Condividi tramite


SMB 3.1.1 Pre-authentication integrity in Windows 10

Pre-authentication integrity is one of the new SMB 3.1.1 security improvements in Windows 10 and Windows Server 2016 TP2 (technical preview 2). It improves protection from a man-in-the-middle (MITM) attacker in tampering with SMB2’s connection establishment and authentication messages. This new feature supersedes “secure dialect negotiation” introduced in SMB 3.0, which only protected against MITM attempt to downgrade the initially negotiated dialect and capabilities. This blog also provides test vectors for SMB 3.1.1 pre-authentication integrity.  

Summary

Pre-authentication integrity is a mandatory feature in SMB 3.1.1. It protects against any tampering with SMB2’s Negotiate and Session Setup messages by leveraging cryptographic hashing. The resulting hash is used as input to derive the session’s cryptographic keys, including its signing key. This enables the client and server to mutually trust the connection and session properties.

Overview

Signing has been a feature in SMB2 protocol since its inception. In the first two dialects 2.0.2, and 2.1, signing is effectively applied to message exchange once authentication is completed. Prior to SMB 3.0, there was no tampering protection to messages before authentication completion. SMB 3.0 “negotiate validation” provides some interesting but limited protection; the negotiate validation occurs after the session setup.
SMB 3.1.1 provides end-to-end integrity of pre-authentication messages. The session’s cryptographic keys are derived based on a hash of pre-authentication messages:
• This allows the client and server to validate signature or decryption of subsequent authenticated messages.
• The final session setup response is always signed, and as a result the client would fail signature validation in case of pre-authentication message tampering.
• The client must either sign or encrypt the Tree Connect request. This confirms to the server that both mutually derived the same keys, and validates there was no pre-authentication message tampering.
Please note that for guest and anonymous sessions, there is no protection since no keys can be derived.  

Pre-auth integrity hash

Pre-authentication is the exchange of negotiate and session setup messages until the session’s cryptographic keys can be derived, which is the point where authentication is completed.
Let’s take the example of an n-leg GSS-API authentication, pre-authentication integrity hash will consist of these SMB2 messages:
• Negotiate request,
• Negotiate response,
• Session setup request (leg-1),
• Session setup response (leg-1),
• . . .
• Session setup request (leg-n),
The processing of Session setup request (leg-n) results in an authentication “completed” state. The server then calculates the session’s signing key. The key derivation takes one of its inputs as the cumulative hash of Negotiate request through Session setup request (leg-n).
Pre-auth-integrity-hash (x) = PreauthIntegrityHash (Concatenate (Pre-auth-integrity-hash (x-1), pre-auth-message (x)))
Where:
x = 1, …, 2n + 1,
Pre-auth-integrity-hash (0) = zeros,
pre-auth-message (1) = Negotiate request,
. . .
pre-auth-message (2n + 1) = Session setup request (leg-n).
For SMB 3.1.1, the PreauthIntegrityHash function is SHA-512, the standard specified in [FIPS180-4].
The hash value used as input for key derivation is:
Session.PreauthIntegrityHashValue = Pre-auth-integrity-hash (2n + 1)
Note that the final session setup response is not part of the integrity hash calculation.
• Session setup response(leg-n)
However, this session setup response is signed (for SMB 3.1.1, AES-128-CMAC with SigningKey), allowing the client to verify the signature, and authenticate the source of the data. A successful signature verification, of a subsequent message (e.g. TreeConnect), validates that the client and server computed the same PreauthIntegrityHashValue and derived the same key.
NOTE: Since the hash is cumulative and there is no validation until the final step, implementers could approach the PreauthIntegrityHashValue calculation in many ways. One could choose to compute the temporary hash at each step, i.e. message sent or received. Another way is to calculate the temporary hash on a pair of request and response at a time except for the final session setup leg. Yet, another approach is to iterate through a number requests and responses at once. It all depends on whether the design can temporarily hold vectors of requests and responses. This should be a design consideration in case the implementation intends to handle applications where sessions will be very short lived, or on a server with a high volume of authenticated sessions. 

Pre-auth integrity capability negotiate context

If the client includes 0x0311 in the SMB2 NEGOTIATE’s Dialects array (i.e. the client supports SMB 3.1.1), it must add the SMB2_PREAUTH_INTEGRITY_CAPABILITIES negotiate context, as specified in MS-SMB2.
If the server selects SMB 3.1.1 dialect, it must convey the selected integrity hash algorithm by including a SMB2_PREAUTH_INTEGRITY_CAPABILITIES negotiate context in the NEGOTIATE response.
The pre-authentication integrity negotiate context has the same format in the Negotiate request and response, except that the response context must have a HashAlgorithmCount set to 1. In Windows 10, the pre-authentication integrity hash algorithm is SHA-512.
Note that Windows 10 and Windows Server 2016 TP2 use 32 bytes of randomly generated Salt. The salt value and its length are implementation-dependent, and as a result, it is recommended to use a secure PRNG to prevent from dictionary attacks.

SigningKey derivation

The signing key is derived as specified in [MS-SMB2]:
SigningKey = SMB3KDF (SessionKey, "SMBSigningKey\0", Session.PreauthIntegrityHashValue)
SMB3KDF() is defined as the key derivation function (KDF) in Counter Mode, as specified in [SP800-108] section 5.1, with 'r' value of 32 and 'L' value of 128, and HMAC-SHA256 as the PRF.
SigningKey is the leftmost L bits of KDF result.
The SessionKey is the key derivation key. It set to the first 16 bytes of the cryptographic key queried from the GSS protocol (e.g. Kerberos [MS-KILE], or NTLM [MS-NLMP]) for this authenticated context. If the cryptographic key is less than 16 bytes, it is right-padded with zero bytes. Extracting the session key from GSS-API is implementation-dependent. In SSPI (Microsoft’s implementation of GSS-API), the session key is extracted by using QueryContextAttributes with SECPKG_ATTR_SESSION_KEY.
In NTLM, the SessionKey is the ExportedSessionKey returned when QueryContextAttributes is called with SECPKG_ATTR_SESSION_KEY. ExportedSessionKey is described in MS-NLMP.
In Kerberos [RFC4120], the SessionKey returned for QueryContextAttributes call with SECPKG_ATTR_SESSION_KEY is either the sub-session key (subkey) if it was negotiated during KRB_AP_REQ/KRB_AP_REP exchange, or the session key from the ticket if no subkey was negotiated.
The label is “SMBSigningKey\0”.
The context is Session.PreauthIntegrityHashValue.
Session.PreauthIntegrityHashValue is calculated as outlined earlier.

