dpapi (empty) → 0.1.0.0
raw patch · 9 files changed
+1002/−0 lines, 9 filesdep +HUnitdep +Win32dep +base
Dependencies added: HUnit, Win32, base, base64, bytestring, dpapi, text, typed-process, unbuildable
Files
- CHANGELOG.md +7/−0
- LICENSE +373/−0
- README.md +32/−0
- dpapi.cabal +145/−0
- src/System/Win32/Dpapi.hs +219/−0
- src/System/Win32/Dpapi/Internal.hs +40/−0
- test/Main.hs +13/−0
- test/Test/System/Win32/Dpapi.hs +102/−0
- test/Test/System/Win32/Dpapi/Internal.hs +71/−0
+ CHANGELOG.md view
@@ -0,0 +1,7 @@+# Revision history for dpapi + +## 0.1.0.0 -- 2025-10-02 + +* First version. Released on an unsuspecting world. +* Encrypting and decrypting data using DPAPI is now working. +* Tests work by using PowerShell to verify/produce the half to verify, this could be improved
+ LICENSE view
@@ -0,0 +1,373 @@+Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0.
+ README.md view
@@ -0,0 +1,32 @@+# Haskell bindings for Windows DPAPI + +This project is to provide Haskell access to Windows's [Data Protection API](https://en.wikipedia.org/wiki/Data_Protection_API). + +## Usage + +If you have some data that needs protecting such that only your user account +can access it, say the location of your buried treasure, +you could protect it with the following, then save it to a file or somewhere else. + +```hs +saveEncrypted :: ByteString -> FilePath -> IO () +saveEncrypted data filepath = cryptProtectData data Nothing CurrentUser *> writeFile filePath +``` + +Then you can get back easily, returning Nothing instead of catching an exception +if you can't decrypt it. + +```hs +readEncrypted :: FilePath -> IO (Maybe ByteString) +readEncrypted filepath = do + data <- readFile filepath + cryptUnprotectDataCheck data Nothing CurrentUser +``` + +You may want to covert the ciphertext to base64 or some other similar encoding +before saving it, such as when you are saving it to a text file. + +## Tests + +The tests rely on using PowerShell to protect and unprotect the data, to provide a half that works. +However, this may trip your antimalware service when you run `cabal test`.
+ dpapi.cabal view
@@ -0,0 +1,145 @@+cabal-version: 3.0 +-- The cabal-version field refers to the version of the .cabal specification, +-- and can be different from the cabal-install (the tool) version and the +-- Cabal (the library) version you are using. As such, the Cabal (the library) +-- version used must be equal or greater than the version stated in this field. +-- Starting from the specification version 2.2, the cabal-version field must be +-- the first thing in the cabal file. + +-- Initial package description 'dpapi' generated by +-- 'cabal init'. For further documentation, see: +-- http://haskell.org/cabal/users-guide/ +-- +-- The name of the package. +name: dpapi + +-- The package version. +-- See the Haskell package versioning policy (PVP) for standards +-- guiding when and how versions should be incremented. +-- https://pvp.haskell.org +-- PVP summary: +-+------- breaking API changes +-- | | +----- non-breaking API additions +-- | | | +--- code changes with no API change +version: 0.1.0.0 + +-- A short (one-line) description of the package. +synopsis: Windows DPAPI bindings + +-- A longer description of the package. +description: + Bindings for Windows DPAPI, for protecting data on one device using Windows logon or machine credentials. + These functions return cipertext for you to store in a file or some other place. + If you want