packages feed

dpapi (empty) → 0.1.0.0

raw patch · 9 files changed

+1002/−0 lines, 9 filesdep +HUnitdep +Win32dep +base

Dependencies added: HUnit, Win32, base, base64, bytestring, dpapi, text, typed-process, unbuildable

Files

+ CHANGELOG.md view
@@ -0,0 +1,7 @@+# Revision history for dpapi
+
+## 0.1.0.0 -- 2025-10-02
+
+* First version. Released on an unsuspecting world.
+* Encrypting and decrypting data using DPAPI is now working.
+* Tests work by using PowerShell to verify/produce the half to verify, this could be improved
+ LICENSE view
@@ -0,0 +1,373 @@+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.
+ README.md view
@@ -0,0 +1,32 @@+# Haskell bindings for Windows DPAPI
+
+This project is to provide Haskell access to Windows's [Data Protection API](https://en.wikipedia.org/wiki/Data_Protection_API).
+
+## Usage
+
+If you have some data that needs protecting such that only your user account
+can access it, say the location of your buried treasure,
+you could protect it with the following, then save it to a file or somewhere else.
+
+```hs
+saveEncrypted :: ByteString -> FilePath -> IO ()
+saveEncrypted data filepath = cryptProtectData data Nothing CurrentUser *> writeFile filePath
+```
+
+Then you can get back easily, returning Nothing instead of catching an exception
+if you can't decrypt it.
+
+```hs
+readEncrypted :: FilePath -> IO (Maybe ByteString)
+readEncrypted filepath = do
+	data <- readFile filepath
+	cryptUnprotectDataCheck data Nothing CurrentUser
+```
+
+You may want to covert the ciphertext to base64 or some other similar encoding
+before saving it, such as when you are saving it to a text file.
+
+## Tests
+
+The tests rely on using PowerShell to protect and unprotect the data, to provide a half that works.
+However, this may trip your antimalware service when you run `cabal test`.
+ dpapi.cabal view
@@ -0,0 +1,145 @@+cabal-version:      3.0
+-- The cabal-version field refers to the version of the .cabal specification,
+-- and can be different from the cabal-install (the tool) version and the
+-- Cabal (the library) version you are using. As such, the Cabal (the library)
+-- version used must be equal or greater than the version stated in this field.
+-- Starting from the specification version 2.2, the cabal-version field must be
+-- the first thing in the cabal file.
+
+-- Initial package description 'dpapi' generated by
+-- 'cabal init'. For further documentation, see:
+--   http://haskell.org/cabal/users-guide/
+--
+-- The name of the package.
+name:               dpapi
+
+-- The package version.
+-- See the Haskell package versioning policy (PVP) for standards
+-- guiding when and how versions should be incremented.
+-- https://pvp.haskell.org
+-- PVP summary:     +-+------- breaking API changes
+--                  | | +----- non-breaking API additions
+--                  | | | +--- code changes with no API change
+version:            0.1.0.0
+
+-- A short (one-line) description of the package.
+synopsis:           Windows DPAPI bindings
+
+-- A longer description of the package.
+description:
+    Bindings for Windows DPAPI, for protecting data on one device using Windows logon or machine credentials.
+    These functions return cipertext for you to store in a file or some other place.
+    If you want the plaintext to be stored in the OS, you may be looking for the keyring package, which is also more portable.
+    This is only bindings to the two most used functions CryptProtectData and CryptUnprotectData, as
+    Microsoft no longer recommends its use in .NET (with SecureString).
+
+-- URL for the project homepage or repository.
+homepage:           https://gitlab.com/Hex052/haskell-dpapi
+
+-- The license under which the package is released.
+license:            MPL-2.0
+
+-- The file containing the license text.
+license-file:       LICENSE
+
+-- The package author(s).
+author:             Hex
+
+-- An email address to which users can send suggestions, bug reports, and patches.
+maintainer:         elijahiff@gmail.com
+
+-- A copyright notice.
+-- copyright:
+category:           System
+build-type:         Simple
+
+-- Extra doc files to be distributed with the package, such as a CHANGELOG or a README.
+extra-doc-files:    CHANGELOG.md
+                    README.md
+
+-- Extra source files to be distributed with the package, such as examples, or a tutorial module.