Proxy and traffic accelerator

Pre-authentication integrity might hinder solutions that rely on modifying SMB2 packets. For example, a so-called WAN accelerator needs to accept negotiate contexts. Any change to the pre-authentication packets would require to be transparent to the client (Kerberos constraint delegation, authentication token). On one hand, the client and device in the middle must derive the same keys. One the other hand, the device and server must arrive at the same keys once the authenticated context is completed.
This should not be seen as an issue. If the device was able to decode traffic, it is because it somehow has access to the user’s secret password or is allowed to act on behalf on the user. This is typically enabled through participating in a domain, or performing constraint delegation. 

Windows 10 RequireSecureNegotiate interop with SMB 3.0.x down-level servers

When a Windows 10 negotiates SMB 2.x.x or 3.0.x with a down-level server (e.g. Windows 2008 / 2008, R2, Windows Server 2012 / 2012 R2), it will always send FSCTL_VALIDATE_NEGOTIATE_INFO to attempt performing dialect negotiation validation. Most, if not all, third party implementations comply to secure negotiate validation IOCTL, or lack thereof, to proper handling of an unsupported IOCTL. This makes unnecessary the need for a RequireSecureNegotiate workaround.
In a nutshell, the RequireSecureNegotiate registry setting has been removed in Windows 10 release. It is no longer allowed to disable secure negotiate from Windows 10 clients when connecting to down-level servers.
Down-level servers which do not support the FSCTL_VALIDATE_NEGOTIATE_INFO are mandated to sign the error response since the request is signed. Typical error codes are STATUS_NOT_SUPPORTED, STATUS_INVALID_DEVICE_REQUEST or STATUS_FILE_CLOSED.

Conclusion

While pre-authentication integrity protects the session establishment phase in SMB 3.1.1, enabling signing would generally offer integrity check at large and protect from an attacker tampering with any packet. Signing has a cost, but its benefit generally outweighs the performance effect. 

Appendix: Test vector for SMB 3.1.1 pre-authentication integrity

This sample data should be considered “as-is”. It should also be noted that
examples do not replace normative protocol specifications. The reference must
be [MS-SMB2].

Our test client negotiates SMB 3.1.1 and communicates with a Windows server
2016 TP2.

Here are examples of the major steps for pre-authentication integrity
computation:

Appendix A. Pre-authentication integrity and encryption negotiate contexts

Appendix A.1 Windows 10 with its supported negotiate contexts

 

Header.Command 0x0000 NEGOTIATE

 

Preauth integrity hash capabilities ---

PreauthIntegrityCaps.HashAlgorithmCount 0x1

PreauthIntegrityCaps.SaltLength 0x20

PreauthIntegrityCaps.HashAlgorithms 0x0001

PreauthIntegrityCaps.Salt

FA49E6578F1F3A9F4CD3E9CC14A67AA884B3D05844E0E5A118225C15887F32FF

 

Encryption capabilites ---

EncryptionCaps.CipherCount 0x2

EncryptionCaps.Ciphers[0] 0x0002

EncryptionCaps.Ciphers[1] 0x0001

 

Connection.PreauthIntegrityHashId 0x0001

 

NEGOTIATE Request

 

Preauth integrity hash ---

Current

Connection.PreauthIntegrityHashValue

00000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000

Negotiate request packet

FE534D4240000100000000000000800000000000000000000100000000000000FFFE000000000000

00000000000000000000000000000000000000000000000024000500000000003F000000ECD86F32

6276024F9F7752B89BB33F3A70000000020000000202100200030203110300000100260000000000

010020000100FA49E6578F1F3A9F4CD3E9CC14A67AA884B3D05844E0E5A118225C15887F32FF0000

0200060000000000020002000100

Concatenate Connection.PreauthIntegrityHashValue and Negotiate request
packet

SHA-512 Input Hash Data

00000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000FE534D42400001000000000000008000

00000000000000000100000000000000FFFE00000000000000000000000000000000000000000000

000000000000000024000500000000003F000000ECD86F326276024F9F7752B89BB33F3A70000000

020000000202100200030203110300000100260000000000010020000100FA49E6578F1F3A9F4CD3

E9CC14A67AA884B3D05844E0E5A118225C15887F32FF00000200060000000000020002000100

New

Connection.PreauthIntegrityHashValue

DD94EFC5321BB618A2E208BA8920D2F422992526947A409B5037DE1E0FE8C7362B8C47122594CDE0

CE26AA9DFC8BCDBDE0621957672623351A7540F1E54A0426

 

NEGOTIATE Response

 

