[cifs-protocol] [REG:115021012380664] MS-BKRP 3.1.4.1.2.2 Processing a ClientWrap Wrapped Secret

Edgar Olougouna edgaro at microsoft.com
Fri Mar 13 15:53:29 MDT 2015 

The use case is driven by the client’s application. Section “3.2.4.1 Performing Client-Side Wrapping of Secrets” provides more information. First, the client attempts to retrieve the server's ClientWrap public key, then a wrapping of the “2.2.2 Client-Side-Wrapped Secret” (the default dwVersion is 2 for the wrapping format. Version 3 is configurable in Windows 7 and onward, see WBN <19>, that's what I was alluding to by Vista+)
That would correlate with the BACKUPKEY_RESTORE_GUID_WIN2K case “3.1.4.1.2.2 Processing a ClientWrap Wrapped Secret” to restore a key wrapped in the 2.2.2 format for down-level compatibility. This has to do with legacy clients.
Also the various WBNs in Section “7 Appendix B: Product Behavior” may help link thinks together.
Here are a few references:
3.1.4.1.2   BACKUPKEY_RESTORE_GUID_WIN2K	
3.1.4.1.2.2   Processing a ClientWrap Wrapped Secret
3.2.4.1 Performing Client-Side Wrapping of Secrets
<9> Section 3.1.4.1: Windows 2000 does not support BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID. However, Windows 2000 SP3 and subsequent service packs of Windows 2000 do support BACKUPKEY_RESTORE_GUID.
<10> Section 3.1.4.1.2: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 operating system, Windows Server 2012, and Windows Server 2012 R2 detect whether the wrapped secret is in the client-wrapped format and, if it is, continue processing as in section 3.1.4.1.4.
<18> Section 3.2.4.1: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 fall back to server-side wrapping using BACKUPKEY_BACKUP_GUID when they fail to retrieve the server's public key using BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID.
In addition, as noted earlier, Windows clients always retry failing operations once. The resulting process is as follows: The client first tries the BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID operation and, if it fails, performs DC rediscovery and retries the same operation. If the retry fails, the client tries a BACKUPKEY_BACKUP_GUID operation. If this fails, the client performs DC rediscovery again and retries the BACKUPKEY_BACKUP_GUID operation. If this also fails, an error is returned to the caller.
<19> Section 3.2.4.1: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 always use version 2. Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 use version 2 by default but can be configured to use version 3 by setting the DWORD registry value "HKLM\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb\Recovery Version" to 3.

Thanks,
Edgar

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Wednesday, March 11, 2015 8:38 PM
To: Edgar Olougouna
Cc: MSSolve Case Email
Subject: Re: [REG:115021012380664] MS-BKRP 3.1.4.1.2.2 Processing a ClientWrap Wrapped Secret

On Wed, 2015-03-11 at 20:55 +0000, Edgar Olougouna wrote:
> [updated subject to facilitate tracking] Andrew, Do you find the 
> following content helpful?
> It's a legacy thing and the spec does not describe application level use cases. 
> This appears driven by the recovery version, Vista+ or prior, version is typically hard-coded based on OS SKU. 

Thanks.  This describes what I would expect about how ClientWrap works in general, but what is the purpose of the section I name above in this?

Can you be a bit more specific?

Also, we seem to have again lost cifs-protocol from the CC.  Can you please reply with cifs-protocol CC'ed?  (I need you to do it, I never reply private mails back to a list without permission). 

Thanks!

Andrew Bartlett

> Windows Data Protection
> https://msdn.microsoft.com/en-us/library/ms995355.aspx
> 
> Key Backup and Restoration in DPAPI
> 
> When a computer is a member of a domain, DPAPI has a backup mechanism 
> to allow unprotection of the data. When a MasterKey is generated, 
> DPAPI talks to a Domain Controller. Domain Controllers have a 
> domain-wide public/private key pair, associated solely with DPAPI. The 
> local DPAPI client gets the Domain Controller public key from a Domain 
> Controller by using a mutually authenticated and privacy protected RPC 
> call. The client encrypts the MasterKey with the Domain Controller 
> public key. It then stores this backup MasterKey along with the 
> MasterKey protected by the user's password.
> 
> While unprotecting data, if DPAPI cannot use the MasterKey protected 
> by the user's password, it sends the backup MasterKey to a Domain 
> Controller by using a mutually authenticated and privacy protected RPC 
> call. The Domain Controller then decrypts the MasterKey with its 
> private key and sends it back to the client by using the same 
> protected RPC call. This protected RPC call is used to ensure that no 
> one listening on the network can get the MasterKey.
>  . . .
> 
> Thanks,
> Edgar
> 
> 
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Sunday, February 15, 2015 4:46 PM
> To: Edgar Olougouna
> Cc: MSSolve Case Email
> Subject: Re: [REG:115021012380664] MS-BKRP 3.1.4.1.2.2
> 
> On Tue, 2015-02-10 at 21:42 +0000, Edgar Olougouna wrote:
> > Andrew,
> > I will research this and follow-up.
> 
> Thanks.  To be clear, this isn't the normal use of ClientWrap, but some very strange mix between ClientWrap and ServerWrap. 
> 
> > Thanks,
> > Edgar
> > 
> > -----Original Message-----
> > From: Vilmos Foltenyi
> > Sent: Tuesday, February 10, 2015 12:35 AM
> > To: abartlet at samba.org
> > Cc: MSSolve Case Email
> > Subject: [REG:115021012380664] MS-BKRP 3.1.4.1.2.2
> > 
> > [dochelp to Bcc, SR # to Subject]
> > 
> > Hi Andrew,
> > 
> > Thank you for your question. I created the case SR 115021012380664 to track this issue with the Protocol Documentation support team. An engineer from our team will contact you soon via e-mail to begin working with you.
> > 
> > Regards,
> > Vilmos Foltenyi - MSFT
> > 
> > -----Original Message-----
> > From: abartlet at samba.org [mailto:abartlet at samba.org]
> > Sent: Monday, February 9, 2015 20:38
> > Subject: MS-BKRP 3.1.4.1.2.2
> > 
> > Processing a ClientWrap Wrapped Secret
> > From: Andrew Bartlett <abartlet at samba.org>
> > To: Interoperability Documentation Help <dochelp at microsoft.com>
> > Cc: cifs-protocol at lists.samba.org
> > Date: Tue, 10 Feb 2015 17:37:34 +1300
> > Content-Type: text/plain; charset="UTF-8"
> > X-Mailer: Evolution 3.12.7-1
> > Mime-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > 
> > G'Day,
> > 
> > Can I please get some clarification as to what "MS-BKRP 3.1.4.1.2.2 Processing a ClientWrap Wrapped Secret" is actually for?  What is the use case, and does any known client trigger this code path?
> > 
> > It seems very, very strange. 
> > 
> > Andrew Bartlett
> > --
> > Andrew Bartlett
> > http://samba.org/~abartlet/
> > Authentication Developer, Samba Team  http://samba.org
> > Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
> > 
> > 
> > 
> > 
> 
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
> 
> 
> 
> 
> 

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list