| 1 | #include "idl_types.h"
|
|---|
| 2 |
|
|---|
| 3 | import "misc.idl", "security.idl";
|
|---|
| 4 | [
|
|---|
| 5 | uuid("3dde7c30-165d-11d1-ab8f-00805f14db40"),
|
|---|
| 6 | version(1.0),
|
|---|
| 7 | endpoint("ncacn_np:[\\pipe\\protected_storage]","ncacn_np:[\\pipe\\ntsvcs]" ,"ncacn_ip_tcp:"),
|
|---|
| 8 | helpstring("Remote Backup Key Storage"),
|
|---|
| 9 | helper("../librpc/ndr/ndr_backupkey.h"),
|
|---|
| 10 | pointer_default(unique)
|
|---|
| 11 | ]
|
|---|
| 12 | interface backupkey
|
|---|
| 13 | {
|
|---|
| 14 | const string BACKUPKEY_RESTORE_GUID = "47270C64-2FC7-499B-AC5B-0E37CDCE899A";
|
|---|
| 15 | const string BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID = "018FF48A-EABA-40C6-8F6D-72370240E967";
|
|---|
| 16 |
|
|---|
| 17 | const string BACKUPKEY_RESTORE_GUID_WIN2K = "7FE94D50-178E-11D1-AB8F-00805F14DB40";
|
|---|
| 18 | const string BACKUPKEY_BACKUP_GUID = "7F752B10-178E-11D1-AB8F-00805F14DB40";
|
|---|
| 19 |
|
|---|
| 20 | /*
|
|---|
| 21 | * The magic values are really what they are there is no name it's just remarkable values
|
|---|
| 22 | * that are here to check that what is transmited or decoded is really what the client or
|
|---|
| 23 | * the server expect.
|
|---|
| 24 | */
|
|---|
| 25 | [public] typedef struct {
|
|---|
| 26 | [value(0x00000002)] uint32 header1;
|
|---|
| 27 | [value(0x00000494)] uint32 header2;
|
|---|
| 28 | uint32 certificate_len;
|
|---|
| 29 | [value(0x00000207)] uint32 magic1;
|
|---|
| 30 | [value(0x0000A400)] uint32 magic2;
|
|---|
| 31 | [value(0x32415352)] uint32 magic3;
|
|---|
| 32 | [value(0x00000800)] uint32 magic4;
|
|---|
| 33 | [subcontext(0),subcontext_size(4),flag(NDR_REMAINING)] DATA_BLOB public_exponent;
|
|---|
| 34 |
|
|---|
| 35 | [subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB modulus;
|
|---|
| 36 | [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime1;
|
|---|
| 37 | [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB prime2;
|
|---|
| 38 | [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent1;
|
|---|
| 39 | [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB exponent2;
|
|---|
| 40 | [subcontext(0),subcontext_size(128),flag(NDR_REMAINING)] DATA_BLOB coefficient;
|
|---|
| 41 | [subcontext(0),subcontext_size(256),flag(NDR_REMAINING)] DATA_BLOB private_exponent;
|
|---|
| 42 | [subcontext(0),subcontext_size(certificate_len),flag(NDR_REMAINING)] DATA_BLOB cert;
|
|---|
| 43 | } bkrp_exported_RSA_key_pair;
|
|---|
| 44 |
|
|---|
| 45 | [public] typedef struct {
|
|---|
| 46 | [value(0x00000001)] uint32 magic;
|
|---|
| 47 | uint8 key[256];
|
|---|
| 48 | } bkrp_dc_serverwrap_key;
|
|---|
| 49 |
|
|---|
| 50 | [public,gensize] typedef struct {
|
|---|
| 51 | uint32 version;
|
|---|
| 52 | uint32 encrypted_secret_len;
|
|---|
| 53 | uint32 access_check_len;
|
|---|
| 54 | GUID guid;
|
|---|
