librpc/idl/backupkey.idl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

#include "idl_types.h"

import "misc.idl", "security.idl";
[
  uuid("3dde7c30-165d-11d1-ab8f-00805f14db40"),
  version(1.0),
  endpoint("ncacn_np:[\\pipe\\protected_storage]","ncacn_np:[\\pipe\\ntsvcs]" ,"ncacn_ip_tcp:"),
  helpstring("Remote Backup Key Storage"),
  helper("../librpc/ndr/ndr_backupkey.h"),
  pointer_default(unique)
]
interface backupkey
{
	const string BACKUPKEY_RESTORE_GUID		= "47270C64-2FC7-499B-AC5B-0E37CDCE899A";
	const string BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID	= "018FF48A-EABA-40C6-8F6D-72370240E967";

	const string BACKUPKEY_RESTORE_GUID_WIN2K	= "7FE94D50-178E-11D1-AB8F-00805F14DB40";
	const string BACKUPKEY_BACKUP_GUID		= "7F752B10-178E-11D1-AB8F-00805F14DB40";

	/*
	 * The magic values are really what they are there is no name it's just remarkable values
	 * that are here to check that what is transmited or decoded is really what the client or
	 * the server expect.
	 */
	[public] typedef struct {
		[value(0x00000002)] uint32 header1;
		[value(0x00000494)] uint32 header2;
		uint32 certificate_len;
		[value(0x00000207)] uint32 magic1;
		[value(0x0000A400)] uint32 magic2;
		[value(0x32415352)] uint32 magic3;
		[value(0x00000800)] uint32 magic4;
		[subcontext(0),subcontext_size(4),flag(NDR_REMAINING)] DATA_BLOB public_exponent;

		[subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB modulus;
		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime1;
		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime2;
		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent1;
		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent2;
		[subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB coefficient;
		[subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB private_exponent;
		[subcontext(0),subcontext_size(certificate_len),flag(NDR_REMAINING)] DATA_BLOB cert;
	} bkrp_exported_RSA_key_pair;

	[public] typedef struct {
		[value(0x00000001)] uint32 magic;
		uint8 key[256];
	} bkrp_dc_serverwrap_key;

	[public,gensize] typedef struct {
		uint32 version;
		uint32 encrypted_secret_len;
		uint32 access_check_len;
		GUID guid;
		uint8  encrypted_secret[encrypted_secret_len];
		uint8  access_check[access_check_len];
	} bkrp_client_side_wrapped;

	[public] typedef struct {
		[value(0x00000000)] uint32 magic;
		[subcontext(0),flag(NDR_REMAINING)] DATA_BLOB secret;
	} bkrp_client_side_unwrapped;

	[public] typedef struct {
		uint32 secret_len;
		[value(0x00000020)] uint32 magic;
		uint8 secret[secret_len];
		uint8 payload_key[32];
	} bkrp_encrypted_secret_v2;

	[public] typedef struct {
		uint32 secret_len;
		[value(0x00000030)] uint32 magic1;
		[value(0x00006610)] uint32 magic2;
		[value(0x0000800e)] uint32 magic3;
		uint8 secret[secret_len];
		uint8 payload_key[48];
	} bkrp_encrypted_secret_v3;

	/* Due to alignement constraint we can generate the structure only via pidl*/
	[public, nopush, nopull] typedef struct {
		[value(0x00000001)] uint32 magic;
		uint32 nonce_len;
		uint8 nonce[nonce_len];
		dom_sid sid;
		uint8 hash[20];
	} bkrp_access_check_v2;

	/* Due to alignement constraint we can generate the structure only via pidl*/
	[public,nopush,nopull] typedef struct {
		[value(0x00000001)] uint32 magic;
		uint32 nonce_len;
		uint8 nonce[nonce_len];
		dom_sid sid;
		uint8 hash[64];
	} bkrp_access_check_v3;

	typedef enum {
		BACKUPKEY_INVALID_GUID_INTEGER = 0xFFFF,
		BACKUPKEY_RESTORE_GUID_INTEGER = 0x0000,
		BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001
	} bkrp_guid_to_integer;

	[public] typedef [nodiscriminant] union {
		[case(BACKUPKEY_RESTORE_GUID_INTEGER)] bkrp_client_side_wrapped restore_req;
		[case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_client_side_wrapped cert_req;
	} bkrp_data_in_blob;

	/******************/
	/* Function: 0x00 */

	[public, noprint] WERROR bkrp_BackupKey (
		[in,ref]  GUID *guidActionAgent,
		[in,ref]  [size_is(data_in_len)] uint8 *data_in,
		[in]      uint32 data_in_len,
		[out,ref] [size_is(,*data_out_len)] uint8 **data_out,
		[out,ref] uint32 *data_out_len,
		[in]      uint32 param
	);
}