black-box implementation of CryptProtectData/CryptUnprotectData

Mon Apr 4 11:00:17 CDT 2005

On Mon, Apr 04, 2005 at 03:01:53PM +0900, Mike McCormack wrote:
> Perhaps you could make it work "right" by using a key stored in ssh-agent?

Well, by working "right", it means that taking a cipher/entropy from 
Windows and calling CryptUnprotectData on it in Wine would return the 
plain text.  This isn't going to be possible until we know what Windows 
keys off of to tie it to a machine and user.  I figure the first step is 
to make the functions work within Wine, then if the encryption is ever 
understood, the calls can be replaced.

> You don't need to try patch ChangeLog, because it's going to change alot 
> as patches are applied.  Just write the message you want to put in there.

Okay, cool.

> >+    hr = HRESULT_FROM_WIN32(RegOpenKeyExW(HKEY_CURRENT_USER, 
> >wszProtectDataMap, 0, KEY_READ, &hkeyMap));
> >+    if (!SUCCEEDED(hr))
> 
> Why do you convert the error code to a HRESULT here?  Since you don't do 
> it elsewhere in your code, why not compare the returned value to 
> ERROR_SUCCESS, like you do below?

Well, mostly I was copying from other examples I found, especially the 
filtergraph code in dlls/quartz.  I'm happy to change that, of course.  
:)

> Personally, I prefer the following, as it makes the lines shorter, makes 
> it easier to add a printf("%ld\n",r); and makes the comparison more obvious.
> 
> r = RegEnumKeyExW(hkeyMap, ...
> if( r != ERROR_SUCCES )
>     break;

Okay, I can clean this up.

> You don't need the WINE_TRACE_ON() check, because TRACE already does 
> that for the default debug channel, so the following is the same:

Actually, I did that to avoid the line prefix that "TRACE" adds.  All 
the stuff where I call the dbg functions directly are part of helper 
functions, and seeing their names is confusing while watching a 
Protect/Unprotect session.

> Sometimes you used K&R style brackets and indenting, sometimes you used 
> ANSI C style.  It's better to choose one or the other and stick to it.

Sorry about that.  I tried to stick to what seemed to be the wine style, 
with the braces on separate lines.  However, that's not what I'm used 
to, so a few of mine snuck in.  :)

> >+    return SUCCEEDED(RegSetValueExW(hkeyOpen,wszName,0,dwType,
> >+                                    pData.pbData,pData.cbData));
> 
> The SUCCEEDED() macro is only for HRESULT values, so the above is going 
> to succeed in alot of cases where it shouldn't.

Doesn't RegSetValueExW return an HRESULT?

> In an effort to maintain portability, we don't use C99 style variable 
> declarations.

Ah, dang.  I tried to clean those up too when I was reading the Patch 
how-to.  I'll clean all this up, thanks very much!

BTW: what is your opinion on where to store the triplets in the 
Registry?

-- 
Kees Cook                                            @outflux.net