Updating Preauth integrity hash ---

Current

Connection.PreauthIntegrityHashValue

DD94EFC5321BB618A2E208BA8920D2F422992526947A409B5037DE1E0FE8C7362B8C47122594CDE0

CE26AA9DFC8BCDBDE0621957672623351A7540F1E54A0426

Negotiate response packet

FE534D4240000100000000000000010001000000000000000100000000000000FFFE000000000000

000000000000000000000000000000000000000000000000410001001103020039CBCAF329714942

BDCE5D60F09AB3FB2F000000000080000000800000008000D8DAE5ADCBAED00109094AB095AED001

80004001C00100006082013C06062B0601050502A08201303082012CA01A3018060A2B0601040182

3702021E060A2B06010401823702020AA282010C048201084E45474F455854530100000000000000

60000000700000007C7CC0FD06D6362D02DDE1CF343BFE292900F49750B4AA97934D9C4296B26E51

FD370471B235E15A50DAE15BD5489C87000000000000000060000000010000000000000000000000

5C33530DEAF90D4DB2EC4AE3786EC3084E45474F4558545303000000010000004000000098000000

7C7CC0FD06D6362D02DDE1CF343BFE295C33530DEAF90D4DB2EC4AE3786EC3084000000058000000

3056A05430523027802530233121301F06035504031318546F6B656E205369676E696E6720507562

6C6963204B65793027802530233121301F06035504031318546F6B656E205369676E696E67205075

626C6963204B6579010026000000000001002000010060A3C3B95C3C7CCD51EC536648D9B3AC74C4

83CA5B65385A251117BEB30712E50000020004000000000001000200

Concatenate Connection.PreauthIntegrityHashValue and Negotiate response
packet

SHA-512 Input Hash Data

DD94EFC5321BB618A2E208BA8920D2F422992526947A409B5037DE1E0FE8C7362B8C47122594CDE0

CE26AA9DFC8BCDBDE0621957672623351A7540F1E54A0426FE534D42400001000000000000000100

01000000000000000100000000000000FFFE00000000000000000000000000000000000000000000

0000000000000000410001001103020039CBCAF329714942BDCE5D60F09AB3FB2F00000000008000

0000800000008000D8DAE5ADCBAED00109094AB095AED00180004001C00100006082013C06062B06

01050502A08201303082012CA01A3018060A2B06010401823702021E060A2B06010401823702020A

A282010C048201084E45474F45585453010000000000000060000000700000007C7CC0FD06D6362D

02DDE1CF343BFE292900F49750B4AA97934D9C4296B26E51FD370471B235E15A50DAE15BD5489C87

0000000000000000600000000100000000000000000000005C33530DEAF90D4DB2EC4AE3786EC308

4E45474F45585453030000000100000040000000980000007C7CC0FD06D6362D02DDE1CF343BFE29

5C33530DEAF90D4DB2EC4AE3786EC30840000000580000003056A05430523027802530233121301F

06035504031318546F6B656E205369676E696E67205075626C6963204B6579302780253023312130

1F06035504031318546F6B656E205369676E696E67205075626C6963204B65790100260000000000

01002000010060A3C3B95C3C7CCD51EC536648D9B3AC74C483CA5B65385A251117BEB30712E50000

020004000000000001000200

New

Connection.PreauthIntegrityHashValue

324BFA92A4F3A190E466EBEA08D9C110DC88BFED758D9846ECC6F541CC1D02AE3C94A79F36011E99

7E13F841B91B50957AD07B19C8E2539C0B23FDAE09D2C513

 

Add NEW SessionId 0x17592186044441 to Preauth Integrity hash table with
value

Connection.PreauthIntegrityHashValue

324BFA92A4F3A190E466EBEA08D9C110DC88BFED758D9846ECC6F541CC1D02AE3C94A79F36011E99

7E13F841B91B50957AD07B19C8E2539C0B23FDAE09D2C513

 

SESSION SETUP Request

PreauthSession.SessionId 0x17592186044441

Current

PreauthSession.PreauthIntegrityHashValue

324BFA92A4F3A190E466EBEA08D9C110DC88BFED758D9846ECC6F541CC1D02AE3C94A79F36011E99

7E13F841B91B50957AD07B19C8E2539C0B23FDAE09D2C513

SessionSetup request packet

FE534D4240000100000000000100800000000000000000000200000000000000FFFE000000000000

00000000000000000000000000000000000000000000000019000001010000000000000058004A00

0000000000000000604806062B0601050502A03E303CA00E300C060A2B06010401823702020AA22A

04284E544C4D5353500001000000978208E200000000000000000000000000000000060380250000

000F

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
request packet

SHA-512 Input Hash Data 

324BFA92A4F3A190E466EBEA08D9C110DC88BFED758D9846ECC6F541CC1D02AE3C94A79F36011E99

7E13F841B91B50957AD07B19C8E2539C0B23FDAE09D2C513FE534D42400001000000000001008000

00000000000000000200000000000000FFFE00000000000000000000000000000000000000000000

000000000000000019000001010000000000000058004A000000000000000000604806062B060105

0502A03E303CA00E300C060A2B06010401823702020AA22A04284E544C4D53535000010000009782

08E200000000000000000000000000000000060380250000000F

PreauthSession.PreauthIntegrityHashValue

AC0B0F2B9986257700365E416D142A6EDC96DF03594A19E52A15F6BD0D041CD5D432F8ED42C55E33

197A50C9EC00F1462B50C592211B1471A04B56088FDFD5F9

 

SESSION SETUP Response

 

 --- STATUS_MORE_PROCESSING_REQUIRED
- Updating Preauth integrity hash ---

PreauthSession.SessionId 0x17592186044441

Current

PreauthSession.PreauthIntegrityHashValue

AC0B0F2B9986257700365E416D142A6EDC96DF03594A19E52A15F6BD0D041CD5D432F8ED42C55E33

197A50C9EC00F1462B50C592211B1471A04B56088FDFD5F9

SessionSetup response packet

FE534D4240000100160000C00100010001000000000000000200000000000000FFFE000000000000

190000000010000000000000000000000000000000000000090000004800B300A181B03081ADA003

0A0101A10C060A2B06010401823702020AA281970481944E544C4D53535000020000000C000C0038

00000015828AE20D1D8BA31179D008000000000000000050005000440000000A0092270000000F53

005500540033003100310002000C0053005500540033003100310001000C00530055005400330031

00310004000C0053005500540033003100310003000C0053005500540033003100310007000800A1

A1F5ADCBAED00100000000

SessionSetup response header signature 0x00000000000000000000000000000000

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
response packet

SHA-512 Input Hash Data

AC0B0F2B9986257700365E416D142A6EDC96DF03594A19E52A15F6BD0D041CD5D432F8ED42C55E33

197A50C9EC00F1462B50C592211B1471A04B56088FDFD5F9FE534D4240000100160000C001000100

01000000000000000200000000000000FFFE00000000000019000000001000000000000000000000

0000000000000000090000004800B300A181B03081ADA0030A0101A10C060A2B0601040182370202

0AA281970481944E544C4D53535000020000000C000C003800000015828AE20D1D8BA31179D00800

0000000000000050005000440000000A0092270000000F53005500540033003100310002000C0053

005500540033003100310001000C0053005500540033003100310004000C00530055005400330031

00310003000C0053005500540033003100310007000800A1A1F5ADCBAED00100000000

PreauthSession.PreauthIntegrityHashValue

2729E3440DFDDD839E37193F6E8F20C20CEFB3469E453A70CD980EEC06B8835740A7376008563336

4C8989895ECE81BF102DEEB14D4B7D48AFA76901A7A38387

 

SESSION SETUP Request

PreauthSession.SessionId 0x17592186044441

Current

PreauthSession.PreauthIntegrityHashValue

2729E3440DFDDD839E37193F6E8F20C20CEFB3469E453A70CD980EEC06B8835740A7376008563336

4C8989895ECE81BF102DEEB14D4B7D48AFA76901A7A38387

SessionSetup request packet

FE534D4240000100000000000100800000000000000000000300000000000000FFFE000000000000

1900000000100000000000000000000000000000000000001900000101000000000000005800CF01

0000000000000000A18201CB308201C7A0030A0101A28201AA048201A64E544C4D53535000030000

001800180090000000EE00EE00A80000000C000C00580000001A001A0064000000120012007E0000

001000100096010000158288E2060380250000000FECAC77A5F385A8BF9C38C706EEEDDCD3530055

005400330031003100610064006D0069006E006900730074007200610074006F0072004400520049

0056004500520033003100310000000000000000000000000000000000000000000000000063078E

B639FE03E20A231C3AE3BF23080101000000000000A1A1F5ADCBAED001BC4AD05F223CC90F000000

0002000C0053005500540033003100310001000C0053005500540033003100310004000C00530055

00540033003100310003000C0053005500540033003100310007000800A1A1F5ADCBAED001060004

00020000000800300030000000000000000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B

