature is just the plain 16 first bytes from the hash that are copied into the signature field but I won’t be able to confirm that until I have an answer from the developers.

     

     

     

    Please let me know if you need me to clarify further.

     

    Thanks!

     

    SEBASTIAN CANEVARI - MSFT

    Monday, June 2, 2008 10:36 PM

All replies

  •  

    Hi Andrew, thanks for your post regarding the [MS-SMB2] protocol specification. We will review your question and update the forum once our investigation is complete. Thanks!

    Sebastian Canevari - MSFT

    Friday, May 30, 2008 5:56 PM
  •  

    Hi Tridge,

     

    Let me tell you that the entire section has been reviewed and will more than likely look like this in upcoming versions:

     

    Signing An Outgoing Message

    If the client or server sending the message requires that the message be signed, it provides the message length, the buffer containing the message, and the session key to use for signing. The following steps describe the signing process:

    1.  The sender MUST zero out the 16-byte signature field in the SMB2 Header of the message to be sent prior to generating the signature.

    2.  The sender MUST compute a 32-byte hash using HMAC-SHA256 over the entire message, including the SMB2 Header from step 1, using the session key as the signing key. The HMAC-SHA256 hash is specified in [FIPS180-2] and [RFC2104].

    3.  The high-order 16 bytes of the returned hash generated by step 2 MUST be copied into the 16-byte signature field in the SMB2 Header in big-endian order.

    Determining when a client will sign an outgoing message is specified in 3.2.4.1.1, and determining when a server will sign an outgoing message is specified in 3.3.4.1.1.

     

    To answer your questions:

     

    1 and 2)These changes take care of questions 1 and 2, please let me know if I’m wrong.

     

    3) I’ll request for clarification on this

     

    4 and 5) I’ll create a change request on the document so it can explain this in further detail. For what I was able to research in the code, the signature is just the plain 16 first bytes from the hash that are copied into the signature field but I won’t be able to confirm that until I have an answer from the developers.

     

     

     

    Please let me know if you need me to clarify further.

     

    Thanks!

     

    SEBASTIAN CANEVARI - MSFT

    Monday, June 2, 2008 10:36 PM