OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/webdata/encryptor/ie7_password.h" | 5 #include "components/webdata/encryptor/ie7_password_win.h" |
6 | 6 |
7 #include <wincrypt.h> | 7 #include <wincrypt.h> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "base/sha1.h" | 12 #include "base/sha1.h" |
13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
14 #include "base/strings/stringprintf.h" | 14 #include "base/strings/stringprintf.h" |
15 | 15 |
16 namespace { | 16 namespace { |
17 | 17 |
18 // Structures that IE7/IE8 use to store a username/password. | 18 // Structures that IE7/IE8 use to store a username/password. |
19 // Some of the fields might have been incorrectly reverse engineered. | 19 // Some of the fields might have been incorrectly reverse engineered. |
20 struct PreHeader { | 20 struct PreHeader { |
21 DWORD pre_header_size; // Size of this header structure. Always 12. | 21 DWORD pre_header_size; // Size of this header structure. Always 12. |
22 DWORD header_size; // Size of the real Header: sizeof(Header) + | 22 DWORD header_size; // Size of the real Header: sizeof(Header) + |
23 // item_count * sizeof(Entry); | 23 // item_count * sizeof(Entry); |
24 DWORD data_size; // Size of the data referenced by the entries. | 24 DWORD data_size; // Size of the data referenced by the entries. |
25 }; | 25 }; |
26 | 26 |
27 struct Header { | 27 struct Header { |
28 char wick[4]; // The string "WICK". I don't know what it means. | 28 char wick[4]; // The string "WICK". I don't know what it means. |
29 DWORD fixed_header_size; // The size of this structure without the entries: | 29 DWORD fixed_header_size; // The size of this structure without the entries: |
30 // sizeof(Header). | 30 // sizeof(Header). |
31 DWORD item_count; // Number of entries. It should always be 2. One for | 31 DWORD item_count; // Number of entries. Should be even. |
32 // the username, and one for the password. | |
33 wchar_t two_letters[2]; // Two unknown bytes. | 32 wchar_t two_letters[2]; // Two unknown bytes. |
34 DWORD unknown[2]; // Two unknown DWORDs. | 33 DWORD unknown[2]; // Two unknown DWORDs. |
35 }; | 34 }; |
36 | 35 |
37 struct Entry { | 36 struct Entry { |
38 DWORD offset; // Offset where the data referenced by this entry is | 37 DWORD offset; // Offset where the data referenced by this entry is |
39 // located. | 38 // located. |
40 FILETIME time_stamp; // Timestamp when the password got added. | 39 FILETIME time_stamp; // Timestamp when the password got added. |
41 DWORD string_length; // The length of the data string. | 40 DWORD string_length; // The length of the data string. |
42 }; | 41 }; |
43 | 42 |
44 // Main data structure. | 43 // Main data structure. |
45 struct PasswordEntry { | 44 struct PasswordEntry { |
46 PreHeader pre_header; // Contains the size of the different sections. | 45 PreHeader pre_header; // Contains the size of the different sections. |
47 Header header; // Contains the number of items. | 46 Header header; // Contains the number of items. |
48 Entry entry[1]; // List of entries containing a string. The first one | 47 Entry entry[1]; // List of entries containing a string. Even-indexed |
49 // is the username, the second one if the password. | 48 // are usernames, odd are passwords. There may be |
| 49 // several sets saved for a single url hash. |
50 }; | 50 }; |
51 | |
52 } // namespace | 51 } // namespace |
53 | 52 |