the plaintext to be stored in the OS, you may be looking for the keyring package, which is also more portable. + This is only bindings to the two most used functions CryptProtectData and CryptUnprotectData, as + Microsoft no longer recommends its use in .NET (with SecureString). + +-- URL for the project homepage or repository. +homepage: https://gitlab.com/Hex052/haskell-dpapi + +-- The license under which the package is released. +license: MPL-2.0 + +-- The file containing the license text. +license-file: LICENSE + +-- The package author(s). +author: Hex + +-- An email address to which users can send suggestions, bug reports, and patches. +maintainer: elijahiff@gmail.com + +-- A copyright notice. +-- copyright: +category: System +build-type: Simple + +-- Extra doc files to be distributed with the package, such as a CHANGELOG or a README. +extra-doc-files: CHANGELOG.md + README.md + +-- Extra source files to be distributed with the package, such as examples, or a tutorial module. +-- extra-source-files: + +-- URL for the source repository +source-repository head + type: git + location: https://gitlab.com/Hex052/haskell-dpapi +source-repository this + type: git + location: https://gitlab.com/Hex052/haskell-dpapi + tag: 0.1.0.0 + +common warnings + ghc-options: -Wall + +library + -- Import common warning flags. + import: warnings + + if !os(windows) + -- This package requires Windows to build + build-depends: unbuildable<0 + buildable: False + + -- Modules exported by the library. + exposed-modules: + System.Win32.Dpapi.Internal + , System.Win32.Dpapi + + -- Modules included in this library but not exported. + -- other-modules: + + -- LANGUAGE extensions used by modules in this package. + -- other-extensions: + + -- Other library packages from which modules are imported. + build-depends: + base ^>=4.18.3.0 + , Win32 ^>= 2.14 + , bytestring ^>= 0.12.2 + + -- Directories containing source files. + hs-source-dirs: src + + -- Base language which the package is written in. + default-language: Haskell2010 + + extra-libraries: + "crypt32" + -- extra-lib-dirs: + -- C:\Windows\System32 + +test-suite dpapi-test + -- Import common warning flags. + import: warnings + + -- Base language which the package is written in. + default-language: Haskell2010 + + -- Modules included in this executable, other than Main. + other-modules: + Test.System.Win32.Dpapi + , Test.System.Win32.Dpapi.Internal + + -- LANGUAGE extensions used by modules in this package. + -- other-extensions: + + -- The interface type and version of the test suite. + type: exitcode-stdio-1.0 + + -- Directories containing source files. + hs-source-dirs: test + + -- The entrypoint to the test suite. + main-is: Main.hs + + -- Test dependencies. + build-depends: + base ^>=4.18.3.0 + , HUnit ^>= 1.6.2 + , typed-process ^>= 0.2.13 + , base64 ^>= 1.0 + , bytestring ^>= 0.12.2 + , text ^>= 2.0.2 + , Win32 ^>= 2.14 + , dpapi
+ src/System/Win32/Dpapi.hs view
