[MS-LSAD]: Local Security Authority (Domain Policy) Remote Protocol
In this article
This topic lists Errata found in [MS-LSAD] since it
was last published. Since this topic is updated frequently, we recommend
that you subscribe to this RSS feed to receive update notifications.
Errata are subject to the same terms as the
Open Specifications documentation referenced.
RSS
To view a PDF file of the errata for the previous versions
of this document, see the following ERRATA Archives:
October 16, 2015 - Download
June 30, 2015 - Download
July 18, 2016 - Download
June 1, 2017 - Download
March 16, 2018 - Download
April 7, 2021 - Download
Errata below are for Protocol Document Version
45.0 2021/06/25 .
Errata Published*
Description
2022/09/20
In Section 2.2.1.4, AEAD-AES-256-CBC-HMAC-SHA512 Constants
Description: Updated AEAD-AES-256-CBC-HMAC-SHA512
constants to ensure that the value details allow an implementation to be
successfully created.
Changed from:
Constant Name
Value
versionbyte
0x01
versionbyte_length
1
SAM_AES_256_ALG
"AEAD-AES-256-CBC-HMAC-SHA512"
SAM_AES256_ENC_KEY_STRING
"Microsoft SAM encryption key
AEAD-AES-256-CBC-HMAC-SHA512 16"
SAM_AES256_MAC_KEY_STRING
"Microsoft SAM MAC key
AEAD-AES-256-CBC-HMAC-SHA512 16"
SAM_AES256_ENC_KEY_STRING_LENGTH
sizeof(SAM_AES256_ENC_KEY_STRING)
SAM_AES256_MAC_KEY_STRING_LENGTH
sizeof(SAM_AES256_MAC_KEY_STRING)
Changed to:
Constant Name
Meaning
Versionbyte
0x01
Version identifier
versionbyte_length
1
Version identifier length
SAM_AES_256_ALG
"AEAD-AES-256-CBC-HMAC-SHA512"
A NULL terminated ANSI string
SAM_AES256_ENC_KEY_STRING
"Microsoft SAM encryption key
AEAD-AES-256-CBC-HMAC-SHA512 16"
A NULL terminated ANSI string
SAM_AES256_MAC_KEY_STRING
"Microsoft SAM MAC key AEAD-AES-256-CBC-HMAC-SHA512
16"
A NULL terminated ANSI string
SAM_AES256_ENC_KEY_STRING_LENGTH
sizeof(SAM_AES256_ENC_KEY_STRING)
(61)
The length of SAM_AES256_ENC_KEY_STRING, including
the null terminator.
SAM_AES256_MAC_KEY_STRING_LENGTH
sizeof(SAM_AES256_MAC_KEY_STRING)
(54)
The length of SAM_AES256_MAC_KEY_STRING, including
the null terminator
In Section 5.1.5 AES Cipher Usage
Description: Clarified the usage of enc_key and
mac_key when encrypting the data.
Changed from:
"...
Let AuthData ::= HMAC-SHA-512(mac_key, versionbyte +
IV + Cipher + versionbyte_length)"
Changed to:
"...
Let AuthData ::= HMAC-SHA-512(mac_key, versionbyte +
IV + Cipher + versionbyte_length)
Note that enc_key is truncated to 32-bytes and the
entire 64-byte mac_key is used."
2022/01/11
The following sections in the table below are updated
or new.
Please see the PDF
diff document for details.
Section
Description
1.3 Overview
Updated
1.6 Applicability Statement
Updated
2.2 Common Data Types
Updated
2.2.1.4 AEAD-AES-256-CBC-HMAC-SHA512 Constants
Created new section
2.2.1.5 LSA Trust Record Flags
Created new section
2.2.2.6 LSAPR_REVISION_INFO_V1
Created new section
2.2.2.7 LSAPR_REVISION_INFO
Created new section
2.2.7.2 TRUSTED_INFORMATION_CLASS
Updated
2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO
Updated
2.2.7.21 LSA_FOREST_TRUST_RECORD
Updated
2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE
Updated
2.2.7.30 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL_AES
Created new section
2.2.7.31 LSA_FOREST_TRUST_SCANNER_INFO
Created new section
2.2.7.32 LSA_FOREST_TRUST_RECORD2
Created new section
2.2.7.33 LSA_FOREST_TRUST_INFORMATION2
Created new section
3.1.1.5 Trusted Domain Object Data Model
Updated
3.1.4 Message Processing Events and Sequencing Rules
Updated
3.1.4.4.9 LsarOpenPolicy3 (Opnum 130)
Created new section
3.1.4.7.15 LsarQueryForestTrustInformation (Opnum
73)
Updated
3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74)
Updated
3.1.4.7.17 LsarCreateTrustedDomainEx3 (Opnum 129)
Created new section
3.1.4.7.18 LsarQueryForestTrustInformation2 (Opnum
132)
Created new section
3.1.4.7.19 LsarSetForestTrustInformation2 (Opnum
133)
Created new section
5.1.5 AES Cipher Usage
Created new section
5.2 Index of Security Parameters
Updated
6 Appendix A: Full IDL
Updated
