3 import
"misc.idl", "security.idl";
5 uuid("3dde7c30-165d-11d1-ab8f-00805f14db40"),
7 endpoint("ncacn_np:[\\pipe\\protected_storage]","ncacn_np:[\\pipe\\ntsvcs]" ,"ncacn_ip_tcp:"),
8 helpstring("Remote Backup Key Storage"),
9 helper
("../librpc/ndr/ndr_backupkey.h"),
10 pointer_default(unique)
14 const string BACKUPKEY_RESTORE_GUID
= "47270C64-2FC7-499B-AC5B-0E37CDCE899A";
15 const string BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID
= "018FF48A-EABA-40C6-8F6D-72370240E967";
17 const string BACKUPKEY_RESTORE_GUID_WIN2K
= "7FE94D50-178E-11D1-AB8F-00805F14DB40";
18 const string BACKUPKEY_BACKUP_GUID
= "7F752B10-178E-11D1-AB8F-00805F14DB40";
21 * The magic values are really what they are there is no name it's just remarkable values
22 * that are here to check that what is transmited or decoded is really what the client or
25 [public] typedef struct {
26 [value
(0x00000002)] uint32 header1
;
27 [value
(0x00000494)] uint32 header2
;
28 uint32 certificate_len
;
29 [value
(0x00000207)] uint32 magic1
;
30 [value
(0x0000A400)] uint32 magic2
;
31 [value
(0x32415352)] uint32 magic3
;
32 [value
(0x00000800)] uint32 magic4
;
33 [subcontext
(0),subcontext_size
(4),flag
(NDR_REMAINING
)] DATA_BLOB public_exponent
;
35 [subcontext
(0),subcontext_size
(256),flag
(NDR_REMAINING
)] DATA_BLOB modulus
;
36 [subcontext
(0),subcontext_size
(128),flag
(NDR_REMAINING
)] DATA_BLOB prime1
;
37 [subcontext
(0),subcontext_size
(128),flag
(NDR_REMAINING
)] DATA_BLOB prime2
;
38 [subcontext
(0),subcontext_size
(128),flag
(NDR_REMAINING
)] DATA_BLOB exponent1
;
39 [subcontext
(0),subcontext_size
(128),flag
(NDR_REMAINING
)] DATA_BLOB exponent2
;
40 [subcontext
(0),subcontext_size
(128),flag
(NDR_REMAINING
)] DATA_BLOB coefficient
;
41 [subcontext
(0),subcontext_size
(256),flag
(NDR_REMAINING
)] DATA_BLOB private_exponent
;
42 [subcontext
(0),subcontext_size
(certificate_len
),flag
(NDR_REMAINING
)] DATA_BLOB cert
;
43 } bkrp_exported_RSA_key_pair
;
45 [public] typedef struct {
46 [value
(0x00000001)] uint32 magic
;
48 } bkrp_dc_serverwrap_key
;
50 [public] typedef struct {
53 [public,gensize
] typedef struct {
55 uint32 encrypted_secret_len
;
56 uint32 access_check_len
;
58 uint8 encrypted_secret
[encrypted_secret_len
];
59 uint8 access_check
[access_check_len
];
60 } bkrp_client_side_wrapped
;
62 [public] typedef struct {
63 [value
(0x00000000)] uint32 magic
;
64 [subcontext
(0),flag
(NDR_REMAINING
)] DATA_BLOB secret
;
65 } bkrp_client_side_unwrapped
;
67 [public] typedef struct {
69 [value
(0x00000020)] uint32 magic
;
70 uint8 secret
[secret_len
];
71 uint8 payload_key
[32];
72 } bkrp_encrypted_secret_v2
;
74 [public] typedef struct {
76 [value
(0x00000030)] uint32 magic1
;
77 [value
(0x00006610)] uint32 magic2
;
78 [value
(0x0000800e)] uint32 magic3
;
79 uint8 secret
[secret_len
];
80 uint8 payload_key
[48];
81 } bkrp_encrypted_secret_v3
;
83 /* Due to alignement constraint we can generate the structure only via pidl*/
84 [public, nopush
, nopull
] typedef struct {
85 [value
(0x00000001)] uint32 magic
;
87 uint8 nonce
[nonce_len
];
90 } bkrp_access_check_v2
;
92 /* Due to alignement constraint we can generate the structure only via pidl*/
93 [public,nopush
,nopull
] typedef struct {
94 [value
(0x00000001)] uint32 magic
;
96 uint8 nonce
[nonce_len
];
99 } bkrp_access_check_v3
;
101 [public] typedef struct {
102 [subcontext
(0),subcontext_size
(32),flag
(NDR_REMAINING
)] DATA_BLOB r3
;
103 [subcontext
(0),subcontext_size
(20),flag
(NDR_REMAINING
)] DATA_BLOB mac
;
105 [subcontext
(0),flag
(NDR_REMAINING
)] DATA_BLOB secret
;
106 } bkrp_rc4encryptedpayload
;
108 [public] typedef struct {
109 [value
(0x00000001)] uint32 magic
;
110 uint32 payload_length
;
111 uint32 cyphertext_length
;
112 [subcontext
(0),subcontext_size
(16),flag
(NDR_REMAINING
)] DATA_BLOB guid_of_wrapping_key
;
113 [subcontext
(0),subcontext_size
(68),flag
(NDR_REMAINING
)] DATA_BLOB r2
;
114 [subcontext
(0),flag
(NDR_REMAINING
)] DATA_BLOB rc4encryptedpayload
;
115 } bkrp_server_side_wrapped
;
117 [public] typedef struct {
118 [flag
(NDR_REMAINING
)] DATA_BLOB opaque
;
122 BACKUPKEY_INVALID_GUID_INTEGER
= 0xFFFF,
123 BACKUPKEY_RESTORE_GUID_INTEGER
= 0x0000,
124 BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER
= 0x0001,
125 BACKUPKEY_RESTORE_GUID_WIN2K_INTEGER
= 0x0002,
126 BACKUPKEY_BACKUP_GUID_INTEGER
= 0x0003
127 } bkrp_guid_to_integer
;
129 [public] typedef [nodiscriminant
] union {
130 [case(BACKUPKEY_RESTORE_GUID_INTEGER
)] bkrp_client_side_wrapped restore_req
;
131 [case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER
)] bkrp_empty empty
;
132 [case(BACKUPKEY_RESTORE_GUID_WIN2K_INTEGER
)] bkrp_server_side_wrapped unsign_req
;
133 [case(BACKUPKEY_BACKUP_GUID_INTEGER
)] bkrp_opaque_blob sign_req
;
139 [public, noprint
] WERROR bkrp_BackupKey
(
140 [in,ref] GUID
*guidActionAgent
,
141 [in,ref] [size_is(data_in_len
)] uint8
*data_in
,
142 [in] uint32 data_in_len
,
143 [out,ref] [size_is(,*data_out_len
)] uint8
**data_out
,
144 [out,ref] uint32
*data_out_len
,