3.1.4.1.2.2 Processing a ClientWrap Wrapped Secret
If the server chooses to process a ClientWrap wrapped secret that was passed by the client to the BACKUPKEY_RESTORE_GUID_WIN2K interface, it MUST proceed as follows:
Process the wrapped secret (supplied in the pDataIn parameter) as specified in section 3.1.4.1.4. If an error is encountered, stop processing and return a non-zero error code. Otherwise, proceed to step 2.
Compute the SHA-1 hash [FIPS180-2] of the Nonce field in the AccessCheck structure (section 2.2.2.4). Let EnvKey denote this hash value.
Using a cryptographically strong random number generator, generate a 16-byte random value. Call this value EncSalt.
Using a cryptographically strong random number generator, generate a 16-byte random value. Call this value MACSalt.
Compute the SHA1 HMAC ([RFC2104] section 2) of EncSalt (computed in step 3) with EnvKey as the HMAC key. Denote this value EncKey.
Compute the SHA1 HMAC ([RFC2104] section 2) of MACSalt (computed in step 4) with EnvKey as the HMAC key. Denote this value MACKey.
Compute the SHA1 HMAC ([RFC2104] section 2) of the unwrapped secret (obtained in step 1) with MACKey as the HMAC key.
Create a Recovered Secret structure as specified in section 2.2.6.1. Place the result of step 4 in the MACSalt field, the result of step 7 in the MAC field, and the result of step 1 in the Secret field.
Encrypt the result of step 8 with the RC4 algorithm using EncKey (computed in step 5) as the encryption key. For more information on RC4, see [SCHNEIER] section 17.1.
Create an Unwrapped Secret structure as specified in section 2.2.6. Set the first four bytes to fixed values as specified in section 2.2.6. Place the result of step 3 in the EncSalt field and the result of step 9 in the RecoveredSecret field.
Return success (that is, zero) to the client, with the result of step 10 in the ppDataOut parameter and its length in bytes in the pcbDataOut parameter.