none
Issue with mechListMIC RRS feed

  • Question

  • Hi,
     
       I am trying to develop a SMB2 implementation of my own and right now I would require some assistance on the authentication using SPNEGO and NTLMSSP. 
    I am describing the issue I am getting as follows...
     
    I am using NTLM2 since extended security is ON, key exchange is ON. Please refer to the packet capture attached.
    Using the methodology defined in the specs I am able to get the signing and sealing keys perfectly. The MIC digest also looks fine. 
    The problem I am getting is with the mechListMIC generation for the last negTokenTarg from the client. I am aware of the seqnum and version fields in the mechListMIC field but I am not
    getting through with the digest part(8 byte). The RFC4718 mentions about the DER encoding of mechTypeList received from initiator (server in this case) but by using that it is not matching with the 
    generated digest in the packet.
     
    Can anybody kindly help with the algorithm in generating the mechListMIC value. I have mentioned the Sign Key, Seal Key, Mech Types List, Generated Random key on client, the mechListMIC and packet
    capture for your reference. It will be great if we can take these values as sample to work out the solution...
     
    Sign Key: 
    ~~~~~~~~~~
    ec-00-57-ad-88-de-cd-70-0-a7-bc-6f-b0-a8-21-d8
     
    Seal Key: 
    ~~~~~~~~~~
    91-71-c7-7f-16-16-1-4-c2-62-cd-7f-68-1e-10-2f
     
    Mech Types List: 
    ~~~~~~~~~~~~~~~~
    30-2e-06-09-2a-86-48-82-f7-12-01-02-02-06-09-2a-86-48-86-f7-12-01-02-02-06-0a-2a-86-48-86-f7-12-01-02-02-03-06-0a-2b-06-01-04-01-82-37-02-02-0a

    Full NegTokenInit:   
    ~~~~~~~~~~~~~~~~~~
    0xa0,0x60,0x30,0x5e,0xa0,0x30,0x30,0x2e,0x06,0x09,0x2a,0x86,0x48,0x82,0xf7,0x12
    ,0x01,0x02,0x02,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x12,0x01,0x02,0x02,0x06,0x0a
    ,0x2a,0x86,0x48,0x86,0xf7,0x12,0x01,0x02,0x02,0x03,0x06,0x0a,0x2b,0x06,0x01,0x04
    ,0x01,0x82,0x37,0x02,0x02,0x0a,0xa3,0x2a,0x30,0x28,0xa0,0x26,0x1b,0x24,0x6e,0x6f
    ,0x74,0x5f,0x64,0x65,0x66,0x69,0x6e,0x65,0x64,0x5f,0x69,0x6e,0x5f,0x52,0x46,0x43
    ,0x34,0x31,0x37,0x38,0x40,0x70,0x6c,0x65,0x61,0x73,0x65,0x5f,0x69,0x67,0x6e,0x6f
    ,0x72,0x65
     
    Encrypted Session Key:
    ~~~~~~~~~~~~~~~~~~~~~~
    fd-ae-58-07-25-66-af-83-cf-08-f5-a8-ce-19-7e-79

    Generated Random Key:  
    ~~~~~~~~~~~~~~~~~~~~~
    0x0d, 0xa8, 0xfe, 0xdc, 0x2a, 0x32, 0xc1, 0x9b, 0xdf, 0xd2, 0xd1, 0xad, 0x90, 0x3f, 0x39, 0x70

    MechListMIC@ negTokenTarg from client:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    0x01,0x00,0x00,0x00,0x61,0x1d,0xd3,0x3d,0xc3,0x65,0xbc,0x9f,0x00,0x00,0x00,0x00
     

    Warm Regards
    Arnab
    Monday, January 16, 2012 7:17 PM

Answers

  • Hi Arnab

     I was researching this for you and received the traces sent @ dochelp. In order to get additional information on the approach you used to calculate mechListMIC, I sent multiple reminders but didn’t get any response. Due to lack of response I am closing this issue. However, if you want to pursue this issue in the future, please create a new thread/post and we’ll re-engage work. Per my analysis so far, we are calculating the mechlistMIC as documented in section 3.1.5.1 of MS-SPNG : http://msdn.microsoft.com/en-us/library/cc247050(v=prot.13).aspx

     

    Thanks


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team
    Friday, January 27, 2012 7:06 PM

All replies

  • Hi Arnab

     

    Thanks for the question. Someone from our team will get in touch with you shortly.

     

    Thanks.


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team
    Monday, January 16, 2012 7:57 PM
  • Hi Arnab

     

    I will assist you on this. Can you please share the network capture by mail at "dochelp (at) microsoft (dot) com"?

     

    Thanks.

     


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team
    Monday, January 16, 2012 9:24 PM
  • Hi Tarun,

         Thanks for your involvements on this...

          This capture is taken between two WIN7 machines and is a working one. I am trying to take this capture as reference for understanding the authentication mechanisms and the various fields..

    Anyway I am mailing you the capture @dochelp...

    Regards

    Arnab

    Tuesday, January 17, 2012 5:55 AM
  • Hi Arnab

     I was researching this for you and received the traces sent @ dochelp. In order to get additional information on the approach you used to calculate mechListMIC, I sent multiple reminders but didn’t get any response. Due to lack of response I am closing this issue. However, if you want to pursue this issue in the future, please create a new thread/post and we’ll re-engage work. Per my analysis so far, we are calculating the mechlistMIC as documented in section 3.1.5.1 of MS-SPNG : http://msdn.microsoft.com/en-us/library/cc247050(v=prot.13).aspx

     

    Thanks


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team
    Friday, January 27, 2012 7:06 PM