| 55 | uint8 encrypted_secret[encrypted_secret_len];
|
|---|
| 56 | uint8 access_check[access_check_len];
|
|---|
| 57 | } bkrp_client_side_wrapped;
|
|---|
| 58 |
|
|---|
| 59 | [public] typedef struct {
|
|---|
| 60 | [value(0x00000000)] uint32 magic;
|
|---|
| 61 | [subcontext(0),flag(NDR_REMAINING)] DATA_BLOB secret;
|
|---|
| 62 | } bkrp_client_side_unwrapped;
|
|---|
| 63 |
|
|---|
| 64 | [public] typedef struct {
|
|---|
| 65 | uint32 secret_len;
|
|---|
| 66 | [value(0x00000020)] uint32 magic;
|
|---|
| 67 | uint8 secret[secret_len];
|
|---|
| 68 | uint8 payload_key[32];
|
|---|
| 69 | } bkrp_encrypted_secret_v2;
|
|---|
| 70 |
|
|---|
| 71 | [public] typedef struct {
|
|---|
| 72 | uint32 secret_len;
|
|---|
| 73 | [value(0x00000030)] uint32 magic1;
|
|---|
| 74 | [value(0x00006610)] uint32 magic2;
|
|---|
| 75 | [value(0x0000800e)] uint32 magic3;
|
|---|
| 76 | uint8 secret[secret_len];
|
|---|
| 77 | uint8 payload_key[48];
|
|---|
| 78 | } bkrp_encrypted_secret_v3;
|
|---|
| 79 |
|
|---|
| 80 | /* Due to alignement constraint we can generate the structure only via pidl*/
|
|---|
| 81 | [public, nopush, nopull] typedef struct {
|
|---|
| 82 | [value(0x00000001)] uint32 magic;
|
|---|
| 83 | uint32 nonce_len;
|
|---|
| 84 | uint8 nonce[nonce_len];
|
|---|
| 85 | dom_sid sid;
|
|---|
| 86 | uint8 hash[20];
|
|---|
| 87 | } bkrp_access_check_v2;
|
|---|
| 88 |
|
|---|
| 89 | /* Due to alignement constraint we can generate the structure only via pidl*/
|
|---|
| 90 | [public,nopush,nopull] typedef struct {
|
|---|
| 91 | [value(0x00000001)] uint32 magic;
|
|---|
| 92 | uint32 nonce_len;
|
|---|
| 93 | uint8 nonce[nonce_len];
|
|---|
| 94 | dom_sid sid;
|
|---|
| 95 | uint8 hash[64];
|
|---|
| 96 | } bkrp_access_check_v3;
|
|---|
| 97 |
|
|---|
| 98 | typedef enum {
|
|---|
| 99 | BACKUPKEY_INVALID_GUID_INTEGER = 0xFFFF,
|
|---|
| 100 | BACKUPKEY_RESTORE_GUID_INTEGER = 0x0000,
|
|---|
| 101 | BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER = 0x0001
|
|---|
| 102 | } bkrp_guid_to_integer;
|
|---|
| 103 |
|
|---|
| 104 | [public] typedef [nodiscriminant] union {
|
|---|
| 105 | [case(BACKUPKEY_RESTORE_GUID_INTEGER)] bkrp_client_side_wrapped restore_req;
|
|---|
| 106 | [case(BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID_INTEGER)] bkrp_client_side_wrapped cert_req;
|
|---|
| 107 | } bkrp_data_in_blob;
|
|---|
| 108 |
|
|---|
| 109 | /******************/
|
|---|
| 110 | /* Function: 0x00 */
|
|---|
| 111 |
|
|---|
| 112 | [public, noprint] WERROR bkrp_BackupKey (
|
|---|
| 113 | [in,ref] GUID *guidActionAgent,
|
|---|
| 114 | [in,ref] [size_is(data_in_len)] uint8 *data_in,
|
|---|
| 115 | [in] uint32 data_in_len,
|
|---|
| 116 | [out,ref] [size_is(,*data_out_len)] uint8 **data_out,
|
|---|
| 117 | [out,ref] uint32 *data_out_len,
|
|---|
| 118 | [in] uint32 param
|
|---|
| 119 | );
|
|---|
| 120 | }
|
|---|