+-- extra-source-files:
+
+-- URL for the source repository
+source-repository head
+    type:     git
+    location: https://gitlab.com/Hex052/haskell-dpapi
+source-repository this
+    type:     git
+    location: https://gitlab.com/Hex052/haskell-dpapi
+    tag:      0.1.0.0
+
+common warnings
+    ghc-options: -Wall
+
+library
+    -- Import common warning flags.
+    import:           warnings
+
+    if !os(windows)
+        -- This package requires Windows to build
+        build-depends: unbuildable<0
+        buildable: False
+
+    -- Modules exported by the library.
+    exposed-modules:
+        System.Win32.Dpapi.Internal
+      , System.Win32.Dpapi
+
+    -- Modules included in this library but not exported.
+    -- other-modules:
+
+    -- LANGUAGE extensions used by modules in this package.
+    -- other-extensions:
+
+    -- Other library packages from which modules are imported.
+    build-depends:
+        base ^>=4.18.3.0
+      , Win32 ^>= 2.14
+      , bytestring ^>= 0.12.2
+
+    -- Directories containing source files.
+    hs-source-dirs:   src
+
+    -- Base language which the package is written in.
+    default-language: Haskell2010
+
+    extra-libraries:
+        "crypt32"
+    -- extra-lib-dirs:
+    --     C:\Windows\System32
+
+test-suite dpapi-test
+    -- Import common warning flags.
+    import:           warnings
+
+    -- Base language which the package is written in.
+    default-language: Haskell2010
+
+    -- Modules included in this executable, other than Main.
+    other-modules:
+        Test.System.Win32.Dpapi
+      , Test.System.Win32.Dpapi.Internal
+
+    -- LANGUAGE extensions used by modules in this package.
+    -- other-extensions:
+
+    -- The interface type and version of the test suite.
+    type:             exitcode-stdio-1.0
+
+    -- Directories containing source files.
+    hs-source-dirs:   test
+
+    -- The entrypoint to the test suite.
+    main-is:          Main.hs
+
+    -- Test dependencies.
+    build-depends:
+        base ^>=4.18.3.0
+      , HUnit ^>= 1.6.2
+      , typed-process ^>= 0.2.13
+      , base64 ^>= 1.0
+      , bytestring ^>= 0.12.2
+      , text ^>= 2.0.2
+      , Win32 ^>= 2.14
+      , dpapi
+ src/System/Win32/Dpapi.hs view
@@ -0,0 +1,219 @@+{-
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ -}
+{-# LANGUAGE ForeignFunctionInterface #-}
+{-# LANGUAGE ScopedTypeVariables #-}
+{-# OPTIONS_GHC -Wno-unrecognised-pragmas #-}
+-- on 64-bit Windows, stdcall is deprecated but it's still needed on 32-bit
+{-# OPTIONS_GHC -Wno-unsupported-calling-conventions #-}
+
+module System.Win32.Dpapi (cryptProtectData, cryptUnprotectData, cryptUnprotectDataCheck, DataProtectionScope (..)) where
+
+import Control.Exception (catch, finally, throwIO)
+import Data.Bits (Bits ((.|.)))
+import Data.ByteString (ByteString, packCStringLen, useAsCStringLen)
+import Foreign (Ptr, Storable (peek, poke), castPtr, nullPtr)
+import Foreign.Marshal (alloca)
+import GHC.IO.Exception (IOErrorType (InvalidArgument))
+import System.IO.Error (ioeGetErrorType)
+import System.Win32.Dpapi.Internal (DataBlob (..))
+import System.Win32.Types (BOOL, DWORD, LPCWSTR, failWith, getLastError)
+
+-- | The scope in which data should be protected.
+--
+-- When encrypting with for the current user,
+-- the resulting ciphertext is portable for the same user to decrypt on any device
+-- on the domain (at least for domain-joined devices).
+-- Obviously, local machine is not portable in that way, but is available for all
+-- users on the same device.
