windows-nt/Source/XPSP1/NT/ds/security/inc/keyback.h

123 lines
3.3 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (C) 1996, 1997 Microsoft Corporation
Module Name:
keyback.h
Abstract:
This module defines the Key Backup interface and associated data structures.
Author:
Scott Field (sfield) 16-Aug-97
--*/
#ifndef __KEYBACK_H__
#define __KEYBACK_H__
//
// Back up a key
//
#define BACKUPKEY_BACKUP_GUID { 0x7f752b10, 0x178e, 0x11d1, { 0xab, 0x8f, 0x00, 0x80, 0x5f, 0x14, 0xdb, 0x40 } }
//
// Restore a key, wraping it in the pbBK format,
// for downlevel compatability
//
#define BACKUPKEY_RESTORE_GUID_W2K { 0x7fe94d50, 0x178e, 0x11d1, { 0xab, 0x8f, 0x00, 0x80, 0x5f, 0x14, 0xdb, 0x40 } }
#define BACKUPKEY_RESTORE_GUID { 0x47270c64, 0x2fc7, 0x499b, {0xac, 0x5b, 0x0e, 0x37, 0xcd, 0xce, 0x89, 0x9a} }
// Retrieve the public backup certificate
#define BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID { 0x018ff48a, 0xeaba, 0x40c6, { 0x8f, 0x6d, 0x72, 0x37, 0x02, 0x40, 0xe9, 0x67 } }
#define BACKUPKEY_RECOVERY_BLOB_VERSION_W2K 1 //
#define BACKUPKEY_RECOVERY_BLOB_VERSION 2 // version of recovery blob containing
// MK and LK directly.
//
// Header for the backupkey blob version
// Folowed by the master key and payload key encrypted
// by the key indicated by guidKey. The encrypted data is
// represented in a PKCS#1v2 formmated (CRYPT_OAEP) blob
// That data is followed by the encrypted payload
//
typedef struct {
DWORD dwVersion; // version of structure (BACKUPKEY_RECOVERY_BLOB_VERSION)
DWORD cbEncryptedMasterKey; // quantity of encrypted master key data following structure
DWORD cbEncryptedPayload; // quantity of encrypted payload
GUID guidKey; // guid identifying backup key used
} BACKUPKEY_RECOVERY_BLOB,
*PBACKUPKEY_RECOVERY_BLOB,
*LPBACKUPKEY_RECOVERY_BLOB;
typedef struct {
DWORD cbMasterKey;
DWORD cbPayloadKey;
} BACKUPKEY_KEY_BLOB,
*PBACKUPKEY_KEY_BLOB,
*LPBACKUPKEY_KEY_BLOB;
//
// Header for the inner blob of the master key recovery blob
// Following the header is LocalKey, then the SID, and finally
// a SHA_1 MAC of the contained data
typedef struct {
DWORD dwPayloadVersion;
DWORD cbLocalKey;
} BACKUPKEY_INNER_BLOB,
*PBACKUPKEY_INNER_BLOB,
*LPBACKUPKEY_INNER_BLOB;
#define BACKUPKEY_PAYLOAD_VERSION 1
#define MASTERKEY_BLOB_RAW_VERSION 0
#define MASTERKEY_BLOB_VERSION_W2K 1
#define MASTERKEY_BLOB_VERSION 2
#define MASTERKEY_BLOB_LOCALKEY_BACKUP 3
#define MASTERKEY_R2_LEN_W2K (16)
#define MASTERKEY_R3_LEN_W2K (16)
typedef struct {
DWORD dwVersion; // version of structure (MASTERKEY_BLOB_VERSION_W2K)
BYTE R2[MASTERKEY_R2_LEN_W2K]; // random data used during HMAC to derive symetric key
} MASTERKEY_BLOB_W2K, *PMASTERKEY_BLOB_W2K, *LPMASTERKEY_BLOB_W2K;
typedef struct {
BYTE R3[MASTERKEY_R3_LEN_W2K]; // random data used to derive MAC key
BYTE MAC[A_SHA_DIGEST_LEN]; // HMAC(R3, pbMasterKey)
} MASTERKEY_INNER_BLOB_W2K, *PMASTERKEY_INNER_BLOB_W2K, *LPMASTERKEY_INNER_BLOB_W2K;
DWORD
WINAPI
BackupKey(
IN LPCWSTR szComputerName,
IN const GUID *pguidActionAgent,
IN BYTE *pDataIn,
IN DWORD cbDataIn,
IN OUT BYTE **ppDataOut,
IN OUT DWORD *pcbDataOut,
IN DWORD dwParam
);
#endif // __KEYBACK_H__