Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(91)

Unified Diff: components/webdata/encryptor/ie7_password.cc

Issue 26465006: Fix IE password import (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Renaming ie7_password to ie7_password_win Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/webdata/encryptor/ie7_password.cc
diff --git a/components/webdata/encryptor/ie7_password.cc b/components/webdata/encryptor/ie7_password.cc
deleted file mode 100644
index e7db3ab3be0268842fc8415417668b81b4524a7b..0000000000000000000000000000000000000000
--- a/components/webdata/encryptor/ie7_password.cc
+++ /dev/null
@@ -1,144 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/webdata/encryptor/ie7_password.h"
-
-#include <wincrypt.h>
-#include <string>
-#include <vector>
-
-#include "base/memory/scoped_ptr.h"
-#include "base/sha1.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-
-namespace {
-
-// Structures that IE7/IE8 use to store a username/password.
-// Some of the fields might have been incorrectly reverse engineered.
-struct PreHeader {
- DWORD pre_header_size; // Size of this header structure. Always 12.
- DWORD header_size; // Size of the real Header: sizeof(Header) +
- // item_count * sizeof(Entry);
- DWORD data_size; // Size of the data referenced by the entries.
-};
-
-struct Header {
- char wick[4]; // The string "WICK". I don't know what it means.
- DWORD fixed_header_size; // The size of this structure without the entries:
- // sizeof(Header).
- DWORD item_count; // Number of entries. It should always be 2. One for
- // the username, and one for the password.
- wchar_t two_letters[2]; // Two unknown bytes.
- DWORD unknown[2]; // Two unknown DWORDs.
-};
-
-struct Entry {
- DWORD offset; // Offset where the data referenced by this entry is
- // located.
- FILETIME time_stamp; // Timestamp when the password got added.
- DWORD string_length; // The length of the data string.
-};
-
-// Main data structure.
-struct PasswordEntry {
- PreHeader pre_header; // Contains the size of the different sections.
- Header header; // Contains the number of items.
- Entry entry[1]; // List of entries containing a string. The first one
- // is the username, the second one if the password.
-};
-
-} // namespace
-
-namespace ie7_password {
-
-bool GetUserPassFromData(const std::vector<unsigned char>& data,
- std::wstring* username,
- std::wstring* password) {
- const PasswordEntry* information =
- reinterpret_cast<const PasswordEntry*>(&data.front());
-
- // Some expected values. If it's not what we expect we don't even try to
- // understand the data.
- if (information->pre_header.pre_header_size != sizeof(PreHeader))
- return false;
-
- if (information->header.item_count != 2) // Username and Password
- return false;
-
- if (information->header.fixed_header_size != sizeof(Header))
- return false;
-
- const uint8* ptr = &data.front();
- const uint8* offset_to_data = ptr + information->pre_header.header_size +
- information->pre_header.pre_header_size;
-
- const Entry* user_entry = information->entry;
- const Entry* pass_entry = user_entry+1;
-
- *username = reinterpret_cast<const wchar_t*>(offset_to_data +
- user_entry->offset);
- *password = reinterpret_cast<const wchar_t*>(offset_to_data +
- pass_entry->offset);
- return true;
-}
-
-std::wstring GetUrlHash(const std::wstring& url) {
- std::wstring lower_case_url = StringToLowerASCII(url);
- // Get a data buffer out of our std::wstring to pass to SHA1HashString.
- std::string url_buffer(
- reinterpret_cast<const char*>(lower_case_url.c_str()),
- (lower_case_url.size() + 1) * sizeof(wchar_t));
- std::string hash_bin = base::SHA1HashString(url_buffer);
-
- std::wstring url_hash;
-
- // Transform the buffer to an hexadecimal string.
- unsigned char checksum = 0;
- for (size_t i = 0; i < hash_bin.size(); ++i) {
- // std::string gives signed chars, which mess with StringPrintf and
- // check_sum.
- unsigned char hash_byte = static_cast<unsigned char>(hash_bin[i]);
- checksum += hash_byte;
- url_hash += base::StringPrintf(L"%2.2X", static_cast<unsigned>(hash_byte));
- }
- url_hash += base::StringPrintf(L"%2.2X", checksum);
-
- return url_hash;
-}
-
-bool DecryptPassword(const std::wstring& url,
- const std::vector<unsigned char>& data,
- std::wstring* username, std::wstring* password) {
- std::wstring lower_case_url = StringToLowerASCII(url);
- DATA_BLOB input = {0};
- DATA_BLOB output = {0};
- DATA_BLOB url_key = {0};
-
- input.pbData = const_cast<unsigned char*>(&data.front());
- input.cbData = static_cast<DWORD>((data.size()) *
- sizeof(std::string::value_type));
-
- url_key.pbData = reinterpret_cast<unsigned char*>(
- const_cast<wchar_t*>(lower_case_url.data()));
- url_key.cbData = static_cast<DWORD>((lower_case_url.size() + 1) *
- sizeof(std::wstring::value_type));
-
- if (CryptUnprotectData(&input, NULL, &url_key, NULL, NULL,
- CRYPTPROTECT_UI_FORBIDDEN, &output)) {
- // Now that we have the decrypted information, we need to understand it.
- std::vector<unsigned char> decrypted_data;
- decrypted_data.resize(output.cbData);
- memcpy(&decrypted_data.front(), output.pbData, output.cbData);
-
- GetUserPassFromData(decrypted_data, username, password);
-
- LocalFree(output.pbData);
- return true;
- }
-
- return false;
-}
-
-} // namespace ie7_password
« no previous file with comments | « components/webdata/encryptor/ie7_password.h ('k') | components/webdata/encryptor/ie7_password_unittest_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698