blob: 1c31eb9a15be3af5e8bbf9ecc75c1c1c29906055 [file] [log] [blame]
[email protected]908cb9e2014-02-21 15:40:091// Copyright 2014 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:552// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:294
[email protected]c523d202014-03-18 01:34:545#include "components/os_crypt/ie7_password_win.h"
initial.commit09911bf2008-07-26 23:55:296
avif57136c12015-12-25 23:27:457#include <stddef.h>
8#include <stdint.h>
9
initial.commit09911bf2008-07-26 23:55:2910#include <string>
11#include <vector>
12
[email protected]3b63f8f42011-03-28 01:54:1513#include "base/memory/scoped_ptr.h"
[email protected]1cf4a782010-06-22 20:36:1614#include "base/sha1.h"
[email protected]c72674b2013-06-11 04:16:4315#include "base/strings/string_util.h"
16#include "base/strings/stringprintf.h"
davidbenc6ac2602014-10-30 00:39:3817#include "crypto/wincrypt_shim.h"
initial.commit09911bf2008-07-26 23:55:2918
19namespace {
20
21// Structures that IE7/IE8 use to store a username/password.
22// Some of the fields might have been incorrectly reverse engineered.
23struct PreHeader {
24 DWORD pre_header_size; // Size of this header structure. Always 12.
25 DWORD header_size; // Size of the real Header: sizeof(Header) +
26 // item_count * sizeof(Entry);
27 DWORD data_size; // Size of the data referenced by the entries.
28};
29
30struct Header {
31 char wick[4]; // The string "WICK". I don't know what it means.
32 DWORD fixed_header_size; // The size of this structure without the entries:
33 // sizeof(Header).
[email protected]22741ad2013-10-11 13:55:2034 DWORD item_count; // Number of entries. Should be even.
initial.commit09911bf2008-07-26 23:55:2935 wchar_t two_letters[2]; // Two unknown bytes.
36 DWORD unknown[2]; // Two unknown DWORDs.
37};
38
39struct Entry {
40 DWORD offset; // Offset where the data referenced by this entry is
41 // located.
42 FILETIME time_stamp; // Timestamp when the password got added.
43 DWORD string_length; // The length of the data string.
44};
45
46// Main data structure.
47struct PasswordEntry {
48 PreHeader pre_header; // Contains the size of the different sections.
49 Header header; // Contains the number of items.
[email protected]22741ad2013-10-11 13:55:2050 Entry entry[1]; // List of entries containing a string. Even-indexed
51 // are usernames, odd are passwords. There may be
52 // several sets saved for a single url hash.
initial.commit09911bf2008-07-26 23:55:2953};
initial.commit09911bf2008-07-26 23:55:2954} // namespace
55
thakis56e8586a2015-05-01 18:55:2156IE7PasswordInfo::IE7PasswordInfo() {
57}
58
59IE7PasswordInfo::~IE7PasswordInfo() {
60}
61
initial.commit09911bf2008-07-26 23:55:2962namespace ie7_password {
63
64bool GetUserPassFromData(const std::vector<unsigned char>& data,
[email protected]22741ad2013-10-11 13:55:2065 std::vector<DecryptedCredentials>* credentials) {
initial.commit09911bf2008-07-26 23:55:2966 const PasswordEntry* information =
67 reinterpret_cast<const PasswordEntry*>(&data.front());
68
69 // Some expected values. If it's not what we expect we don't even try to
70 // understand the data.