+data DataProtectionScope = CurrentUser | LocalMachine
+  deriving (Show, Eq)
+
+-- hlint loves to complain that I should use camelCase for these
+{-# HLINT ignore cRYPTPROTECT_UI_FORBIDDEN #-}
+{-# HLINT ignore cRYPTPROTECT_LOCAL_MACHINE #-}
+{-# HLINT ignore cRYPTPROTECT_CRED_SYNC #-}
+{-# HLINT ignore cRYPTPROTECT_AUDIT #-}
+{-# HLINT ignore cRYPTPROTECT_NO_RECOVERY #-}
+{-# HLINT ignore cRYPTPROTECT_VERIFY_PROTECTION #-}
+-- These just come from the header dpapi.h
+
+cRYPTPROTECT_UI_FORBIDDEN :: DWORD
+cRYPTPROTECT_UI_FORBIDDEN = 0x1
+
+cRYPTPROTECT_LOCAL_MACHINE :: DWORD
+cRYPTPROTECT_LOCAL_MACHINE = 0x4
+
+cRYPTPROTECT_CRED_SYNC :: DWORD
+cRYPTPROTECT_CRED_SYNC = 0x8
+
+cRYPTPROTECT_AUDIT :: DWORD
+cRYPTPROTECT_AUDIT = 0x10
+
+cRYPTPROTECT_NO_RECOVERY :: DWORD
+cRYPTPROTECT_NO_RECOVERY = 0x20
+
+cRYPTPROTECT_VERIFY_PROTECTION :: DWORD
+cRYPTPROTECT_VERIFY_PROTECTION = 0x40
+
+-- data CryptProtectPromptStruct = CryptProtectPromptStruct
+--   { cbSize :: DWORD,
+--     dwPromptFlags :: DWORD,
+--     hwndApp :: HWND,
+--     szPrompt :: LPCWSTR
+--   }
+
+{-
+    https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata
+    BOOL CryptProtectData(
+      [in]           DATA_BLOB                 *pDataIn,
+      [in, optional] LPCWSTR                   szDataDescr,
+      [in, optional] DATA_BLOB                 *pOptionalEntropy,
+      [in]           PVOID                     pvReserved,
+      [in, optional] CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct,
+      [in]           DWORD                     dwFlags,
+      [out]          DATA_BLOB                 *pDataOut
+    );
+-}
+foreign import stdcall unsafe "CryptProtectData"
+  foreign_CryptProtectData :: Ptr DataBlob -> LPCWSTR -> Ptr DataBlob -> Ptr () -> Ptr () -> DWORD -> Ptr DataBlob -> IO BOOL
+
+{-
+    BOOL CryptUnprotectData(
+      [in]            DATA_BLOB                 *pDataIn,
+      [out, optional] LPWSTR                    *ppszDataDescr,
+      [in, optional]  DATA_BLOB                 *pOptionalEntropy,
+                      PVOID                     pvReserved,
+      [in, optional]  CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct,
+      [in]            DWORD                     dwFlags,
+      [out]           DATA_BLOB                 *pDataOut
+    );
+-}
+foreign import stdcall unsafe "CryptUnprotectData"
+  foreign_CryptUnprotectData :: Ptr DataBlob -> LPCWSTR -> Ptr DataBlob -> Ptr () -> Ptr () -> DWORD -> Ptr DataBlob -> IO BOOL
+
+-- Required instead of just using `free` since that's how Windows allocates it
+foreign import stdcall unsafe "LocalFree"
+  foreign_LocalFree :: Ptr a -> IO (Ptr a)
+
+-- checkCrypt fn text null1 entropy null2 null3 flags out
+--   | flags /= 1 && flags /= 5 = do
+--       putStrLn $ "bad flags " <> show flags
+--       pure False
+--   | null1 /= nullPtr || null2 /= nullPtr || null3 /= nullPtr = do
+--       putStrLn "expected nullptr"
+--       pure False
+--   | text == nullPtr = do
+--       putStrLn "no input"
+--       pure False
+--   | out == nullPtr = do
+--       putStrLn "no output"
+--       pure False
+--   | otherwise = do
+--       textBlob@(DataBlob textBlobLen textBlobPtr) <- peek text
+--       if textBlobPtr == nullPtr
+--         then putStrLn "input nullptr in struct" *> pure False
+--         else do
+--           outBlob@(DataBlob outBlobLen outBlobPtr) <- peek out
+--           if outBlobPtr == nullPtr
+--             then putStrLn "output nullptr in struct" *> pure False
+--             else
+--               if entropy == nullPtr
+--                 then
+--                   fn text null1 entropy null2 null3 flags out
+--                 else do
+--                   entropyBlob@(DataBlob entropyBlobLen entropyBlobPtr) <- peek entropy
+--                   if entropyBlobPtr == nullPtr
+--                     then putStrLn "entropy nullptr in struct" *> pure False
+--                     else
+--                       fn text null1 entropy null2 null3 flags out
+
+-- | Protect some plaintext and return some ciphertext
+--
+-- If provided, the same source of entropy must be used for both encryption and decryption.