54 namespace ie7_password { | 53 namespace ie7_password { |
55 | 54 |
56 bool GetUserPassFromData(const std::vector<unsigned char>& data, | 55 bool GetUserPassFromData(const std::vector<unsigned char>& data, |
57 std::wstring* username, | 56 std::vector<DecryptedCredentials>* credentials) { |
58 std::wstring* password) { | |
59 const PasswordEntry* information = | 57 const PasswordEntry* information = |
60 reinterpret_cast<const PasswordEntry*>(&data.front()); | 58 reinterpret_cast<const PasswordEntry*>(&data.front()); |
61 | 59 |
62 // Some expected values. If it's not what we expect we don't even try to | 60 // Some expected values. If it's not what we expect we don't even try to |
63 // understand the data. | 61 // understand the data. |
64 if (information->pre_header.pre_header_size != sizeof(PreHeader)) | 62 if (information->pre_header.pre_header_size != sizeof(PreHeader)) |
65 return false; | 63 return false; |
66 | 64 |
67 if (information->header.item_count != 2) // Username and Password | 65 const int entry_count = information->header.item_count; |
| 66 if (entry_count % 2) // Usernames and Passwords |
68 return false; | 67 return false; |
69 | 68 |
70 if (information->header.fixed_header_size != sizeof(Header)) | 69 if (information->header.fixed_header_size != sizeof(Header)) |
71 return false; | 70 return false; |
72 | 71 |
73 const uint8* ptr = &data.front(); | 72 const uint8* offset_to_data = &data[0] + |
74 const uint8* offset_to_data = ptr + information->pre_header.header_size + | 73 information->pre_header.header_size + |
75 information->pre_header.pre_header_size; | 74 information->pre_header.pre_header_size; |
76 | 75 |
77 const Entry* user_entry = information->entry; | 76 for (int i = 0; i < entry_count / 2; ++i) { |
78 const Entry* pass_entry = user_entry+1; | |
79 | 77 |
80 *username = reinterpret_cast<const wchar_t*>(offset_to_data + | 78 const Entry* user_entry = &information->entry[2*i]; |
81 user_entry->offset); | 79 const Entry* pass_entry = user_entry+1; |
82 *password = reinterpret_cast<const wchar_t*>(offset_to_data + | 80 |
83 pass_entry->offset); | 81 DecryptedCredentials c; |
| 82 c.username = reinterpret_cast<const wchar_t*>(offset_to_data + |
| 83 user_entry->offset); |
| 84 c.password = reinterpret_cast<const wchar_t*>(offset_to_data + |
| 85 pass_entry->offset); |
| 86 credentials->push_back(c); |
| 87 } |
84 return true; | 88 return true; |
85 } | 89 } |
86 | 90 |
87 std::wstring GetUrlHash(const std::wstring& url) { | 91 std::wstring GetUrlHash(const std::wstring& url) { |
88 std::wstring lower_case_url = StringToLowerASCII(url); | 92 std::wstring lower_case_url = StringToLowerASCII(url); |
89 // Get a data buffer out of our std::wstring to pass to SHA1HashString. | 93 // Get a data buffer out of our std::wstring to pass to SHA1HashString. |
90 std::string url_buffer( | 94 std::string url_buffer( |
91 reinterpret_cast<const char*>(lower_case_url.c_str()), | 95 reinterpret_cast<const char*>(lower_case_url.c_str()), |
92 (lower_case_url.size() + 1) * sizeof(wchar_t)); | 96 (lower_case_url.size() + 1) * sizeof(wchar_t)); |
93 std::string hash_bin = base::SHA1HashString(url_buffer); | 97 std::string hash_bin = base::SHA1HashString(url_buffer); |
94 | 98 |
95 std::wstring url_hash; | 99 std::wstring url_hash; |
96 | 100 |
97 // Transform the buffer to an hexadecimal string. | 101 // Transform the buffer to an hexadecimal string. |
98 unsigned char checksum = 0; | 102 unsigned char checksum = 0; |