8E0EBA5A6DFD9D07A31D11B548F8C9D0CC0A00100000000000000000000000000000000000090016

0063006900660073002F005300550054003300310031000000000000000000000000003B9BDFF38F

5EE8F9663F11A0F4C03A78A31204100100000063775A9A5FD97F0600000000

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
request packet

SHA-512 Input Hash Data 

2729E3440DFDDD839E37193F6E8F20C20CEFB3469E453A70CD980EEC06B8835740A7376008563336

4C8989895ECE81BF102DEEB14D4B7D48AFA76901A7A38387FE534D42400001000000000001008000

00000000000000000300000000000000FFFE00000000000019000000001000000000000000000000

00000000000000001900000101000000000000005800CF010000000000000000A18201CB308201C7

A0030A0101A28201AA048201A64E544C4D53535000030000001800180090000000EE00EE00A80000

000C000C00580000001A001A0064000000120012007E0000001000100096010000158288E2060380

250000000FECAC77A5F385A8BF9C38C706EEEDDCD3530055005400330031003100610064006D0069

006E006900730074007200610074006F007200440052004900560045005200330031003100000000

00000000000000000000000000000000000000000063078EB639FE03E20A231C3AE3BF2308010100

0000000000A1A1F5ADCBAED001BC4AD05F223CC90F0000000002000C005300550054003300310031

0001000C0053005500540033003100310004000C0053005500540033003100310003000C00530055

00540033003100310007000800A1A1F5ADCBAED00106000400020000000800300030000000000000

000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B8E0EBA5A6DFD9D07A31D11B548F8C9D0

CC0A001000000000000000000000000000000000000900160063006900660073002F005300550054

003300310031000000000000000000000000003B9BDFF38F5EE8F9663F11A0F4C03A78A312041001

00000063775A9A5FD97F0600000000

PreauthSession.PreauthIntegrityHashValue

0DD13628CC3ED218EF9DF9772D436D0887AB9814BFAE63A80AA845F36909DB7928622DDDAD522D97

51640A459762C5A9D6BB084CBB3CE6BDADEF5D5BCE3C6C01

 

SESSION SETUP Response

SessionId 0x17592186044441 COMPLETED

SessionSetup response packet

FE534D4240000100000000000100800009000000000000000300000000000000FFFE000000000000

1900000000100000EBE146DA120BA25FC3376A49DFE31BC10900000048001D00A11B3019A0030A01

00A3120410010000003B453CDC3524164200000000

SessionSetup response header signature 0xEBE146DA120BA25FC3376A49DFE31BC1

PreauthSession.PreauthIntegrityHashValue

0DD13628CC3ED218EF9DF9772D436D0887AB9814BFAE63A80AA845F36909DB7928622DDDAD522D97

51640A459762C5A9D6BB084CBB3CE6BDADEF5D5BCE3C6C01

 

Input cryptographicKey (SessionKey) 0x270E1BA896585EEB7AF3472D3B4C75A7

(queried from GSS authenticated context)

 

--- Dialect 0x0311 ---

preauthIntegrityHashValue

0DD13628CC3ED218EF9DF9772D436D0887AB9814BFAE63A80AA845F36909DB7928622DDDAD522D97

51640A459762C5A9D6BB084CBB3CE6BDADEF5D5BCE3C6C01

CypherId 0x0002

SessionKey 0x270E1BA896585EEB7AF3472D3B4C75A7

SigningKey 0x73FE7A9A77BEF0BDE49C650D8CCB5F76

 

Appendix A.2. Pre-authentication integrity and encryption (AES-CCM) negotiate contexts 

 

Header.Command 0x0000 NEGOTIATE

 

Preauth integrity hash capabilities ---

PreauthIntegrityCaps.HashAlgorithmCount 0x1

PreauthIntegrityCaps.SaltLength 0x20

PreauthIntegrityCaps.HashAlgorithms 0x0001

PreauthIntegrityCaps.Salt

BE43C3C288C4D3992CD82559E382F0AACEB5A1D936A1BFF07AD1E0C18DB0CA86

 

Encryption capabilites ---

EncryptionCaps.CipherCount 0x1

EncryptionCaps.Ciphers[0] 0x0001

 

Connection.PreauthIntegrityHashId 0x0001

 

NEGOTIATE Request

 

Preauth integrity hash ---

Current

Connection.PreauthIntegrityHashValue

00000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000

Negotiate request packet

FE534D4240000100000000000000800000000000000000000100000000000000FFFE000000000000

00000000000000000000000000000000000000000000000024000500000000003F000000C318232F

0EDFFB4D99991F725DA93B3E70000000020000000202100200030203110300000100260000000000

010020000100BE43C3C288C4D3992CD82559E382F0AACEB5A1D936A1BFF07AD1E0C18DB0CA860000

020004000000000001000100

Concatenate Connection.PreauthIntegrityHashValue and Negotiate request
packet

SHA-512 Input Hash Data

00000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000FE534D42400001000000000000008000

00000000000000000100000000000000FFFE00000000000000000000000000000000000000000000

000000000000000024000500000000003F000000C318232F0EDFFB4D99991F725DA93B3E70000000

020000000202100200030203110300000100260000000000010020000100BE43C3C288C4D3992CD8

2559E382F0AACEB5A1D936A1BFF07AD1E0C18DB0CA860000020004000000000001000100

New

Connection.PreauthIntegrityHashValue

BD11D3C338C8F993B3C9CD75420F331FCBFD6A389ADCEA930593C14D5EFDA3E38F1B0320BD03AACC

78CEA25D9DEFD89324ECA8595F2DAE4C0E01FBEA4A54A428

 

NEGOTIATE Response

 