+-- Maybe you're prompting the user for a second password or something,
+-- but don't save the extra entropy somewhere with DPAPI, that would defeat the point.
+cryptProtectData ::
+  -- | The plaintext to be protected
+  ByteString ->
+  -- | Optionally, some bytes to be used as extra entropy
+  Maybe ByteString ->
+  -- | Whether to protect with the user's credentials or the machine credentials
+  DataProtectionScope ->
+  -- | The cipertext for you to save somewhere else
+  IO ByteString
+cryptProtectData = fromDataResult True
+
+-- | Retrieve the plaintext from some previously-encrypted ciphertext.
+--
+-- If any extra entropy was used, the same entropy must be reused during decryption.
+-- Likewise, the same scope must be used.
+cryptUnprotectData ::
+  -- | The ciphertext
+  ByteString ->
+  -- | Any entropy that was used for encryption
+  Maybe ByteString ->
+  -- | The scope this was protected using
+  DataProtectionScope ->
+  -- | The plaintext
+  IO ByteString
+cryptUnprotectData = fromDataResult False
+
+-- | A wrapper around `cryptUnprotectData` that returns Nothing if the\
+-- ciphertext cannot be decrypted. This does not trap all errors,
+-- just those resulting from invalid arguments that cannot be decrypted.
+cryptUnprotectDataCheck ::
+  -- | The ciphertext
+  ByteString ->
+  -- | Any entropy that was used for encryption
+  Maybe ByteString ->
+  -- | The scope this was protected using
+  DataProtectionScope ->
+  -- | The plaintext
+  IO (Maybe ByteString)
+cryptUnprotectDataCheck text entropy scope = catch (Just <$> fromDataResult False text entropy scope) $ \(err :: IOError) ->
+  if ioeGetErrorType err == InvalidArgument then pure Nothing else throwIO err
+
+fromDataResult :: Bool -> ByteString -> Maybe ByteString -> DataProtectionScope -> IO ByteString
+fromDataResult protect inputbytes entropybytes scope =
+  -- withBlobFromByteString text $ \t -> with t $ \textblob ->
+  --   liftMaybeContinue withBlobFromByteString entropy $ \e -> liftMaybeContinue with e $ \entropyBlob -> do
+  --     -- initialPtr <- malloc
+  --     with (DataBlob 0 nullPtr) $ \result -> do
+  useAsCStringLen inputbytes $ \(cstr, textlen) ->
+    alloca $ \inputPtr ->
+      alloca $ \resultPtr ->
+        allocaEntropy $ \entropyPtr -> do
+          poke inputPtr $ DataBlob (fromIntegral textlen) (castPtr cstr)
+          -- poke resultPtr $ DataBlob 0 nullPtr
+          -- peek resultPtr >>= \(DataBlob dataLen dataPtr) ->
+          --   putStrLn $ "staring with " <> show dataLen <> " @ " <> show dataPtr
+
+          success <- foreignFunc inputPtr nullPtr entropyPtr nullPtr nullPtr (fromScope scope) resultPtr
+          withResult success =<< peek resultPtr
+  where
+    withResult success (DataBlob dataLen dataPtr) = do
+      -- (DataBlob dataLen dataPtr) <- peek resultPtr
+      flip finally (foreign_LocalFree dataPtr) $
+        if success
+          then packCStringLen (castPtr dataPtr, fromIntegral dataLen)
+          else do
+            err <- getLastError
+            failWith (name <> ": " <> show err) err
+    allocaEntropy m =
+      case entropybytes of
+        (Just bs) -> useAsCStringLen bs $ \(cstr, textlen) -> alloca $ \entropyPtr -> do
+          poke entropyPtr $ DataBlob (fromIntegral textlen) (castPtr cstr)
+          m entropyPtr
+        Nothing -> m nullPtr
+    foreignFunc = if protect then foreign_CryptProtectData else foreign_CryptUnprotectData
+    -- liftMaybeContinue :: (t1 -> (t2 -> a) -> a) -> Maybe t1 -> (Maybe t2 -> a) -> a
+    -- liftMaybeContinue _ Nothing k = k Nothing
+    -- liftMaybeContinue f (Just a) k = f a (k . Just)
+    name = if protect then "cryptProtectData" else "cryptUnprotectData"
+    -- Never prompt the user for interaction
+    fromScope :: DataProtectionScope -> DWORD
+    fromScope LocalMachine = cRYPTPROTECT_UI_FORBIDDEN .|. cRYPTPROTECT_LOCAL_MACHINE
+    fromScope CurrentUser = cRYPTPROTECT_UI_FORBIDDEN
+ src/System/Win32/Dpapi/Internal.hs view
@@ -0,0 +1,40 @@+{-
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ -}
+
+-- | You probably do not need these, they are only exposed for the benefit of testing.
