[MS-LSAD]: Local Security Authority (Domain Policy) Remote Protocol

This topic lists Errata found in [MS-LSAD] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications. Errata are subject to the same terms as the Open Specifications documentation referenced.	RSS

To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:

October 16, 2015 - Download

June 30, 2015 - Download

July 18, 2016 - Download

June 1, 2017 - Download

March 16, 2018 - Download

April 7, 2021 - Download

Errata below are for Protocol Document Version 45.0 2021/06/25.

Errata Published*	Description
2022/09/20	In Section 2.2.1.4, AEAD-AES-256-CBC-HMAC-SHA512 Constants Description: Updated AEAD-AES-256-CBC-HMAC-SHA512 constants to ensure that the value details allow an implementation to be successfully created. Changed from: Constant Name Value versionbyte 0x01 versionbyte_length 1 SAM_AES_256_ALG "AEAD-AES-256-CBC-HMAC-SHA512" SAM_AES256_ENC_KEY_STRING "Microsoft SAM encryption key AEAD-AES-256-CBC-HMAC-SHA512 16" SAM_AES256_MAC_KEY_STRING "Microsoft SAM MAC key AEAD-AES-256-CBC-HMAC-SHA512 16" SAM_AES256_ENC_KEY_STRING_LENGTH sizeof(SAM_AES256_ENC_KEY_STRING) SAM_AES256_MAC_KEY_STRING_LENGTH sizeof(SAM_AES256_MAC_KEY_STRING) Changed to: Constant Name Meaning Versionbyte 0x01 Version identifier versionbyte_length 1 Version identifier length SAM_AES_256_ALG "AEAD-AES-256-CBC-HMAC-SHA512" A NULL terminated ANSI string SAM_AES256_ENC_KEY_STRING "Microsoft SAM encryption key AEAD-AES-256-CBC-HMAC-SHA512 16" A NULL terminated ANSI string SAM_AES256_MAC_KEY_STRING "Microsoft SAM MAC key AEAD-AES-256-CBC-HMAC-SHA512 16" A NULL terminated ANSI string SAM_AES256_ENC_KEY_STRING_LENGTH sizeof(SAM_AES256_ENC_KEY_STRING) (61) The length of SAM_AES256_ENC_KEY_STRING, including the null terminator. SAM_AES256_MAC_KEY_STRING_LENGTH sizeof(SAM_AES256_MAC_KEY_STRING) (54) The length of SAM_AES256_MAC_KEY_STRING, including the null terminator In Section 5.1.5 AES Cipher Usage Description: Clarified the usage of enc_key and mac_key when encrypting the data. Changed from: "...  Let AuthData ::= HMAC-SHA-512(mac_key, versionbyte + IV + Cipher + versionbyte_length)" Changed to: "...  Let AuthData ::= HMAC-SHA-512(mac_key, versionbyte + IV + Cipher + versionbyte_length)  Note that enc_key is truncated to 32-bytes and the entire 64-byte mac_key is used."
2022/01/11	The following sections in the table below are updated or new. Please see the PDF diff document for details. Section Description 1.3 Overview Updated 1.6 Applicability Statement Updated 2.2 Common Data Types Updated 2.2.1.4 AEAD-AES-256-CBC-HMAC-SHA512 Constants Created new section 2.2.1.5 LSA Trust Record Flags Created new section 2.2.2.6 LSAPR_REVISION_INFO_V1 Created new section 2.2.2.7 LSAPR_REVISION_INFO Created new section 2.2.7.2 TRUSTED_INFORMATION_CLASS Updated 2.2.7.3 LSAPR_TRUSTED_DOMAIN_INFO Updated 2.2.7.21 LSA_FOREST_TRUST_RECORD Updated 2.2.7.22 LSA_FOREST_TRUST_RECORD_TYPE Updated 2.2.7.30 LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL_AES Created new section 2.2.7.31 LSA_FOREST_TRUST_SCANNER_INFO Created new section 2.2.7.32 LSA_FOREST_TRUST_RECORD2 Created new section 2.2.7.33 LSA_FOREST_TRUST_INFORMATION2 Created new section 3.1.1.5 Trusted Domain Object Data Model Updated 3.1.4 Message Processing Events and Sequencing Rules Updated 3.1.4.4.9 LsarOpenPolicy3 (Opnum 130) Created new section 3.1.4.7.15 LsarQueryForestTrustInformation (Opnum 73) Updated 3.1.4.7.16 LsarSetForestTrustInformation (Opnum 74) Updated 3.1.4.7.17 LsarCreateTrustedDomainEx3 (Opnum 129) Created new section 3.1.4.7.18 LsarQueryForestTrustInformation2 (Opnum 132) Created new section 3.1.4.7.19 LsarSetForestTrustInformation2 (Opnum 133) Created new section 5.1.5 AES Cipher Usage Created new section 5.2 Index of Security Parameters Updated 6 Appendix A: Full IDL Updated