Updating Preauth integrity hash ---

Current

Connection.PreauthIntegrityHashValue

BD11D3C338C8F993B3C9CD75420F331FCBFD6A389ADCEA930593C14D5EFDA3E38F1B0320BD03AACC

78CEA25D9DEFD89324ECA8595F2DAE4C0E01FBEA4A54A428

Negotiate response packet

FE534D4240000100000000000000010001000000000000000100000000000000FFFE000000000000

000000000000000000000000000000000000000000000000410001001103020039CBCAF329714942

BDCE5D60F09AB3FB2F000000000080000000800000008000CDCEA973CAAED00109094AB095AED001

80004001C00100006082013C06062B0601050502A08201303082012CA01A3018060A2B0601040182

3702021E060A2B06010401823702020AA282010C048201084E45474F455854530100000000000000

6000000070000000747CC0FD06D6362D02DDE1CF343BFE299B5A978ED39ECF7F343F2F72B151E5C2

F427966D191C624A19F30E0F7132F3D5000000000000000060000000010000000000000000000000

5C33530DEAF90D4DB2EC4AE3786EC3084E45474F4558545303000000010000004000000098000000

747CC0FD06D6362D02DDE1CF343BFE295C33530DEAF90D4DB2EC4AE3786EC3084000000058000000

3056A05430523027802530233121301F06035504031318546F6B656E205369676E696E6720507562

6C6963204B65793027802530233121301F06035504031318546F6B656E205369676E696E67205075

626C6963204B65790100260000000000010020000100ED81E13FE1C5E910AE1299BE60FCA6F54B09

42FA0FB2A92285A947C68AB988810000020004000000000001000100

Concatenate Connection.PreauthIntegrityHashValue and Negotiate response
packet

SHA-512 Input Hash Data

BD11D3C338C8F993B3C9CD75420F331FCBFD6A389ADCEA930593C14D5EFDA3E38F1B0320BD03AACC

78CEA25D9DEFD89324ECA8595F2DAE4C0E01FBEA4A54A428FE534D42400001000000000000000100

01000000000000000100000000000000FFFE00000000000000000000000000000000000000000000

0000000000000000410001001103020039CBCAF329714942BDCE5D60F09AB3FB2F00000000008000

0000800000008000CDCEA973CAAED00109094AB095AED00180004001C00100006082013C06062B06

01050502A08201303082012CA01A3018060A2B06010401823702021E060A2B06010401823702020A

A282010C048201084E45474F4558545301000000000000006000000070000000747CC0FD06D6362D

02DDE1CF343BFE299B5A978ED39ECF7F343F2F72B151E5C2F427966D191C624A19F30E0F7132F3D5

0000000000000000600000000100000000000000000000005C33530DEAF90D4DB2EC4AE3786EC308

4E45474F4558545303000000010000004000000098000000747CC0FD06D6362D02DDE1CF343BFE29

5C33530DEAF90D4DB2EC4AE3786EC30840000000580000003056A05430523027802530233121301F

06035504031318546F6B656E205369676E696E67205075626C6963204B6579302780253023312130

1F06035504031318546F6B656E205369676E696E67205075626C6963204B65790100260000000000

010020000100ED81E13FE1C5E910AE1299BE60FCA6F54B0942FA0FB2A92285A947C68AB988810000

020004000000000001000100

New

Connection.PreauthIntegrityHashValue

7744458C12FB7387C68B767ED06E8A684BB0AA1F4E49E6C195B55CB47138F2BCDD9489EC5CF10FEE

04EF5192817EE3D6694F34965D33C177F296F915452B929B

 

Add NEW SessionId 0x17592186044425 to Preauth Integrity hash table with
value

Connection.PreauthIntegrityHashValue

7744458C12FB7387C68B767ED06E8A684BB0AA1F4E49E6C195B55CB47138F2BCDD9489EC5CF10FEE

04EF5192817EE3D6694F34965D33C177F296F915452B929B

 

SESSION SETUP Request

PreauthSession.SessionId 0x17592186044425

Current

PreauthSession.PreauthIntegrityHashValue

7744458C12FB7387C68B767ED06E8A684BB0AA1F4E49E6C195B55CB47138F2BCDD9489EC5CF10FEE

04EF5192817EE3D6694F34965D33C177F296F915452B929B

SessionSetup request packet

FE534D4240000100000000000100800000000000000000000200000000000000FFFE000000000000

00000000000000000000000000000000000000000000000019000001010000000000000058004A00

0000000000000000604806062B0601050502A03E303CA00E300C060A2B06010401823702020AA22A

04284E544C4D5353500001000000978208E200000000000000000000000000000000060380250000

000F

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
request packet

SHA-512 Input Hash Data 

7744458C12FB7387C68B767ED06E8A684BB0AA1F4E49E6C195B55CB47138F2BCDD9489EC5CF10FEE

04EF5192817EE3D6694F34965D33C177F296F915452B929BFE534D42400001000000000001008000

00000000000000000200000000000000FFFE00000000000000000000000000000000000000000000

000000000000000019000001010000000000000058004A000000000000000000604806062B060105

0502A03E303CA00E300C060A2B06010401823702020AA22A04284E544C4D53535000010000009782

08E200000000000000000000000000000000060380250000000F

PreauthSession.PreauthIntegrityHashValue

983C28E03CE2F30CA2CF648C95D489DD16E51E027A4A9F7C05A1F9E888AF289C112C77C8A77ACEB1

2EEC19DD6BD550C2303233B11A08F70609D4484D7CDEC58C

 

SESSION SETUP Response

 

 --- STATUS_MORE_PROCESSING_REQUIRED
- Updating Preauth integrity hash ---

PreauthSession.SessionId 0x17592186044425

Current

PreauthSession.PreauthIntegrityHashValue

983C28E03CE2F30CA2CF648C95D489DD16E51E027A4A9F7C05A1F9E888AF289C112C77C8A77ACEB1

2EEC19DD6BD550C2303233B11A08F70609D4484D7CDEC58C

SessionSetup response packet

FE534D4240000100160000C00100010001000000000000000200000000000000FFFE000000000000

090000000010000000000000000000000000000000000000090000004800B300A181B03081ADA003

0A0101A10C060A2B06010401823702020AA281970481944E544C4D53535000020000000C000C0038

00000015828AE2395571B0B34E928C000000000000000050005000440000000A0092270000000F53

005500540033003100310002000C0053005500540033003100310001000C00530055005400330031

00310004000C0053005500540033003100310003000C0053005500540033003100310007000800CC

2FBB73CAAED00100000000

SessionSetup response header signature 0x00000000000000000000000000000000

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
response packet

SHA-512 Input Hash Data

983C28E03CE2F30CA2CF648C95D489DD16E51E027A4A9F7C05A1F9E888AF289C112C77C8A77ACEB1

2EEC19DD6BD550C2303233B11A08F70609D4484D7CDEC58CFE534D4240000100160000C001000100

01000000000000000200000000000000FFFE00000000000009000000001000000000000000000000

0000000000000000090000004800B300A181B03081ADA0030A0101A10C060A2B0601040182370202

0AA281970481944E544C4D53535000020000000C000C003800000015828AE2395571B0B34E928C00

0000000000000050005000440000000A0092270000000F53005500540033003100310002000C0053

005500540033003100310001000C0053005500540033003100310004000C00530055005400330031

00310003000C0053005500540033003100310007000800CC2FBB73CAAED00100000000

PreauthSession.PreauthIntegrityHashValue

C9CA587360D51A1DA5E61E208391B6E5C1846ADC5E5C961614A3A533DE3943E6314C8AE9DE7CDBD1

7E4068ED21F97DEBE879F13724CF3FF21B2C86D99BA59B87

 