@@ -0,0 +1,219 @@+{- + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at https://mozilla.org/MPL/2.0/. + -} +{-# LANGUAGE ForeignFunctionInterface #-} +{-# LANGUAGE ScopedTypeVariables #-} +{-# OPTIONS_GHC -Wno-unrecognised-pragmas #-} +-- on 64-bit Windows, stdcall is deprecated but it's still needed on 32-bit +{-# OPTIONS_GHC -Wno-unsupported-calling-conventions #-} + +module System.Win32.Dpapi (cryptProtectData, cryptUnprotectData, cryptUnprotectDataCheck, DataProtectionScope (..)) where + +import Control.Exception (catch, finally, throwIO) +import Data.Bits (Bits ((.|.))) +import Data.ByteString (ByteString, packCStringLen, useAsCStringLen) +import Foreign (Ptr, Storable (peek, poke), castPtr, nullPtr) +import Foreign.Marshal (alloca) +import GHC.IO.Exception (IOErrorType (InvalidArgument)) +import System.IO.Error (ioeGetErrorType) +import System.Win32.Dpapi.Internal (DataBlob (..)) +import System.Win32.Types (BOOL, DWORD, LPCWSTR, failWith, getLastError) + +-- | The scope in which data should be protected. +-- +-- When encrypting with for the current user, +-- the resulting ciphertext is portable for the same user to decrypt on any device +-- on the domain (at least for domain-joined devices). +-- Obviously, local machine is not portable in that way, but is available for all +-- users on the same device. +data DataProtectionScope = CurrentUser | LocalMachine + deriving (Show, Eq) + +-- hlint loves to complain that I should use camelCase for these +{-# HLINT ignore cRYPTPROTECT_UI_FORBIDDEN #-} +{-# HLINT ignore cRYPTPROTECT_LOCAL_MACHINE #-} +{-# HLINT ignore cRYPTPROTECT_CRED_SYNC #-} +{-# HLINT ignore cRYPTPROTECT_AUDIT #-} +{-# HLINT ignore cRYPTPROTECT_NO_RECOVERY #-} +{-# HLINT ignore cRYPTPROTECT_VERIFY_PROTECTION #-} +-- These just come from the header dpapi.h + +cRYPTPROTECT_UI_FORBIDDEN :: DWORD +cRYPTPROTECT_UI_FORBIDDEN = 0x1 + +cRYPTPROTECT_LOCAL_MACHINE :: DWORD +cRYPTPROTECT_LOCAL_MACHINE = 0x4 + +cRYPTPROTECT_CRED_SYNC :: DWORD +cRYPTPROTECT_CRED_SYNC = 0x8 + +cRYPTPROTECT_AUDIT :: DWORD +cRYPTPROTECT_AUDIT = 0x10 + +cRYPTPROTECT_NO_RECOVERY :: DWORD +cRYPTPROTECT_NO_RECOVERY = 0x20 + +cRYPTPROTECT_VERIFY_PROTECTION :: DWORD +cRYPTPROTECT_VERIFY_PROTECTION = 0x40 + +-- data CryptProtectPromptStruct = CryptProtectPromptStruct +-- { cbSize :: DWORD, +-- dwPromptFlags :: DWORD, +-- hwndApp :: HWND, +-- szPrompt :: LPCWSTR +-- } + +{- + https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata + BOOL CryptProtectData( + [in] DATA_BLOB *pDataIn, + [in, optional] LPCWSTR szDataDescr, + [in, optional] DATA_BLOB *pOptionalEntropy, + [in] PVOID pvReserved, + [in, optional] CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct, + [in] DWORD dwFlags, + [out] DATA_BLOB *pDataOut + ); +-} +foreign import stdcall unsafe "CryptProtectData" + foreign_CryptProtectData :: Ptr DataBlob -> LPCWSTR -> Ptr DataBlob -> Ptr () -> Ptr () -> DWORD -> Ptr DataBlob -> IO BOOL + +{- + BOOL CryptUnprotectData( + [in] DATA_BLOB *pDataIn, + [out, optional] LPWSTR *ppszDataDescr, + [in, optional] DATA_BLOB *pOptionalEntropy, + PVOID pvReserved, + [in, optional] CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct, + [in] DWORD dwFlags, + [out] DATA_BLOB *pDataOut + ); +-} +foreign import stdcall unsafe "CryptUnprotectData" + foreign_CryptUnprotectData :: Ptr DataBlob -> LPCWSTR -> Ptr DataBlob -> Ptr () -> Ptr () -> DWORD -> Ptr DataBlob -> IO BOOL + +-- Required instead of just using `free` since that's how Windows allocates it +foreign import stdcall unsafe "LocalFree" + foreign_LocalFree :: Ptr a -> IO (Ptr a) + +-- checkCrypt fn text null1 entropy null2 null3 flags out +-- | flags /= 1 && flags /= 5 = do +-- putStrLn $ "bad flags " <> show flags +-- pure False +-- | null1 /= nullPtr || null2 /= nullPtr || null3 /= nullPtr = do +-- putStrLn "expected nullptr" +-- pure False +-- | text == nullPtr = do +-- putStrLn "no input" +-- pure False +-- | out == nullPtr = do +-- putStrLn "no output" +-- pure