hierynomus / smbj

Server Message Block (SMB2, SMB3) implementation in Java
Other
713 stars 180 forks source link

Unable to establish session "withEncryptData" for "KDF/Counter/HMACSHA256" #608

Closed pranaysharmamanulife closed 3 years ago

pranaysharmamanulife commented 3 years ago

getDerivationFunction fails with parameter - "KDF/Counter/HMACSHA256" Exception in thread "main" java.lang.UnsupportedOperationException at com.hierynomus.security.jce.JceSecurityProvider.getDerivationFunction(JceSecurityProvider.java:64) at com.hierynomus.smbj.connection.SMBSessionBuilder.deriveKey(SMBSessionBuilder.java:290) at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:173) at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:142) at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:109) at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:192) at com.example.demo.DemoApplication.main(DemoApplication.java:49) Config -

` SmbConfig config = SmbConfig.builder().withDfsEnabled(true ) .withEncryptData(true)
.withDialects(SMB2Dialect.SMB_3_0_2) .withNegotiatedBufferSize() .build();

` Same call with "withEncryptData(false)" is successful.

pranaysharmamanulife commented 3 years ago

Adding .withSecurityProvider(new BCSecurityProvider()) fixes above error, but then results in ` Also had to add

.withSigningRequired(true) still creates error -

Now its failing with com.hierynomus.mssmb2.SMBApiException: STATUS_BAD_NETWORK_NAME 23:49:45.085 [Packet Reader for m.com] DEBUG com.hierynomus.smbj.connection.packet.SMB2SignatureVerificationPacketHandler - Passthrough Signature Verification as packet is decrypted 23:49:45.085 [Packet Reader for m.com] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 2 credits for SMB2_TREE_CONNECT with message id << 4 >>, now available: 513 credits 23:49:45.088 [Packet Reader for m.com] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Setting << 4 >> toSMB2_TREE_CONNECT with message id << 4 >> 23:49:45.097 [main] DEBUG com.hierynomus.smbj.connection.Connection - Granted 1 (out of 513) credits to Encrypted[SMB2_IOCTL with message id << 5 >>] 23:49:45.097 [main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport - Writing packet Encrypted[SMB2_IOCTL with message id << 5 >>] 23:49:45.098 [main] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Awaiting << 5 >> 23:49:45.390 [Packet Reader for m.com] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Received packet Encrypted for session id << 225002532114305 >> 23:49:45.390 [Packet Reader for m.com] INFO com.hierynomus.smbj.connection.packet.SMB3DecryptingPacketHandler - Decrypting packet Encrypted for session id << 225002532114305 >> 23:49:45.390 [Packet Reader for m.com] DEBUG com.hierynomus.smbj.connection.packet.SMB3DecryptingPacketHandler - Decrypted packet Encrypted for session id << 225002532114305 >> is packet SMB2_IOCTL with message id << 5 >>. 23:49:45.390 [Packet Reader for m.com] DEBUG com.hierynomus.smbj.connection.packet.SMB2SignatureVerificationPacketHandler - Passthrough Signature Verification as packet is decrypted 23:49:45.390 [Packet Reader for m.com] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 2 credits for SMB2_IOCTL with message id << 5 >>, now available: 514 credits

pranaysharmamanulife commented 3 years ago

.withSigningRequired(true) and .withEncryptData(true) fix the issue