SESSION SETUP Request

PreauthSession.SessionId 0x17592186044425

Current

PreauthSession.PreauthIntegrityHashValue

C9CA587360D51A1DA5E61E208391B6E5C1846ADC5E5C961614A3A533DE3943E6314C8AE9DE7CDBD1

7E4068ED21F97DEBE879F13724CF3FF21B2C86D99BA59B87

SessionSetup request packet

FE534D4240000100000000000100800000000000000000000300000000000000FFFE000000000000

0900000000100000000000000000000000000000000000001900000101000000000000005800CF01

0000000000000000A18201CB308201C7A0030A0101A28201AA048201A64E544C4D53535000030000

001800180090000000EE00EE00A80000000C000C00580000001A001A0064000000120012007E0000

001000100096010000158288E2060380250000000F308F9AF7839280D351E663E84AD3957F530055

005400330031003100610064006D0069006E006900730074007200610074006F0072004400520049

005600450052003300310031000000000000000000000000000000000000000000000000001EAF5A

8F20782DD3B7DFC1562EBFE9240101000000000000CC2FBB73CAAED0012B6C3234196EE8BF000000

0002000C0053005500540033003100310001000C0053005500540033003100310004000C00530055

00540033003100310003000C0053005500540033003100310007000800CC2FBB73CAAED001060004

00020000000800300030000000000000000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B

8E0EBA5A6DFD9D07A31D11B548F8C9D0CC0A00100000000000000000000000000000000000090016

0063006900660073002F00530055005400330031003100000000000000000000000000AEF242481A

FBFB82BEDBE68A4F5742F2A3120410010000007FEE0708D69AD22600000000

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
request packet

SHA-512 Input Hash Data 

C9CA587360D51A1DA5E61E208391B6E5C1846ADC5E5C961614A3A533DE3943E6314C8AE9DE7CDBD1

7E4068ED21F97DEBE879F13724CF3FF21B2C86D99BA59B87FE534D42400001000000000001008000

00000000000000000300000000000000FFFE00000000000009000000001000000000000000000000

00000000000000001900000101000000000000005800CF010000000000000000A18201CB308201C7

A0030A0101A28201AA048201A64E544C4D53535000030000001800180090000000EE00EE00A80000

000C000C00580000001A001A0064000000120012007E0000001000100096010000158288E2060380

250000000F308F9AF7839280D351E663E84AD3957F530055005400330031003100610064006D0069

006E006900730074007200610074006F007200440052004900560045005200330031003100000000

0000000000000000000000000000000000000000001EAF5A8F20782DD3B7DFC1562EBFE924010100

0000000000CC2FBB73CAAED0012B6C3234196EE8BF0000000002000C005300550054003300310031

0001000C0053005500540033003100310004000C0053005500540033003100310003000C00530055

00540033003100310007000800CC2FBB73CAAED00106000400020000000800300030000000000000

000000000000300000B61FEFCAA857EA57BF1EDCEBF8974B8E0EBA5A6DFD9D07A31D11B548F8C9D0

CC0A001000000000000000000000000000000000000900160063006900660073002F005300550054

00330031003100000000000000000000000000AEF242481AFBFB82BEDBE68A4F5742F2A312041001

0000007FEE0708D69AD22600000000

PreauthSession.PreauthIntegrityHashValue

BD57317658D28E7599C2491165F5D6FB36AD0AD65833774A6684D07F83EF2EBAB8726C1D76704AF3

25285A70FCBAD053F39EF4C031AE67C56006C50C6D349EC6

 

SESSION SETUP Response

SessionId 0x17592186044425 COMPLETED

SessionSetup response packet

FE534D4240000100000000000100800009000000000000000300000000000000FFFE000000000000

090000000010000021AC4DB12F2F6431207BA653FB805C290900000048001D00A11B3019A0030A01

00A312041001000000F19063CADAA8BE2100000000

SessionSetup response header signature 0x21AC4DB12F2F6431207BA653FB805C29

PreauthSession.PreauthIntegrityHashValue

BD57317658D28E7599C2491165F5D6FB36AD0AD65833774A6684D07F83EF2EBAB8726C1D76704AF3

25285A70FCBAD053F39EF4C031AE67C56006C50C6D349EC6

 

Input cryptographicKey (SessionKey) 0xFD67875E7DF37605F5A9D226991A8782

(queried from GSS authenticated context)

 

--- Dialect 0x0311 ---

preauthIntegrityHashValue

BD57317658D28E7599C2491165F5D6FB36AD0AD65833774A6684D07F83EF2EBAB8726C1D76704AF3

25285A70FCBAD053F39EF4C031AE67C56006C50C6D349EC6

CypherId 0x0001

SessionKey 0xFD67875E7DF37605F5A9D226991A8782

SigningKey 0xD9AE56D84460F692E15673D7AC357904

 

Appendix B. Pre-authentication integrity negotiate context only

 

Header.Command 0x0000 NEGOTIATE

 

Preauth integrity hash ---

PreauthIntegrityCaps.HashAlgorithmCount 0x1

PreauthIntegrityCaps.SaltLength 0x20

PreauthIntegrityCaps.HashAlgorithms 0x0001

PreauthIntegrityCaps.Salt

E2D024DB75ED67B6323EDB6BD24FC4C97ECD893481CE1BEFDBD1DE3D09DF9DB5

 

Connection.PreauthIntegrityHashId 0x0001

 

NEGOTIATE Request

 

Preauth integrity hash ---

Current

Connection.PreauthIntegrityHashValue

00000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000

Negotiate request packet

FE534D4240000100000000000000800000000000000000000100000000000000FFFE000000000000

00000000000000000000000000000000000000000000000024000500000000003F0000004C3DB6FB

51377A45AB915E5700F9D91B70000000010000000202100200030203110300000100260000000000

010020000100E2D024DB75ED67B6323EDB6BD24FC4C97ECD893481CE1BEFDBD1DE3D09DF9DB5

Concatenate Connection.PreauthIntegrityHashValue and Negotiate request
packet

SHA-512 Input Hash Data

00000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000FE534D42400001000000000000008000

00000000000000000100000000000000FFFE00000000000000000000000000000000000000000000

000000000000000024000500000000003F0000004C3DB6FB51377A45AB915E5700F9D91B70000000

010000000202100200030203110300000100260000000000010020000100E2D024DB75ED67B6323E

DB6BD24FC4C97ECD893481CE1BEFDBD1DE3D09DF9DB5

New

Connection.PreauthIntegrityHashValue

EF7D572595297374B39788024797DAA020D66D3DF9D3A893CF2CA0442AEE16C6C154F1BC185CAF3F

660139347B9C4CA231161CA8A16073F058B5422045DE7C65

 

