locked
checksum calculation for GSS-API wrap messages RRS feed

  • Question

  • I'm looking for some information regarding DCERPC style, GSS-API WRAP messages as defined in Section 7.3 of RFC 4757 - “The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows”. Specifically, I'm trying to get information about the algorithm used to calculate the checksum in a GSS-API WRAP message.

    I'm able to decrypt the application data embedded in the DCERPC message, but I'm not able to validate the checksum.

    According to the RFC 4757 the checksum is calculated as:

                       Sgn_Cksum = MD5((int32)15, Token.Header,
                                       Token.Confounder);
                           ...
                       Sgn_Cksum += MD5(data);         // Append to checksum
                           ...
                       Sgn_Cksum = HMAC(Ksign, Sgn_Cksum);

    This particular text from the RFC is definitely wrong, and it seems others have pointed out that it should be (according to errata):

    Sgn_Cksum = MD5((int32)13, Token.Header, Token.Confounder, data);
    Sgn_Cksum = HMAC(Ksign, Sgn_Cksum);

    On one other thread someone was having issues with token sizes and a number of suggestions and modifications were recommended, including corrections to the text from the RFC.  The solution provided there doesn't seem to work for me.

    I'm running into the checksum validation issue with Kerberos-authenticated encrypted MAPI DCERPC connections to an Exchange 2007 server. 

    From the other issue in the forums, I guess the checksum may be validated a bit differently depending on the application or protocol you're dealing with.

    Can you determine what is different for this use case so that we will be able to correctly calculate and validate the checksum?

    Thanks,
    -chris
    Thursday, March 4, 2010 12:05 AM

Answers

  • Chris,

     

       I am just checking to see if the information we provided  solved your implementation problem.  If you need further assistance on this issue, please let us know.   

     

       We just filed  a correction request (Errata ID 2067) in   RFC 4757 Errata(http://www.rfc-editor.org/errata_search.php?rfc=4757 ).   I also suggest you to check all existing corrections in the Errata if you haven’t done so.

     

    Thanks !

     

    Hongwei    


    Hongwei Sun -MSFT
    Wednesday, March 10, 2010 6:53 PM
  • Hi TrueCoder, Vicky:

    I assume this issue is now resolved. If you have any question in future, please feel free to post.


    Regards, Obaid Farooqi
    Friday, September 16, 2011 2:58 PM

All replies

  • Hello Chris,
       Thank you for your question. One of the Protocol Documentation engineers will get back with you soon and begin working with you on this issue.

    Thanks
    John Dunning
    Senior Escalation Engineer Microsoft Corporation US-CSS DSC PROTOCOL TEAM


    Thursday, March 4, 2010 6:14 PM
  • Chris,

     

      Thanks for your question.  Could you try  to add the padding buffer  (1 byte, essentially I expect to have value  of  0x01)  after data to the checksum operation ?

     

      The operation should be like:

     

    Sgn_Cksum = MD5((int32)13, Token.Header, Token.Confounder, data, padding buffer);

    Please let us know how it works out.

    Thanks!

     


    Hongwei Sun -MSFT
    Wednesday, March 10, 2010 6:52 PM
  • Chris,

     

       I am just checking to see if the information we provided  solved your implementation problem.  If you need further assistance on this issue, please let us know.   

     

       We just filed  a correction request (Errata ID 2067) in   RFC 4757 Errata(http://www.rfc-editor.org/errata_search.php?rfc=4757 ).   I also suggest you to check all existing corrections in the Errata if you haven’t done so.

     

    Thanks !

     

    Hongwei    


    Hongwei Sun -MSFT
    Wednesday, March 10, 2010 6:53 PM
  • Hi Hongwei,

    I am also facing same issue. I can decrypt MAPI payload but signing checksum is not matching. I have incorporated changes as per RFC 4757 errata but then also signing checksum is not matching.

     

    Please let me know if I am missing something.

     

    TIA.

    Friday, September 2, 2011 9:55 AM
  • Hi TrueCoder, thank you for your question. A member of the protocol documentation team will respond to you soon.

     


    Josh Curry (jcurry) | Escalation Engineer | US-CSS DSC Protocols Team
    Friday, September 2, 2011 4:36 PM
  • Hi Chris,

     

    I am also facing same issue?

     

    How did you solve your issue?

     

    Thanks,

    vicky

    Saturday, September 3, 2011 5:13 PM
  • Hi TrueCoder:

    Can you please provide the details about your issue? For example, the pay load and ckecksum etc.

    You can post here or you can send me an email if you prefer that mode of communicaton at dochelp <at> microsoft <dot> com to my attention.


    Regards, Obaid Farooqi
    Tuesday, September 6, 2011 7:28 PM
  • Hi TrueCoder, Vicky:

    Can you please provide a sample of your data and calculation with expected answer and the answer you are getting by following the correction posted by Hongwei?


    Regards, Obaid Farooqi
    Monday, September 12, 2011 3:49 PM
  • Hi TrueCoder, Vicky:

    I assume this issue is now resolved. If you have any question in future, please feel free to post.


    Regards, Obaid Farooqi
    Friday, September 16, 2011 2:58 PM