[MS-WKST]: Workstation Service Remote Protocol
This topic lists Errata found in [MS-WKST] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications. Errata are subject to the same terms as the Open Specifications documentation referenced. |
---|
To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:
July 18, 2016 - Download
April 7, 2021 - Download
April 29, 2022 - Download
Errata below are for Protocol Document Version V31.0 – 2022/04/29.
Errata Published* |
Description |
||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2022/09/03 |
In Section 2.2.5.19, JOINPR_ENCRYPTED_USER_PASSWORD_AES, corrected typo:
Changed from:
AuthDate: 64 bytes, the HMAC.
Changed to: AuthData: 64 bytes, the HMAC.
In Section 2.2.5.19.3, Encrypt Key and MAC Key, clarified the calculation of the keys:
Changed from:
The following variables and values are used in calculating the EncryptKey and HMACKey values. versionbyte = 0x01 versionbyte_len = 1 algorithmString = "AEAD-AES-256-CBC-HMAC-SHA512" EncryptKey and MACKey are calculated as follows: EncryptKey := HMAC-SHA-512(SessionKey, "Microsoft WKST encryption key" + algorithmString +Length(SessionKey)) MACKey := HMAC-SHA-512(SessionKey, "Microsoft WKST MAC key" + algorithmString +Length(SessionKey)) Note that the SessionKey is calculated as in section 2.2.5.19.2. See [RFC4868] for details of the HMAC-SHA-512 algorithm.
Changed to:
The following variables and values are used in calculating the EncryptKey and MACKEY values:
EncryptKey and MACKey are calculated as follows: EncryptKey := HMAC-SHA-512(SessionKey, WKST_AES256_ENC_KEY_STRING) MACKey := HMAC-SHA-512(SessionKey, WKST_AES256_MAC_KEY_STRING) Note that the SessionKey is calculated as in section 2.2.5.19.2. See [RFC4868] for details of the HMAC-SHA-512 algorithm.
In Section 2.2.5.19.4, Encrypt Encoded Password, clarified the encreyption process:
Changed from:
Encrypt the encoded password as follows:
Salt := Randomly generated 16 bytes Cipher := AES-CBC( EncryptKey[0:256], IV, EncodedPasswordLength(4 bytes) + EncodedPassword) AuthData := HMAC-SHA-512(MACKey, Cipher+Salt+ versionbyte + versionbyte_len) Note that the Salt value is used as the initialization vector (IV). The MACKey is calculated in section 2.2.5.19.3.
Changed to:
Encrypt the encoded password as follows: Salt := Randomly generated 16 bytes Encoded_Plaintext:= EncodedPasswordlength (4 bytes) + EncodedPassword. Cipher := AES-CBC( EncryptKey[0:256], IV, Encoded_Plaintext) AuthData := HMAC-SHA-512(MACKey, Cipher+Salt+ versionbyte + versionbyte_len) Note that the Salt value is used as the initialization vector (IV). The MACKey is calculated in section 2.2.5.19.3. Note that EncryptKey is truncated to 32 bytes and the entire 64-byte MACKey is used. |
*Date format: YYYY/MM/DD