NEGOTIATE Response

 

Updating Preauth integrity hash ---

Current

Connection.PreauthIntegrityHashValue

EF7D572595297374B39788024797DAA020D66D3DF9D3A893CF2CA0442AEE16C6C154F1BC185CAF3F

660139347B9C4CA231161CA8A16073F058B5422045DE7C65

Negotiate response packet

FE534D4240000100000000000000010001000000000000000100000000000000FFFE000000000000

00000000000000000000000000000000000000000000000041000100110301001DE6C96123D11C40

9509F58B06CEB6E52F000000000080000000800000008000ECAC634232B1D001112265502BB1D001

80004001C00100006082013C06062B0601050502A08201303082012CA01A3018060A2B0601040182

3702021E060A2B06010401823702020AA282010C048201084E45474F455854530100000000000000

6000000070000000E396D6D84D7EBFC97CE3BD8B1761B727F0DDDDFF536372E805A6CD3A8CCC5C0F

54F850C98DF6C8C9F7A88AE1FF70590A000000000000000060000000010000000000000000000000

5C33530DEAF90D4DB2EC4AE3786EC3084E45474F4558545303000000010000004000000098000000

E396D6D84D7EBFC97CE3BD8B1761B7275C33530DEAF90D4DB2EC4AE3786EC3084000000058000000

3056A05430523027802530233121301F06035504031318546F6B656E205369676E696E6720507562

6C6963204B65793027802530233121301F06035504031318546F6B656E205369676E696E67205075

626C6963204B657901002600000000000100200001003208BCEB8827C388303D3E51E2D90F710898

D12B04522B5D871A0C031FC7B7B5

Concatenate Connection.PreauthIntegrityHashValue and Negotiate response
packet

SHA-512 Input Hash Data

EF7D572595297374B39788024797DAA020D66D3DF9D3A893CF2CA0442AEE16C6C154F1BC185CAF3F

660139347B9C4CA231161CA8A16073F058B5422045DE7C65FE534D42400001000000000000000100

01000000000000000100000000000000FFFE00000000000000000000000000000000000000000000

000000000000000041000100110301001DE6C96123D11C409509F58B06CEB6E52F00000000008000

0000800000008000ECAC634232B1D001112265502BB1D00180004001C00100006082013C06062B06

01050502A08201303082012CA01A3018060A2B06010401823702021E060A2B06010401823702020A

A282010C048201084E45474F4558545301000000000000006000000070000000E396D6D84D7EBFC9

7CE3BD8B1761B727F0DDDDFF536372E805A6CD3A8CCC5C0F54F850C98DF6C8C9F7A88AE1FF70590A

0000000000000000600000000100000000000000000000005C33530DEAF90D4DB2EC4AE3786EC308

4E45474F4558545303000000010000004000000098000000E396D6D84D7EBFC97CE3BD8B1761B727

5C33530DEAF90D4DB2EC4AE3786EC30840000000580000003056A05430523027802530233121301F

06035504031318546F6B656E205369676E696E67205075626C6963204B6579302780253023312130

1F06035504031318546F6B656E205369676E696E67205075626C6963204B65790100260000000000

0100200001003208BCEB8827C388303D3E51E2D90F710898D12B04522B5D871A0C031FC7B7B5

New

Connection.PreauthIntegrityHashValue

7ECC09ACEC6034FF40F8B0C9F6662C95E2532E6F54D29E922138A65D592FD58FA437712034CD2542

55EAA10BB823507EFCF1654195512A8445D9DE2609F47741

 

Add NEW SessionId 0x30786325577741 to Preauth Integrity hash table with
value

Connection.PreauthIntegrityHashValue

7ECC09ACEC6034FF40F8B0C9F6662C95E2532E6F54D29E922138A65D592FD58FA437712034CD2542

55EAA10BB823507EFCF1654195512A8445D9DE2609F47741

 

SESSION SETUP Request

PreauthSession.SessionId 0x30786325577741

Current

PreauthSession.PreauthIntegrityHashValue

7ECC09ACEC6034FF40F8B0C9F6662C95E2532E6F54D29E922138A65D592FD58FA437712034CD2542

55EAA10BB823507EFCF1654195512A8445D9DE2609F47741

SessionSetup request packet

FE534D4240000100000000000100800000000000000000000200000000000000FFFE000000000000

00000000000000000000000000000000000000000000000019000001010000000000000058004A00

0000000000000000604806062B0601050502A03E303CA00E300C060A2B06010401823702020AA22A

04284E544C4D5353500001000000978208E200000000000000000000000000000000060380250000

000F

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
request packet

SHA-512 Input Hash Data 

7ECC09ACEC6034FF40F8B0C9F6662C95E2532E6F54D29E922138A65D592FD58FA437712034CD2542

55EAA10BB823507EFCF1654195512A8445D9DE2609F47741FE534D42400001000000000001008000

00000000000000000200000000000000FFFE00000000000000000000000000000000000000000000

000000000000000019000001010000000000000058004A000000000000000000604806062B060105

0502A03E303CA00E300C060A2B06010401823702020AA22A04284E544C4D53535000010000009782

08E200000000000000000000000000000000060380250000000F

PreauthSession.PreauthIntegrityHashValue

96D0F138CFE59B45465B2241727FADE2F74E5F6E4F88392C53A6DDC8E03B9BA5D7405FD37963906B

D7256648BDD43537A3A29C2CD0FE4FE5FE18E124EAD0B663

 

SESSION SETUP Response

 