+module System.Win32.Dpapi.Internal (DataBlob (..), withBlobFromByteString, byteStringFromBlob) where
+
+import Data.ByteString
+import Foreign.Ptr (Ptr, alignPtr, castPtr, minusPtr, nullPtr, plusPtr)
+import Foreign.Storable (Storable (..))
+import System.Win32.Types (BYTE, DWORD)
+
+-- | The struct that is passed to the C functions, a length and a pointer to bytes.
+data DataBlob = DataBlob
+  { cbData :: DWORD,
+    pbData :: Ptr BYTE
+  }
+
+instance Storable DataBlob where
+  sizeOf _ = offsetOfPbData + sizeOf (undefined :: Ptr BYTE)
+  alignment _ = max (alignment (undefined :: Ptr BYTE)) (alignment (undefined :: DWORD))
+  peek ptr = do
+    size <- peekByteOff ptr 0
+    bytes <- peekByteOff ptr offsetOfPbData
+    pure $ DataBlob size bytes
+  poke ptr (DataBlob size bytes) = do
+    pokeByteOff ptr 0 size
+    pokeByteOff ptr offsetOfPbData bytes
+
+offsetOfPbData :: Int
+offsetOfPbData = (nullPtr `plusPtr` (sizeOf (undefined :: DWORD) + 1)) `alignPtr` alignment (undefined :: Ptr BYTE) `minusPtr` nullPtr
+
+withBlobFromByteString :: ByteString -> (DataBlob -> IO a) -> IO a
+withBlobFromByteString bs with =
+  useAsCStringLen bs (\(ptr, len) -> with $ DataBlob (fromIntegral len) (castPtr ptr))
+
+byteStringFromBlob :: DataBlob -> IO ByteString
+byteStringFromBlob (DataBlob len ptr) = packCStringLen (castPtr ptr, fromIntegral len)
+ test/Main.hs view
@@ -0,0 +1,13 @@+{-
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ -}
+module Main (main) where
+
+import Test.HUnit (Counts, Test (TestList), runTestTT)
+import Test.System.Win32.Dpapi (dpapiTests)
+import Test.System.Win32.Dpapi.Internal (blobTests)
+
+main :: IO Counts
+main = runTestTT $ TestList [dpapiTests, blobTests]
+ test/Test/System/Win32/Dpapi.hs view
@@ -0,0 +1,102 @@+{-
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ -}
+{-# LANGUAGE OverloadedStrings #-}
+
+module Test.System.Win32.Dpapi (dpapiTests) where
+
+import Data.Base64.Types (extractBase64)
+import Data.ByteString (toStrict)
+import Data.ByteString.Base64 (decodeBase64Untyped, encodeBase64)
+import Data.ByteString.Lazy (ByteString, dropWhileEnd)
+import Data.Char (chr, isSpace)
+import Data.Text (unpack)
+import System.Process.Typed
+  ( ExitCode (ExitSuccess),
+    nullStream,
+    proc,
+    readProcessStdout,
+    setStderr,
+  )
+import System.Win32.Dpapi
+  ( DataProtectionScope (CurrentUser, LocalMachine),
+    cryptProtectData,
+    cryptUnprotectData,
+    cryptUnprotectDataCheck,
+  )
+import Test.HUnit
+
+dpapiTests :: Test
+dpapiTests = "System.Win32.Dpapi" ~: [testProtectCurrentUser, testProtectLocalMachine, testUnprotectCurrentUser, testUnprotectLocalMachine, testUnprotectLocalMachineMaybe, testUnprotectError]
+
+testProtectCurrentUser :: Test
+testProtectCurrentUser =
+  "testProtectCurrentUser" ~: do
+    protected <- cryptProtectData "fizz" Nothing CurrentUser
+    (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Text.Encoding]::UTF8.GetString([System.Security.Cryptography.ProtectedData]::Unprotect([System.Convert]::FromBase64String(\"" <> unpack (extractBase64 $ encodeBase64 protected) <> "\"), $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser))"]
+    assertEqual "powershell exit code" ExitSuccess exitCode
+    let out' = trimEndBs out
+    out' @?= "fizz"
+
+testProtectLocalMachine :: Test
+testProtectLocalMachine =