False +-- | otherwise = do +-- textBlob@(DataBlob textBlobLen textBlobPtr) <- peek text +-- if textBlobPtr == nullPtr +-- then putStrLn "input nullptr in struct" *> pure False +-- else do +-- outBlob@(DataBlob outBlobLen outBlobPtr) <- peek out +-- if outBlobPtr == nullPtr +-- then putStrLn "output nullptr in struct" *> pure False +-- else +-- if entropy == nullPtr +-- then +-- fn text null1 entropy null2 null3 flags out +-- else do +-- entropyBlob@(DataBlob entropyBlobLen entropyBlobPtr) <- peek entropy +-- if entropyBlobPtr == nullPtr +-- then putStrLn "entropy nullptr in struct" *> pure False +-- else +-- fn text null1 entropy null2 null3 flags out + +-- | Protect some plaintext and return some ciphertext +-- +-- If provided, the same source of entropy must be used for both encryption and decryption. +-- Maybe you're prompting the user for a second password or something, +-- but don't save the extra entropy somewhere with DPAPI, that would defeat the point. +cryptProtectData :: + -- | The plaintext to be protected + ByteString -> + -- | Optionally, some bytes to be used as extra entropy + Maybe ByteString -> + -- | Whether to protect with the user's credentials or the machine credentials + DataProtectionScope -> + -- | The cipertext for you to save somewhere else + IO ByteString +cryptProtectData = fromDataResult True + +-- | Retrieve the plaintext from some previously-encrypted ciphertext. +-- +-- If any extra entropy was used, the same entropy must be reused during decryption. +-- Likewise, the same scope must be used. +cryptUnprotectData :: + -- | The ciphertext + ByteString -> + -- | Any entropy that was used for encryption + Maybe ByteString -> + -- | The scope this was protected using + DataProtectionScope -> + -- | The plaintext + IO ByteString +cryptUnprotectData = fromDataResult False + +-- | A wrapper around `cryptUnprotectData` that returns Nothing if the\ +-- ciphertext cannot be decrypted. This does not trap all errors, +-- just those resulting from invalid arguments that cannot be decrypted. +cryptUnprotectDataCheck :: + -- | The ciphertext + ByteString -> + -- | Any entropy that was used for encryption + Maybe ByteString -> + -- | The scope this was protected using + DataProtectionScope -> + -- | The plaintext + IO (Maybe ByteString) +cryptUnprotectDataCheck text entropy scope = catch (Just <$> fromDataResult False text entropy scope) $ \(err :: IOError) -> + if ioeGetErrorType err == InvalidArgument then pure Nothing else throwIO err + +fromDataResult :: Bool -> ByteString -> Maybe ByteString -> DataProtectionScope -> IO ByteString +fromDataResult protect inputbytes entropybytes scope = + -- withBlobFromByteString text $ \t -> with t $ \textblob -> + -- liftMaybeContinue withBlobFromByteString entropy $ \e -> liftMaybeContinue with e $ \entropyBlob -> do + -- -- initialPtr <- malloc + -- with (DataBlob 0 nullPtr) $ \result -> do + useAsCStringLen inputbytes $ \(cstr, textlen) -> + alloca $ \inputPtr -> + alloca $ \resultPtr -> + allocaEntropy $ \entropyPtr -> do + poke inputPtr $ DataBlob (fromIntegral textlen) (castPtr cstr) + -- poke resultPtr $ DataBlob 0 nullPtr + -- peek resultPtr >>= \(DataBlob dataLen dataPtr) -> + -- putStrLn $ "staring with " <> show dataLen <> " @ " <> show dataPtr + + success <- foreignFunc inputPtr nullPtr entropyPtr nullPtr nullPtr (fromScope scope) resultPtr + withResult success =<< peek resultPtr + where + withResult success (DataBlob dataLen dataPtr) = do + -- (DataBlob dataLen dataPtr) <- peek resultPtr + flip finally (foreign_LocalFree dataPtr) $ + if success + then packCStringLen (castPtr dataPtr, fromIntegral dataLen) + else do + err <- getLastError + failWith (name <> ": " <> show err) err + allocaEntropy m = + case entropybytes of + (Just bs) -> useAsCStringLen bs $ \(cstr, textlen) -> alloca $ \entropyPtr -> do + poke entropyPtr $ DataBlob (fromIntegral textlen) (castPtr cstr) + m entropyPtr + Nothing -> m nullPtr + foreignFunc = if protect then foreign_CryptProtectData else foreign_CryptUnprotectData + -- liftMaybeContinue :: (t1 -> (t2 -> a) -> a) -> Maybe t1 -> (Maybe t2 -> a) -> a + -- liftMaybeContinue _ Nothing k = k Nothing + -- liftMaybeContinue f (Just a) k = f a (k . Just) + name = if protect then "cryptProtectData" else "cryptUnprotectData" + -- Never prompt the user for interaction + fromScope :: DataProtectionScope -> DWORD + fromScope LocalMachine = cRYPTPROTECT_UI_FORBIDDEN .|. cRYPTPROTECT_LOCAL_MACHINE + fromScope CurrentUser = cRYPTPROTECT_UI_FORBIDDEN
+ src/System/Win32/Dpapi/Internal.hs view
@@ -0,0 +1,40 @@+{- + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at https://mozilla.org/MPL/2.0/. + -} + +-- | You probably do not need these, they are only exposed for the benefit of testing. +module System.Win32.Dpapi.Internal (DataBlob (..), withBlobFromByteString, byteStringFromBlob) where + +import Data.ByteString +import Foreign.Ptr (Ptr, alignPtr, castPtr, minusPtr, nullPtr, plusPtr) +import Foreign.Storable (Storable (..)) +import System.Win32.Types (BYTE, DWORD) + +-- | The struct that is passed to the C functions, a length and a pointer to bytes. +data DataBlob = DataBlob + { cbData :: DWORD, + pbData :: Ptr BYTE + } + +instance Storable DataBlob where + sizeOf _ = offsetOfPbData + sizeOf (undefined :: Ptr BYTE) + alignment _ = max (alignment (undefined :: Ptr BYTE)) (alignment (undefined :: DWORD)) + peek ptr = do + size <- peekByteOff ptr 0 + bytes <- peekByteOff ptr offsetOfPbData + pure $ DataBlob size bytes + poke ptr (DataBlob size bytes) = do + pokeByteOff ptr 0 size + pokeByteOff ptr offsetOfPbData bytes + +offsetOfPbData :: Int +offsetOfPbData = (nullPtr `plusPtr` (sizeOf (undefined :: DWORD) + 1)) `alignPtr` alignment (undefined :: Ptr BYTE) `minusPtr` nullPtr + +withBlobFromByteString :: ByteString -> (DataBlob -> IO a) -> IO a +withBlobFromByteString bs with = + useAsCStringLen bs (\(ptr, len) -> with $ DataBlob (fromIntegral len) (castPtr ptr)) + +byteStringFromBlob :: DataBlob -> IO ByteString +byteStringFromBlob (DataBlob len ptr) = packCStringLen (castPtr ptr, fromIntegral len)
+ test/Main.hs view
@@ -0,0 +1,13 @@+{- + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at https://mozilla.org/MPL/2.0/. + -} +module Main (main) where + +import Test.HUnit (Counts, Test (TestList), runTestTT) +import Test.System.Win32.Dpapi (dpapiTests) +import Test.System.Win32.Dpapi.Internal (blobTests) + +main :: IO Counts +main = runTestTT $ TestList [dpapiTests, blobTests]
+ test/Test/System/Win32/Dpapi.hs view