 --- STATUS_MORE_PROCESSING_REQUIRED
- Updating Preauth integrity hash ---

PreauthSession.SessionId 0x30786325577741

Current

PreauthSession.PreauthIntegrityHashValue

96D0F138CFE59B45465B2241727FADE2F74E5F6E4F88392C53A6DDC8E03B9BA5D7405FD37963906B

D7256648BDD43537A3A29C2CD0FE4FE5FE18E124EAD0B663

SessionSetup response packet

FE534D4240000100160000C00100010001000000000000000200000000000000FFFE000000000000

0D000000001C000000000000000000000000000000000000090000004800B300A181B03081ADA003

0A0101A10C060A2B06010401823702020AA281970481944E544C4D53535000020000000C000C0038

00000015828AE2CBB1D86ED8A26BBE000000000000000050005000440000000A0092270000000F53

005500540033003100310002000C0053005500540033003100310001000C00530055005400330031

00310004000C0053005500540033003100310003000C005300550054003300310031000700080083

C4744232B1D00100000000

SessionSetup response header signature 0x00000000000000000000000000000000

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
response packet

SHA-512 Input Hash Data

96D0F138CFE59B45465B2241727FADE2F74E5F6E4F88392C53A6DDC8E03B9BA5D7405FD37963906B

D7256648BDD43537A3A29C2CD0FE4FE5FE18E124EAD0B663FE534D4240000100160000C001000100

01000000000000000200000000000000FFFE0000000000000D000000001C00000000000000000000

0000000000000000090000004800B300A181B03081ADA0030A0101A10C060A2B0601040182370202

0AA281970481944E544C4D53535000020000000C000C003800000015828AE2CBB1D86ED8A26BBE00

0000000000000050005000440000000A0092270000000F53005500540033003100310002000C0053

005500540033003100310001000C0053005500540033003100310004000C00530055005400330031

00310003000C005300550054003300310031000700080083C4744232B1D00100000000

PreauthSession.PreauthIntegrityHashValue

F2243F95EEF00B4218D5A00DFBDAB515B9CC1F7C5F8DA99AAFBAFB72EB9424F6845C79A94EC5796C

9D69402D103EDD72805ACB38CF62E7DA3BE94B3BED3EE8FC

 

SESSION SETUP Request

PreauthSession.SessionId 0x30786325577741

Current

PreauthSession.PreauthIntegrityHashValue

F2243F95EEF00B4218D5A00DFBDAB515B9CC1F7C5F8DA99AAFBAFB72EB9424F6845C79A94EC5796C

9D69402D103EDD72805ACB38CF62E7DA3BE94B3BED3EE8FC

SessionSetup request packet

FE534D4240000100000000000100800000000000000000000300000000000000FFFE000000000000

0D000000001C0000000000000000000000000000000000001900000101000000000000005800CF01

0000000000000000A18201CB308201C7A0030A0101A28201AA048201A64E544C4D53535000030000

001800180090000000EE00EE00A80000000C000C00580000001A001A0064000000120012007E0000

001000100096010000158288E2060380250000000F268C28C948C2E1EF3A481C34A7100C97530055

005400330031003100610064006D0069006E006900730074007200610074006F0072004400520049

0056004500520033003100310000000000000000000000000000000000000000000000000030EF61

6190C8A662E721E2F8EDC40E98010100000000000083C4744232B1D001A529012472765972000000

0002000C0053005500540033003100310001000C0053005500540033003100310004000C00530055

00540033003100310003000C005300550054003300310031000700080083C4744232B1D001060004

000200000008003000300000000000000000000000003000009B52C033A82790F6F74C0E851E924C

504FDC52EF290D80D5322FBE536429D6D50A00100000000000000000000000000000000000090016

0063006900660073002F005300550054003300310031000000000000000000000000008A393FC3E9

D7FFD7CDE5BECCBF864F29A31204100100000071B9DE9A4248980D00000000

Concatenate PreauthSession.PreauthIntegrityHashValue and Session Setup
request packet

SHA-512 Input Hash Data 

F2243F95EEF00B4218D5A00DFBDAB515B9CC1F7C5F8DA99AAFBAFB72EB9424F6845C79A94EC5796C

9D69402D103EDD72805ACB38CF62E7DA3BE94B3BED3EE8FCFE534D42400001000000000001008000

00000000000000000300000000000000FFFE0000000000000D000000001C00000000000000000000

00000000000000001900000101000000000000005800CF010000000000000000A18201CB308201C7

A0030A0101A28201AA048201A64E544C4D53535000030000001800180090000000EE00EE00A80000

000C000C00580000001A001A0064000000120012007E0000001000100096010000158288E2060380

250000000F268C28C948C2E1EF3A481C34A7100C97530055005400330031003100610064006D0069

006E006900730074007200610074006F007200440052004900560045005200330031003100000000

00000000000000000000000000000000000000000030EF616190C8A662E721E2F8EDC40E98010100

000000000083C4744232B1D001A5290124727659720000000002000C005300550054003300310031

0001000C0053005500540033003100310004000C0053005500540033003100310003000C00530055

0054003300310031000700080083C4744232B1D00106000400020000000800300030000000000000

0000000000003000009B52C033A82790F6F74C0E851E924C504FDC52EF290D80D5322FBE536429D6

D50A001000000000000000000000000000000000000900160063006900660073002F005300550054

003300310031000000000000000000000000008A393FC3E9D7FFD7CDE5BECCBF864F29A312041001

00000071B9DE9A4248980D00000000

PreauthSession.PreauthIntegrityHashValue

CB3320852ED35231F1087E6A4828C129384F7041005FF76543B46B1590574300B376771109C29903

D0A5E6EB124A3BCA8DD9CF0FBF2EF60F2FED746A70CE0533

 

SESSION SETUP Response

SessionId 0x30786325577741 COMPLETED

SessionSetup response packet

FE534D4240000100000000000100800009000000000000000300000000000000FFFE000000000000

0D000000001C0000BCE812303D9BCD5D3295EF0572553AEB0900000048001D00A11B3019A0030A01

00A31204100100000017DD19D27E10A55D00000000

SessionSetup response header signature 0xBCE812303D9BCD5D3295EF0572553AEB

PreauthSession.PreauthIntegrityHashValue

CB3320852ED35231F1087E6A4828C129384F7041005FF76543B46B1590574300B376771109C29903

D0A5E6EB124A3BCA8DD9CF0FBF2EF60F2FED746A70CE0533

 

Input cryptographicKey (SessionKey) 0xA8B3FCB8C96884BA9126132AE5B076AF

(queried from GSS authenticated context)

 

--- Dialect 0x0311 ---

preauthIntegrityHashValue

CB3320852ED35231F1087E6A4828C129384F7041005FF76543B46B1590574300B376771109C29903

D0A5E6EB124A3BCA8DD9CF0FBF2EF60F2FED746A70CE0533

SessionKey 0xA8B3FCB8C96884BA9126132AE5B076AF

SigningKey 0x5756AC382298721282D4D9F61CF1195F

 

[References]

[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2
and 3 Specification

SMB3 Secure Dialect Negotiation

https://blogs.msdn.com/b/openspecification/archive/2012/06/28/smb3-secure-dialect-negotiation.aspx

What’s new in SMB 3.1.1 in the Windows Server 2016 Technical
Preview 2

https://blogs.technet.com/b/josebda/archive/2015/05/05/what-s-new-in-smb-3-1-1-in-the-windows-server-technical-preview-2.aspx

[SP800-108] National Institute of Standards and Technology.
"Special Publication 800-108, Recommendation for Key Derivation Using
Pseudorandom Functions", October 2009, https://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf

[FIPS180-4] FIPS PUBS, "Secure Hash Standards
(SHS)", March 2012, https://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

[RFC4493]. The AES-CMAC Algorithm, https://www.ietf.org/rfc/rfc4493.txt