+  "testProtectLocalMachine" ~: do
+    protected <- cryptProtectData "buzz" Nothing LocalMachine
+    (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Text.Encoding]::UTF8.GetString([System.Security.Cryptography.ProtectedData]::Unprotect([System.Convert]::FromBase64String(\"" <> unpack (extractBase64 $ encodeBase64 protected) <> "\"), $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine))"]
+    assertEqual "powershell exit code" ExitSuccess exitCode
+    let out' = trimEndBs out
+    out' @?= "buzz"
+
+testUnprotectCurrentUser :: Test
+testUnprotectCurrentUser =
+  "testUnprotectCurrentUser" ~: do
+    (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Convert]::ToBase64String([System.Security.Cryptography.ProtectedData]::Protect([System.Text.Encoding]::UTF8.GetBytes(\"foo\"), $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser))"]
+    assertEqual "powershell exit code" ExitSuccess exitCode
+    let out' = toStrict $ trimEndBs out -- Powershell outputs \r\n even when it's not wanted
+    case decodeBase64Untyped out' of
+      l@(Left _) ->
+        Right out' @?= l
+      Right bs -> do
+        result <- cryptUnprotectData bs Nothing CurrentUser
+        result @?= "foo"
+
+testUnprotectLocalMachine :: Test
+testUnprotectLocalMachine =
+  "testUnprotectLocalMachine" ~: do
+    (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Convert]::ToBase64String([System.Security.Cryptography.ProtectedData]::Protect([System.Text.Encoding]::UTF8.GetBytes(\"bar\"), $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine))"]
+    assertEqual "powershell exit code" ExitSuccess exitCode
+    let out' = toStrict $ trimEndBs out -- Powershell outputs \r\n even when it's not wanted
+    case decodeBase64Untyped out' of
+      l@(Left _) ->
+        Right out' @?= l
+      Right bs -> do
+        result <- cryptUnprotectData bs Nothing LocalMachine
+        result @?= "bar"
+
+testUnprotectLocalMachineMaybe :: Test
+testUnprotectLocalMachineMaybe =
+  "testUnprotectLocalMachine" ~: do
+    (exitCode, out) <- readProcessStdout $ setStderr nullStream $ proc "powershell" ["-c", "Add-Type -AssemblyName System.Security; [System.Convert]::ToBase64String([System.Security.Cryptography.ProtectedData]::Protect([System.Text.Encoding]::UTF8.GetBytes(\"bar\"), $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine))"]
+    assertEqual "powershell exit code" ExitSuccess exitCode
+    let out' = toStrict $ trimEndBs out -- Powershell outputs \r\n even when it's not wanted
+    case decodeBase64Untyped out' of
+      l@(Left _) ->
+        Right out' @?= l
+      Right bs -> do
+        result <- cryptUnprotectDataCheck bs Nothing LocalMachine
+        result @?= Just "bar"
+
+testUnprotectError :: Test
+testUnprotectError =
+  "testUnprotectError" ~: do
+    result <- cryptUnprotectDataCheck ciphertext Nothing CurrentUser
+    result @?= Nothing
+  where
+    ciphertext = case decodeBase64Untyped "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA8Zcdtib+QkybE9Tbcq0/EwQAAAACAAAAAAAQZgAAAAEAACAAAAB5qoj4OynizB5iEVZvAtyEZlVVn2RjP4SdHz5dOnIjYAAAAAAOgAAAAAIAACAAAAAGKRerRiwIK/xPPH8NtVhAxU9dg2qfcNsxLg+wtYml8RAAAADinEDleLmnP+qGkSpqgeZ9QAAAAAmaXs8XjSezA4qSWIFL3HD2bqd757HNPfXfuBz4eVYtfRawfRpFXFTmfIh+2nOzf1N2IYH44fBK7VrW+ITOZ74=" of
+      (Right c) -> c
+      (Left _) -> error "Programming error! Base64 text wasn't!"
