[MS-WKST]: Workstation Service Remote Protocol

This topic lists Errata found in [MS-WKST] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications.

Errata are subject to the same terms as the Open Specifications documentation referenced.

RSS

To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:

July 18, 2016 - Download

April 7, 2021 - Download

April 29, 2022 - Download

Errata below are for Protocol Document Version V31.0 – 2022/04/29.

Errata Published*

Description

2022/09/03

In Section 2.2.5.19, JOINPR_ENCRYPTED_USER_PASSWORD_AES, corrected typo:

Changed from:

AuthDate: 64 bytes, the HMAC.

Changed to:

AuthData: 64 bytes, the HMAC.

In Section 2.2.5.19.3, Encrypt Key and MAC Key, clarified the calculation of the keys:

Changed from:

The following variables and values are used in calculating the EncryptKey and HMACKey values.

versionbyte = 0x01

versionbyte_len = 1

algorithmString = "AEAD-AES-256-CBC-HMAC-SHA512"

EncryptKey and MACKey are calculated as follows:

EncryptKey := HMAC-SHA-512(SessionKey, "Microsoft WKST encryption key" + algorithmString +Length(SessionKey))

MACKey := HMAC-SHA-512(SessionKey, "Microsoft WKST MAC key" + algorithmString +Length(SessionKey))

Note that the SessionKey is calculated as in section 2.2.5.19.2. See [RFC4868] for details of the HMAC-SHA-512 algorithm.

Changed to:

The following variables and values are used in calculating the EncryptKey and MACKEY values:

Constant/value

Description

versionbyte  0x01

Version identifier.

versionbyte_len  1

Version identifier length.

WKST_AES_256_ALG  "AEAD-AES-256-CBC-HMAC-SHA512"

A NULL terminated ANSI string.

WKST_AES256_ENC_KEY_STRING  "Microsoft WKST encryption key AEAD-AES-256-CBC-HMAC-SHA512 16"

A NULL terminated ANSI string.

WKST_AES256_MAC_KEY_STRING  "Microsoft WKST MAC key AEAD-AES-256-CBC-HMAC-SHA512 16"

A NULL terminated ANSI string.

WKST_AES256_ENC_KEY_STRING_LENGTH  sizeof(WKST_AES256_ENC_KEY_STRING) (62)

The length of WKST_AES256_ENC_KEY_STRING, including  the null terminator.

WKST_AES256_MAC_KEY_STRING_LENGTH  sizeof(WKST_AES256_MAC_KEY_STRING) (55)

The length of WKST_AES256_MAC_KEY_STRING, including  the null terminator.

EncryptKey and MACKey are calculated as follows:

EncryptKey := HMAC-SHA-512(SessionKey, WKST_AES256_ENC_KEY_STRING)

MACKey := HMAC-SHA-512(SessionKey, WKST_AES256_MAC_KEY_STRING)

Note that the SessionKey is calculated as in section 2.2.5.19.2. See [RFC4868] for details of the HMAC-SHA-512 algorithm.

In Section 2.2.5.19.4, Encrypt Encoded Password, clarified the encreyption process:

Changed from:

Encrypt the encoded password as follows:

Salt := Randomly generated 16 bytes

Cipher := AES-CBC( EncryptKey[0:256], IV, EncodedPasswordLength(4 bytes) + EncodedPassword)

AuthData := HMAC-SHA-512(MACKey, Cipher+Salt+ versionbyte + versionbyte_len)

Note that the Salt value is used as the initialization vector (IV). The MACKey is calculated in section 2.2.5.19.3.

Changed to:

Encrypt the encoded password as follows:

Salt := Randomly generated 16 bytes

Encoded_Plaintext:= EncodedPasswordlength (4 bytes) + EncodedPassword.

Cipher := AES-CBC( EncryptKey[0:256], IV, Encoded_Plaintext)

AuthData := HMAC-SHA-512(MACKey, Cipher+Salt+ versionbyte + versionbyte_len)

Note that the Salt value is used as the initialization vector (IV). The MACKey is calculated in section 2.2.5.19.3.

Note that EncryptKey is truncated to 32 bytes and the entire 64-byte MACKey is used.

*Date format: YYYY/MM/DD