@@ -0,0 +1,102 @@+{- + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at https://mozilla.org/MPL/2.0/. + -} +{-# LANGUAGE OverloadedStrings #-} + +module Test.System.Win32.Dpapi (dpapiTests) where + +import Data.Base64.Types (extractBase64) +import Data.ByteString (toStrict) +import Data.ByteString.Base64 (decodeBase64Untyped, encodeBase64) +import Data.ByteString.Lazy (ByteString, dropWhileEnd) +import Data.Char (chr, isSpace) +import Data.Text (unpack) +import System.Process.Typed + ( ExitCode (ExitSuccess), + nullStream, + proc, + readProcessStdout, + setStderr, + ) +import System.Win32.Dpapi + ( DataProtectionScope (CurrentUser, LocalMachine), + cryptProtectData, + cryptUnprotectData, + cryptUnprotectDataCheck, + ) +import Test.HUnit + +dpapiTests :: Test +dpapiTests = "System.Win32.Dpapi" ~: [testProtectCurrentUser, testProtectLocalMachine, testUnprotectCurrentUser, testUnprotectLocalMachine, testUnprotectLocalMachineMaybe, testUnprotectError] + +testProtectCurrentUser :: Test +testProtectCurrentUser = + "testProtectCurrentUser" ~: do + protected <- cryptProtectData "fizz" Nothing CurrentUser + (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Text.Encoding]::UTF8.GetString([System.Security.Cryptography.ProtectedData]::Unprotect([System.Convert]::FromBase64String(\"" <> unpack (extractBase64 $ encodeBase64 protected) <> "\"), $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser))"] + assertEqual "powershell exit code" ExitSuccess exitCode + let out' = trimEndBs out + out' @?= "fizz" + +testProtectLocalMachine :: Test +testProtectLocalMachine = + "testProtectLocalMachine" ~: do + protected <- cryptProtectData "buzz" Nothing LocalMachine + (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Text.Encoding]::UTF8.GetString([System.Security.Cryptography.ProtectedData]::Unprotect([System.Convert]::FromBase64String(\"" <> unpack (extractBase64 $ encodeBase64 protected) <> "\"), $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine))"] + assertEqual "powershell exit code" ExitSuccess exitCode + let out' = trimEndBs out + out' @?= "buzz" + +testUnprotectCurrentUser :: Test +testUnprotectCurrentUser = + "testUnprotectCurrentUser" ~: do + (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Convert]::ToBase64String([System.Security.Cryptography.ProtectedData]::Protect([System.Text.Encoding]::UTF8.GetBytes(\"foo\"), $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser))"] + assertEqual "powershell exit code" ExitSuccess exitCode + let out' = toStrict $ trimEndBs out -- Powershell outputs \r\n even when it's not wanted + case decodeBase64Untyped out' of + l@(Left _) -> + Right out' @?= l + Right bs -> do + result <- cryptUnprotectData bs Nothing CurrentUser + result @?= "foo" + +testUnprotectLocalMachine :: Test +testUnprotectLocalMachine = + "testUnprotectLocalMachine" ~: do + (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Convert]::ToBase64String([System.Security.Cryptography.ProtectedData]::Protect([System.Text.Encoding]::UTF8.GetBytes(\"bar\"), $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine))"] + assertEqual "powershell exit code" ExitSuccess exitCode + let out' = toStrict $ trimEndBs out -- Powershell outputs \r\n even when it's not wanted + case decodeBase64Untyped out' of + l@(Left _) -> + Right out' @?= l + Right bs -> do + result <- cryptUnprotectData bs Nothing LocalMachine + result @?= "bar" + +testUnprotectLocalMachineMaybe :: Test +testUnprotectLocalMachineMaybe = + "testUnprotectLocalMachine" ~: do + (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Convert]::ToBase64String([System.Security.Cryptography.ProtectedData]::Protect([System.Text.Encoding]::UTF8.GetBytes(\"bar\"), $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine))"] + assertEqual "powershell exit code" ExitSuccess exitCode + let out' = toStrict $ trimEndBs out -- Powershell outputs \r\n even when it's not wanted + case decodeBase64Untyped out' of + l@(Left _) -> + Right out' @?