3.1.4.1.2.1 Processing a Valid ServerWrap Wrapped Secret

  • Article

In this case, the wrapped secret (supplied in the pDataIn parameter) is assumed to be formatted as specified in section 2.2.4. The server MUST proceed as follows. If, at any point in processing, the value of pDataIn is found not to conform to the format specified in section 2.2.4, the server MUST stop processing and return a non-zero error code.

  1. Let keyGuid denote the value in the GUID of Wrapping Key field in the wrapped secret, and let keyGuidString denote the GUIDString ([MS-DTYP] section 2.3.4.3) representation of keyGuid. Retrieve the value of the LSA (Domain Policy) Remote Protocol secret object named G$BCKUPKEY_keyGuidString, using the method specified in [MS-LSAD] section 3.1.4.6.6. This is the ServerWrap key that was used to wrap this secret. If this LSA (Domain Policy) Remote Protocol secret object is not found, or if its value is not in the format specified in section 2.2.7, stop processing and return a non-zero error code to the client. The error code SHOULD be equal to ERROR_FILE_NOT_FOUND (0x2). Otherwise, let SrvKey denote the full length of the key, which is 256 bytes.

  2. Compute the SHA-1 HMAC [RFC2104] of the R2 field in the wrapped secret using SrvKey (computed in step 1) as the HMAC key. Use the result as a key to decrypt the contents of the Rc4EncryptedPayload field in the wrapped secret, using the RC4 algorithm (for more information about RC4, see [SCHNEIER] section 17.1). The result will be an Rc4EncryptedPayload structure as specified in section 2.2.4.1. Let this be denoted as secretPayload.

  3. Extract the R3 field of secretPayload (computed in step 2) and compute its SHA-1 HMAC [RFC2104] using SrvKey (computed in step 1) as the HMAC key. Use the result as the HMAC key to compute the SHA-1 HMAC [RFC2104] of the SID and Secret fields in secretPayload.

  4. Compare the result of step 3 to the MAC field of secretPayload. If the two are not identical, stop processing and return a non-zero error code. The error code SHOULD be equal to ERROR_INVALID_ACCESS (0xC).

  5. Obtain the SID of the calling user, and compare it against the SID field of secretPayload. If the two are not identical, stop processing and return a non-zero error code. The error code SHOULD be equal to ERROR_INVALID_ACCESS (0xC).

  6. Return success (that is, zero) to the client, with the Secret field of secretPayload in the ppDataOut parameter, and its length in bytes in the pcbDataOut parameter.