black-box implementation of CryptProtectData/CryptUnprotectData
Kees Cook
kees at outflux.net
Mon Apr 4 11:00:17 CDT 2005
On Mon, Apr 04, 2005 at 03:01:53PM +0900, Mike McCormack wrote:
> Perhaps you could make it work "right" by using a key stored in ssh-agent?
Well, by working "right", it means that taking a cipher/entropy from
Windows and calling CryptUnprotectData on it in Wine would return the
plain text. This isn't going to be possible until we know what Windows
keys off of to tie it to a machine and user. I figure the first step is
to make the functions work within Wine, then if the encryption is ever
understood, the calls can be replaced.
> You don't need to try patch ChangeLog, because it's going to change alot
> as patches are applied. Just write the message you want to put in there.
Okay, cool.
> >+ hr = HRESULT_FROM_WIN32(RegOpenKeyExW(HKEY_CURRENT_USER,
> >wszProtectDataMap, 0, KEY_READ, &hkeyMap));
> >+ if (!SUCCEEDED(hr))
>
> Why do you convert the error code to a HRESULT here? Since you don't do
> it elsewhere in your code, why not compare the returned value to
> ERROR_SUCCESS, like you do below?
Well, mostly I was copying from other examples I found, especially the
filtergraph code in dlls/quartz. I'm happy to change that, of course.
:)
> Personally, I prefer the following, as it makes the lines shorter, makes
> it easier to add a printf("%ld\n",r); and makes the comparison more obvious.
>
> r = RegEnumKeyExW(hkeyMap, ...
> if( r != ERROR_SUCCES )
> break;
Okay, I can clean this up.
> You don't need the WINE_TRACE_ON() check, because TRACE already does
> that for the default debug channel, so the following is the same:
Actually, I did that to avoid the line prefix that "TRACE" adds. All
the stuff where I call the dbg functions directly are part of helper
functions, and seeing their names is confusing while watching a
Protect/Unprotect session.
> Sometimes you used K&R style brackets and indenting, sometimes you used
> ANSI C style. It's better to choose one or the other and stick to it.
Sorry about that. I tried to stick to what seemed to be the wine style,
with the braces on separate lines. However, that's not what I'm used
to, so a few of mine snuck in. :)
> >+ return SUCCEEDED(RegSetValueExW(hkeyOpen,wszName,0,dwType,
> >+ pData.pbData,pData.cbData));
>
> The SUCCEEDED() macro is only for HRESULT values, so the above is going
> to succeed in alot of cases where it shouldn't.
Doesn't RegSetValueExW return an HRESULT?
> In an effort to maintain portability, we don't use C99 style variable
> declarations.
Ah, dang. I tried to clean those up too when I was reading the Patch
how-to. I'll clean all this up, thanks very much!
BTW: what is your opinion on where to store the triplets in the
Registry?
--
Kees Cook @outflux.net
More information about the wine-devel
mailing list