= l + Right bs -> do + result <- cryptUnprotectDataCheck bs Nothing LocalMachine + result @?= Just "bar" + +testUnprotectError :: Test +testUnprotectError = + "testUnprotectError" ~: do + result <- cryptUnprotectDataCheck ciphertext Nothing CurrentUser + result @?= Nothing + where + ciphertext = case decodeBase64Untyped "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA8Zcdtib+QkybE9Tbcq0/EwQAAAACAAAAAAAQZgAAAAEAACAAAAB5qoj4OynizB5iEVZvAtyEZlVVn2RjP4SdHz5dOnIjYAAAAAAOgAAAAAIAACAAAAAGKRerRiwIK/xPPH8NtVhAxU9dg2qfcNsxLg+wtYml8RAAAADinEDleLmnP+qGkSpqgeZ9QAAAAAmaXs8XjSezA4qSWIFL3HD2bqd757HNPfXfuBz4eVYtfRawfRpFXFTmfIh+2nOzf1N2IYH44fBK7VrW+ITOZ74=" of + (Right c) -> c + (Left _) -> error "Programming error! Base64 text wasn't!" + +trimEndBs :: ByteString -> ByteString +trimEndBs = dropWhileEnd (isSpace . chr . fromIntegral)
+ test/Test/System/Win32/Dpapi/Internal.hs view
@@ -0,0 +1,71 @@+{- + - This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at https://mozilla.org/MPL/2.0/. + -} +{-# LANGUAGE CPP #-} +{-# LANGUAGE OverloadedStrings #-} + +module Test.System.Win32.Dpapi.Internal (blobTests) where + +import Control.Monad (when) +import Foreign (Ptr, Storable (peek), alignPtr, alignment, alloca, castPtr, minusPtr, nullPtr, plusPtr, poke, sizeOf, with) +import Foreign.C (CChar) +import System.Win32.Dpapi.Internal +import System.Win32.Types (BYTE, DWORD) +import Test.HUnit + +blobTests :: Test +blobTests = "System.Win32.Dpapi.Internal" ~: [sizeOfDataBlob, alignmentDataBlob, nullPtrForByteString, sizeofBYTECCharSame, checkBlobLayoutPoke, checkBlobLayoutPeek] + +#if mingw32_HOST_OS +#if x86_64_HOST_ARCH || aarch64_HOST_ARCH +-- 64-bit Windows +c_SIZEOF_DataBlob :: Int +c_SIZEOF_DataBlob = 16 +c_ALIGNMENT_DataBlob :: Int +c_ALIGNMENT_DataBlob = 8 +#else +-- 32-bit Windows +c_SIZEOF_DataBlob :: Int +c_SIZEOF_DataBlob = 8 +c_ALIGNMENT_DataBlob :: Int +c_ALIGNMENT_DataBlob = 4 +#endif +#else +#endif +sizeOfDataBlob :: Test +sizeOfDataBlob = "sizeOfDataBlob" ~: c_SIZEOF_DataBlob ~=? sizeOf (undefined :: DataBlob) + +alignmentDataBlob :: Test +alignmentDataBlob = "alignmentDataBlob" ~: c_ALIGNMENT_DataBlob ~=? alignment (undefined :: DataBlob) + +nullPtrForByteString :: Test +nullPtrForByteString = "nullPtrForByteString" ~: withBlobFromByteString "" $ \(DataBlob len ptr) -> do + len @?= 0 + when (ptr == nullPtr) $ assertFailure "should not have received nullPtr" + +sizeofBYTECCharSame :: Test +sizeofBYTECCharSame = + "sizeofBYTECCharSame" + ~: when (sizeOf (undefined :: BYTE) /= sizeOf (undefined :: CChar)) + $ assertFailure "BYTE and CChar are not the same size" + +checkBlobLayoutPoke :: Test +checkBlobLayoutPoke = "checkBlobLayoutPoke" ~: with (DataBlob 1234 (plusPtr nullPtr 0xdeadbeef)) $ \ptr -> do + len <- peek $ castPtr ptr + (1234 :: DWORD) @=? len + let ptrOffset = alignPtr (plusPtr ptr 1) (alignment (undefined :: Ptr ())) + (ptrOffset `minusPtr` ptr) @?= c_ALIGNMENT_DataBlob + dat <- peek ptrOffset + (plusPtr nullPtr 0xdeadbeef :: Ptr ()) @=? dat + +checkBlobLayoutPeek :: Test +checkBlobLayoutPeek = "checkBlobLayoutPeek" ~: alloca $ \ptr -> do + poke (castPtr ptr) (9876 :: DWORD) + let ptrOffset = alignPtr (plusPtr ptr 1) (alignment (undefined :: Ptr ())) + poke (castPtr ptrOffset) (nullPtr `plusPtr` 0xfeedf00d) + + (DataBlob len bytes) <- peek ptr + 9876 @=? len + plusPtr nullPtr 0xfeedf00d @=? bytes