71 if (information->pre_header.pre_header_size != sizeof(PreHeader))
72 return false;
73
[email protected]22741ad2013-10-11 13:55:2074 const int entry_count = information->header.item_count;
75 if (entry_count % 2) // Usernames and Passwords
initial.commit09911bf2008-07-26 23:55:2976 return false;
77
78 if (information->header.fixed_header_size != sizeof(Header))
79 return false;
80
avif57136c12015-12-25 23:27:4581 const uint8_t* offset_to_data = &data[0] +
82 information->pre_header.header_size +
83 information->pre_header.pre_header_size;
initial.commit09911bf2008-07-26 23:55:2984
[email protected]22741ad2013-10-11 13:55:2085 for (int i = 0; i < entry_count / 2; ++i) {
initial.commit09911bf2008-07-26 23:55:2986
[email protected]22741ad2013-10-11 13:55:2087 const Entry* user_entry = &information->entry[2*i];
88 const Entry* pass_entry = user_entry+1;
89
90 DecryptedCredentials c;
91 c.username = reinterpret_cast<const wchar_t*>(offset_to_data +
92 user_entry->offset);
93 c.password = reinterpret_cast<const wchar_t*>(offset_to_data +
94 pass_entry->offset);
95 credentials->push_back(c);
96 }
initial.commit09911bf2008-07-26 23:55:2997 return true;
98}
99
100std::wstring GetUrlHash(const std::wstring& url) {
brettwfce8d192015-08-10 19:07:51101 std::wstring lower_case_url = base::ToLowerASCII(url);
[email protected]1cf4a782010-06-22 20:36:16102 // Get a data buffer out of our std::wstring to pass to SHA1HashString.
103 std::string url_buffer(
104 reinterpret_cast<const char*>(lower_case_url.c_str()),
105 (lower_case_url.size() + 1) * sizeof(wchar_t));
106 std::string hash_bin = base::SHA1HashString(url_buffer);
initial.commit09911bf2008-07-26 23:55:29107
108 std::wstring url_hash;
109
110 // Transform the buffer to an hexadecimal string.
111 unsigned char checksum = 0;
[email protected]1cf4a782010-06-22 20:36:16112 for (size_t i = 0; i < hash_bin.size(); ++i) {
113 // std::string gives signed chars, which mess with StringPrintf and
114 // check_sum.
115 unsigned char hash_byte = static_cast<unsigned char>(hash_bin[i]);
116 checksum += hash_byte;
[email protected]33272e1f02011-08-17 00:22:07117 url_hash += base::StringPrintf(L"%2.2X", static_cast<unsigned>(hash_byte));
initial.commit09911bf2008-07-26 23:55:29118 }
[email protected]33272e1f02011-08-17 00:22:07119 url_hash += base::StringPrintf(L"%2.2X", checksum);
initial.commit09911bf2008-07-26 23:55:29120
initial.commit09911bf2008-07-26 23:55:29121 return url_hash;
122}
123
[email protected]22741ad2013-10-11 13:55:20124bool DecryptPasswords(const std::wstring& url,
125 const std::vector<unsigned char>& data,
126 std::vector<DecryptedCredentials>* credentials) {
brettwfce8d192015-08-10 19:07:51127 std::wstring lower_case_url = base::ToLowerASCII(url);
initial.commit09911bf2008-07-26 23:55:29128 DATA_BLOB input = {0};
129 DATA_BLOB output = {0};
130 DATA_BLOB url_key = {0};
131
132 input.pbData = const_cast<unsigned char*>(&data.front());
133 input.cbData = static_cast<DWORD>((data.size()) *
134 sizeof(std::string::value_type));
135
136 url_key.pbData = reinterpret_cast<unsigned char*>(
137 const_cast<wchar_t*>(lower_case_url.data()));
138 url_key.cbData = static_cast<DWORD>((lower_case_url.size() + 1) *
139 sizeof(std::wstring::value_type));
140
141 if (CryptUnprotectData(&input, NULL, &url_key, NULL, NULL,
142 CRYPTPROTECT_UI_FORBIDDEN, &output)) {
143 // Now that we have the decrypted information, we need to understand it.
144 std::vector<unsigned char> decrypted_data;
145 decrypted_data.resize(output.cbData);
146 memcpy(&decrypted_data.front(), output.pbData, output.cbData);
147
[email protected]22741ad2013-10-11 13:55:20148 GetUserPassFromData(decrypted_data, credentials);
initial.commit09911bf2008-07-26 23:55:29149
150 LocalFree(output.pbData);
151 return true;
152 }
153
154 return false;
155}
156
157} // namespace ie7_password