99 for (size_t i = 0; i < hash_bin.size(); ++i) { | 103 for (size_t i = 0; i < hash_bin.size(); ++i) { |
100 // std::string gives signed chars, which mess with StringPrintf and | 104 // std::string gives signed chars, which mess with StringPrintf and |
101 // check_sum. | 105 // check_sum. |
102 unsigned char hash_byte = static_cast<unsigned char>(hash_bin[i]); | 106 unsigned char hash_byte = static_cast<unsigned char>(hash_bin[i]); |
103 checksum += hash_byte; | 107 checksum += hash_byte; |
104 url_hash += base::StringPrintf(L"%2.2X", static_cast<unsigned>(hash_byte)); | 108 url_hash += base::StringPrintf(L"%2.2X", static_cast<unsigned>(hash_byte)); |
105 } | 109 } |
106 url_hash += base::StringPrintf(L"%2.2X", checksum); | 110 url_hash += base::StringPrintf(L"%2.2X", checksum); |
107 | 111 |
108 return url_hash; | 112 return url_hash; |
109 } | 113 } |
110 | 114 |
111 bool DecryptPassword(const std::wstring& url, | 115 bool DecryptPasswords(const std::wstring& url, |
112 const std::vector<unsigned char>& data, | 116 const std::vector<unsigned char>& data, |
113 std::wstring* username, std::wstring* password) { | 117 std::vector<DecryptedCredentials>* credentials) { |
114 std::wstring lower_case_url = StringToLowerASCII(url); | 118 std::wstring lower_case_url = StringToLowerASCII(url); |
115 DATA_BLOB input = {0}; | 119 DATA_BLOB input = {0}; |
116 DATA_BLOB output = {0}; | 120 DATA_BLOB output = {0}; |
117 DATA_BLOB url_key = {0}; | 121 DATA_BLOB url_key = {0}; |
118 | 122 |
119 input.pbData = const_cast<unsigned char*>(&data.front()); | 123 input.pbData = const_cast<unsigned char*>(&data.front()); |
120 input.cbData = static_cast<DWORD>((data.size()) * | 124 input.cbData = static_cast<DWORD>((data.size()) * |
121 sizeof(std::string::value_type)); | 125 sizeof(std::string::value_type)); |
122 | 126 |
123 url_key.pbData = reinterpret_cast<unsigned char*>( | 127 url_key.pbData = reinterpret_cast<unsigned char*>( |
124 const_cast<wchar_t*>(lower_case_url.data())); | 128 const_cast<wchar_t*>(lower_case_url.data())); |
125 url_key.cbData = static_cast<DWORD>((lower_case_url.size() + 1) * | 129 url_key.cbData = static_cast<DWORD>((lower_case_url.size() + 1) * |
126 sizeof(std::wstring::value_type)); | 130 sizeof(std::wstring::value_type)); |
127 | 131 |
128 if (CryptUnprotectData(&input, NULL, &url_key, NULL, NULL, | 132 if (CryptUnprotectData(&input, NULL, &url_key, NULL, NULL, |
129 CRYPTPROTECT_UI_FORBIDDEN, &output)) { | 133 CRYPTPROTECT_UI_FORBIDDEN, &output)) { |
130 // Now that we have the decrypted information, we need to understand it. | 134 // Now that we have the decrypted information, we need to understand it. |
131 std::vector<unsigned char> decrypted_data; | 135 std::vector<unsigned char> decrypted_data; |
132 decrypted_data.resize(output.cbData); | 136 decrypted_data.resize(output.cbData); |
133 memcpy(&decrypted_data.front(), output.pbData, output.cbData); | 137 memcpy(&decrypted_data.front(), output.pbData, output.cbData); |
134 | 138 |
135 GetUserPassFromData(decrypted_data, username, password); | 139 GetUserPassFromData(decrypted_data, credentials); |
136 | 140 |
137 LocalFree(output.pbData); | 141 LocalFree(output.pbData); |
138 return true; | 142 return true; |
139 } | 143 } |
140 | 144 |
141 return false; | 145 return false; |
142 } | 146 } |
143 | 147 |
144 } // namespace ie7_password | 148 } // namespace ie7_password |
OLD | NEW |