3.2.2.4 AES Cipher Usage

Advanced Encryption Standard (AES) encryption is achieved in this protocol by using the AEAD-AES-256-CBC-HMAC-SHA512 cipher<81>, as specified in [AES-CBC]. In order to use an encryption key, AES encryption requires a shared secret between the server and the client. Create this encryption key as a content encryption key (CEK), as specified in following methods, as appropriate:

• For the SamrSetInformationUser2 method (section 3.1.5.6.4) with the UserInternal7Information (section 3.1.5.6.4.1) or UserInternal8Information (section 3.1.5.6.4.6) value, obtain the shared secret and CEK as the 16-byte user SMB session key, as specified in section 3.2.2.3.

• For the SamrUnicodeChangePasswordUser4 method (section 3.1.5.10.4), the shared secret is the plaintext old password and the CEK is generated as specified in section 3.2.2.5.

• For SamrUnicodeChangePasswordUser4 and SamrSetInformationUser2, the secret plaintext MUST be in the format specified in section 2.2.6.32.

The data MUST be encrypted and decrypted using AEAD-AES-256-CBC-HMAC-SHA512 as follows:

• Let IV be a random 16-byte number.

• Then the encryption is done as follows:

  Let enc_key ::= HMAC-SHA-512(CEK, SAM_AES256_ENC_KEY_STRING)

  Let mac_key ::= HMAC-SHA-512(CEK, SAM_AES256_MAC_KEY_STRING)

  Let Cipher ::= AES-CBC(enc_key, IV, secret_plaintext)

  Let AuthData ::= HMAC-SHA-512(mac_key, versionbyte + IV + Cipher + versionbyte_length)

Note that enc_key is truncated to 32-bytes and the entire 64-byte mac_key is used.