+
+trimEndBs :: ByteString -> ByteString
+trimEndBs = dropWhileEnd (isSpace . chr . fromIntegral)
+ test/Test/System/Win32/Dpapi/Internal.hs view
@@ -0,0 +1,71 @@+{-
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ -}
+{-# LANGUAGE CPP #-}
+{-# LANGUAGE OverloadedStrings #-}
+
+module Test.System.Win32.Dpapi.Internal (blobTests) where
+
+import Control.Monad (when)
+import Foreign (Ptr, Storable (peek), alignPtr, alignment, alloca, castPtr, minusPtr, nullPtr, plusPtr, poke, sizeOf, with)
+import Foreign.C (CChar)
+import System.Win32.Dpapi.Internal
+import System.Win32.Types (BYTE, DWORD)
+import Test.HUnit
+
+blobTests :: Test
+blobTests = "System.Win32.Dpapi.Internal" ~: [sizeOfDataBlob, alignmentDataBlob, nullPtrForByteString, sizeofBYTECCharSame, checkBlobLayoutPoke, checkBlobLayoutPeek]
+
+#if mingw32_HOST_OS
+#if x86_64_HOST_ARCH || aarch64_HOST_ARCH
+-- 64-bit Windows
+c_SIZEOF_DataBlob :: Int
+c_SIZEOF_DataBlob = 16
+c_ALIGNMENT_DataBlob :: Int
+c_ALIGNMENT_DataBlob = 8
+#else
+-- 32-bit Windows
+c_SIZEOF_DataBlob :: Int
+c_SIZEOF_DataBlob = 8
+c_ALIGNMENT_DataBlob :: Int
+c_ALIGNMENT_DataBlob = 4
+#endif
+#else
+#endif
+sizeOfDataBlob :: Test
+sizeOfDataBlob = "sizeOfDataBlob" ~: c_SIZEOF_DataBlob ~=? sizeOf (undefined :: DataBlob)
+
+alignmentDataBlob :: Test
+alignmentDataBlob = "alignmentDataBlob" ~: c_ALIGNMENT_DataBlob ~=? alignment (undefined :: DataBlob)
+
+nullPtrForByteString :: Test
+nullPtrForByteString = "nullPtrForByteString" ~: withBlobFromByteString "" $ \(DataBlob len ptr) -> do
+  len @?= 0
+  when (ptr == nullPtr) $ assertFailure "should not have received nullPtr"
+
+sizeofBYTECCharSame :: Test
+sizeofBYTECCharSame =
+  "sizeofBYTECCharSame"
+    ~: when (sizeOf (undefined :: BYTE) /= sizeOf (undefined :: CChar))
+    $ assertFailure "BYTE and CChar are not the same size"
+
+checkBlobLayoutPoke :: Test
+checkBlobLayoutPoke = "checkBlobLayoutPoke" ~: with (DataBlob 1234 (plusPtr nullPtr 0xdeadbeef)) $ \ptr -> do
+  len <- peek $ castPtr ptr
+  (1234 :: DWORD) @=? len
+  let ptrOffset = alignPtr (plusPtr ptr 1) (alignment (undefined :: Ptr ()))
+  (ptrOffset `minusPtr` ptr) @?= c_ALIGNMENT_DataBlob
+  dat <- peek ptrOffset
+  (plusPtr nullPtr 0xdeadbeef :: Ptr ()) @=? dat
+
+checkBlobLayoutPeek :: Test
+checkBlobLayoutPeek = "checkBlobLayoutPeek" ~: alloca $ \ptr -> do
+  poke (castPtr ptr) (9876 :: DWORD)
+  let ptrOffset = alignPtr (plusPtr ptr 1) (alignment (undefined :: Ptr ()))
+  poke (castPtr ptrOffset) (nullPtr `plusPtr` 0xfeedf00d)
+
+  (DataBlob len bytes) <- peek ptr
+  9876 @=? len
+  plusPtr nullPtr 0xfeedf00d @=? bytes