1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/os_crypt/ie7_password_win.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "base/sha1.h"
12 #include "base/strings/string_util.h"
13 #include "base/strings/stringprintf.h"
14 #include "crypto/wincrypt_shim.h"
18 // Structures that IE7/IE8 use to store a username/password.
19 // Some of the fields might have been incorrectly reverse engineered.
21 DWORD pre_header_size
; // Size of this header structure. Always 12.
22 DWORD header_size
; // Size of the real Header: sizeof(Header) +
23 // item_count * sizeof(Entry);
24 DWORD data_size
; // Size of the data referenced by the entries.
28 char wick
[4]; // The string "WICK". I don't know what it means.
29 DWORD fixed_header_size
; // The size of this structure without the entries:
31 DWORD item_count
; // Number of entries. Should be even.
32 wchar_t two_letters
[2]; // Two unknown bytes.
33 DWORD unknown
[2]; // Two unknown DWORDs.
37 DWORD offset
; // Offset where the data referenced by this entry is
39 FILETIME time_stamp
; // Timestamp when the password got added.
40 DWORD string_length
; // The length of the data string.
43 // Main data structure.
44 struct PasswordEntry
{
45 PreHeader pre_header
; // Contains the size of the different sections.
46 Header header
; // Contains the number of items.
47 Entry entry
[1]; // List of entries containing a string. Even-indexed
48 // are usernames, odd are passwords. There may be
49 // several sets saved for a single url hash.
53 IE7PasswordInfo::IE7PasswordInfo() {
56 IE7PasswordInfo::~IE7PasswordInfo() {
59 namespace ie7_password
{
61 bool GetUserPassFromData(const std::vector
<unsigned char>& data
,
62 std::vector
<DecryptedCredentials
>* credentials
) {
63 const PasswordEntry
* information
=
64 reinterpret_cast<const PasswordEntry
*>(&data
.front());
66 // Some expected values. If it's not what we expect we don't even try to
67 // understand the data.
68 if (information
->pre_header
.pre_header_size
!= sizeof(PreHeader
))
71 const int entry_count
= information
->header
.item_count
;
72 if (entry_count
% 2) // Usernames and Passwords
75 if (information
->header
.fixed_header_size
!= sizeof(Header
))
78 const uint8
* offset_to_data
= &data
[0] +
79 information
->pre_header
.header_size
+
80 information
->pre_header
.pre_header_size
;
82 for (int i
= 0; i
< entry_count
/ 2; ++i
) {
84 const Entry
* user_entry
= &information
->entry
[2*i
];
85 const Entry
* pass_entry
= user_entry
+1;
87 DecryptedCredentials c
;
88 c
.username
= reinterpret_cast<const wchar_t*>(offset_to_data
+
90 c
.password
= reinterpret_cast<const wchar_t*>(offset_to_data
+
92 credentials
->push_back(c
);
97 std::wstring
GetUrlHash(const std::wstring
& url
) {
98 std::wstring lower_case_url
= base::ToLowerASCII(url
);
99 // Get a data buffer out of our std::wstring to pass to SHA1HashString.
100 std::string
url_buffer(
101 reinterpret_cast<const char*>(lower_case_url
.c_str()),
102 (lower_case_url
.size() + 1) * sizeof(wchar_t));
103 std::string hash_bin
= base::SHA1HashString(url_buffer
);
105 std::wstring url_hash
;
107 // Transform the buffer to an hexadecimal string.
108 unsigned char checksum
= 0;
109 for (size_t i
= 0; i
< hash_bin
.size(); ++i
) {
110 // std::string gives signed chars, which mess with StringPrintf and
112 unsigned char hash_byte
= static_cast<unsigned char>(hash_bin
[i
]);
113 checksum
+= hash_byte
;
114 url_hash
+= base::StringPrintf(L
"%2.2X", static_cast<unsigned>(hash_byte
));
116 url_hash
+= base::StringPrintf(L
"%2.2X", checksum
);
121 bool DecryptPasswords(const std::wstring
& url
,
122 const std::vector
<unsigned char>& data
,
123 std::vector
<DecryptedCredentials
>* credentials
) {
124 std::wstring lower_case_url
= base::ToLowerASCII(url
);
125 DATA_BLOB input
= {0};
126 DATA_BLOB output
= {0};
127 DATA_BLOB url_key
= {0};
129 input
.pbData
= const_cast<unsigned char*>(&data
.front());
130 input
.cbData
= static_cast<DWORD
>((data
.size()) *
131 sizeof(std::string::value_type
));
133 url_key
.pbData
= reinterpret_cast<unsigned char*>(
134 const_cast<wchar_t*>(lower_case_url
.data()));
135 url_key
.cbData
= static_cast<DWORD
>((lower_case_url
.size() + 1) *
136 sizeof(std::wstring::value_type
));
138 if (CryptUnprotectData(&input
, NULL
, &url_key
, NULL
, NULL
,
139 CRYPTPROTECT_UI_FORBIDDEN
, &output
)) {
140 // Now that we have the decrypted information, we need to understand it.
141 std::vector
<unsigned char> decrypted_data
;
142 decrypted_data
.resize(output
.cbData
);
143 memcpy(&decrypted_data
.front(), output
.pbData
, output
.cbData
);
145 GetUserPassFromData(decrypted_data
, credentials
);
147 LocalFree(output
.pbData
);
154 } // namespace ie7_password